Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google search redirect to different website [Solved]

Started by Onelook , Dec 23 2009 01:56 AM

  • This topic is locked This topic is locked

#16
Onelook
Posted 27 December 2009 - 10:03 PM

Onelook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Kaspersky scan log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, December 27, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, December 27, 2009 23:50:18
Records in database: 3411737
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 91330
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:50:43


File name / Threat / Threats count
C:\Documents and Settings\Smilodon\Desktop\New Folder (4)\CabalRider_USA\bin\CabalRider.exe Infected: Trojan.Win32.Vapsup.vsj 1
C:\Documents and Settings\Smilodon\Desktop\New Folder (4)\CabalRider_USA1.0.37.exe Infected: Trojan.Win32.Vapsup.vsj 1

Selected area has been scanned.
  • 0

Advertisements

#17
Rorschach112
Posted 28 December 2009 - 07:17 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

:Services

:Reg

:Files
C:\Documents and Settings\Smilodon\Desktop\New Folder (4)\CabalRider_USA\bin\CabalRider.exe
C:\Documents and Settings\Smilodon\Desktop\New Folder (4)\CabalRider_USA1.0.37.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#18
Onelook
Posted 28 December 2009 - 08:33 AM

Onelook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTL logfile created on: 12/28/2009 8:38:01 AM - Run 3
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Smilodon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 73.51 Gb Free Space | 57.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMP-FZMZW7DFC6
Current User Name: Smilodon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/23 05:57:02 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTL.exe
PRC - [2009/12/11 12:33:38 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 15:19:58 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/04 16:50:06 | 01,711,304 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2009/01/04 11:20:30 | 00,356,352 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2008/12/16 11:07:18 | 03,528,440 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/12 03:33:10 | 16,132,608 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2004/04/13 04:07:18 | 00,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2009/12/23 05:57:02 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2009/12/11 12:33:38 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/08/18 11:04:00 | 03,332,216 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/10/21 13:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\Mozilla\Firefox\extensions
[2009/10/21 13:44:21 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Smilodon\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CSolidBrowserObj Object) - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll (Solid State Networks)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\forteManager.lnk = C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1224894145687 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1225321165046 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} http://rfonline-full..._downloader.cab (ccr_downloader Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://www.playwhat....lidstateion.cab (CSolidBrowserObj Object)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O30 - LSA: Security Packages - (X Shared\ecurity Packages setti) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/25 03:38:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 08:35:00 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/27 17:17:33 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Smilodon\Desktop\mbam-setup.exe
[2009/12/27 17:05:58 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/27 17:03:45 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/12/27 17:02:44 | 00,452,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTM.exe
[2009/12/27 16:22:59 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/27 16:22:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/27 16:22:15 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/27 16:22:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/27 16:22:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/27 16:20:36 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/23 05:56:55 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTL.exe
[2009/12/23 02:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Smilodon\Application Data\Malwarebytes
[2009/12/23 02:18:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/23 02:18:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/23 02:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/23 02:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/23 02:16:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/23 02:16:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/23 02:12:37 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Smilodon\Desktop\erunt_setup.exe
[2009/12/23 02:11:17 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Smilodon\Desktop\SysRestorePoint.exe
[2009/12/23 02:01:33 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\TFC.exe
[2009/12/22 05:39:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Smilodon\Application Data\Avant Profiles
[2009/12/22 05:39:39 | 00,000,000 | ---D | C] -- C:\Program Files\Avant Browser
[2009/09/13 19:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/10 22:33:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/08/19 18:56:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/07/01 13:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/29 15:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2008/10/29 17:31:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/25 03:46:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/10/25 03:37:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2009/12/28 08:37:29 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
[2009/12/28 08:37:28 | 00,194,932 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/28 08:36:48 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/28 08:36:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 08:36:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/28 08:35:30 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\Smilodon\ntuser.dat
[2009/12/28 08:35:30 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Smilodon\ntuser.ini
[2009/12/28 08:35:06 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/12/28 01:01:43 | 00,001,650 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L1428A7C024C7460CBCFB287B7B51D1E7.job
[2009/12/27 17:18:12 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/27 17:17:55 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Smilodon\Desktop\mbam-setup.exe
[2009/12/27 17:02:48 | 00,452,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTM.exe
[2009/12/27 16:37:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/27 16:23:08 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2009/12/27 16:21:00 | 06,422,286 | -H-- | M] () -- C:\Documents and Settings\Smilodon\Local Settings\Application Data\IconCache.db
[2009/12/27 16:20:19 | 03,867,118 | R--- | M] () -- C:\Documents and Settings\Smilodon\Desktop\ComboFix.exe
[2009/12/27 04:34:04 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/23 05:57:02 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTL.exe
[2009/12/23 02:35:50 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Smilodon\Desktop\gmer.zip
[2009/12/23 02:12:40 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Smilodon\Desktop\erunt_setup.exe
[2009/12/23 02:11:17 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Smilodon\Desktop\SysRestorePoint.exe
[2009/12/23 02:01:35 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\TFC.exe
[2009/12/22 05:40:52 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\Smilodon\Desktop\Avant Browser.lnk
[2009/12/22 05:39:45 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2009/12/16 19:56:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Smilodon\Desktop\gmer.exe

========== Files Created - No Company Name ==========

[2009/12/27 17:18:12 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/27 16:23:08 | 00,000,223 | ---- | C] () -- C:\Boot.bak
[2009/12/27 16:23:04 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/27 16:22:15 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/27 16:22:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/27 16:22:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/27 16:22:15 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/27 16:22:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/27 16:20:06 | 03,867,118 | R--- | C] () -- C:\Documents and Settings\Smilodon\Desktop\ComboFix.exe
[2009/12/23 02:36:01 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Smilodon\Desktop\gmer.exe
[2009/12/23 02:35:48 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Smilodon\Desktop\gmer.zip
[2009/12/22 05:40:52 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\Smilodon\Desktop\Avant Browser.lnk
[2009/12/22 05:39:45 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/18 20:16:16 | 00,000,125 | ---- | C] () -- C:\WINDOWS\Clean.ini
[2009/06/10 14:06:27 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/04/20 08:23:24 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/20 08:19:12 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Smilodon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/20 06:22:49 | 88,768,5726 | ---- | C] () -- C:\Program Files\Silkroad.rar
[2009/03/12 00:59:10 | 00,107,832 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\PnkBstrB.exe
[2009/03/12 00:57:12 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\PnkBstrK.sys
[2009/03/11 22:02:49 | 00,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9 sse2.INI
[2008/12/18 04:04:04 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/18 04:04:04 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/11/12 19:03:25 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/11/07 23:40:58 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\b0c42833b4963225
[2008/11/07 23:21:05 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\b610da165d9d336
[2008/11/07 23:17:50 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\b18019b7f2721261
[2008/11/07 23:17:45 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\23f86ff1cbdb86af
[2008/11/07 23:16:40 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\37d41b1731d7ee3f
[2008/11/07 23:16:35 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\6520df032b97d734
[2008/11/07 23:16:30 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\da88c6beff56fb3d
[2008/11/07 23:16:25 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\cef52ca1c2265b53
[2008/11/07 23:13:45 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\fbf0a82945c9eb6d
[2008/11/07 23:12:55 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\ef5fc9b83a9889e5
[2008/11/07 22:36:44 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\707d03c21b8172dc
[2008/11/07 22:31:17 | 00,000,124 | -H-- | C] () -- C:\Documents and Settings\Smilodon\Local Settings\Application Data\Thumbs.db
[2008/10/25 04:32:20 | 00,022,421 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/10/25 04:32:08 | 00,022,093 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/10/25 04:32:08 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/10/25 04:31:48 | 00,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007/11/07 00:00:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/07 00:00:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/07 00:00:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/07 00:00:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/07 00:00:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2009/03/12 08:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/10/30 19:18:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2008/10/30 20:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/05/17 18:35:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/12 01:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\DAEMON Tools Lite
[2009/03/12 08:54:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\DAEMON Tools Pro
[2008/12/18 03:55:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\FMZilla
[2009/11/02 04:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\GetRightToGo
[2009/10/26 17:53:02 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Smilodon\Application Data\ijjigame
[2009/03/11 23:29:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\Leadertech
[2009/10/08 05:23:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\LimeWire
[2009/10/26 18:05:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\NPLUTO Corporation
[2009/12/28 08:37:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\Orbit
[2009/11/01 13:39:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\projectSgsp
[2009/03/12 04:01:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\ScummVM
[2009/11/08 18:40:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\TeamViewer
[2008/11/07 22:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\_5849_fHx8fDYxfHx8_
[2009/12/28 01:01:43 | 00,001,650 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L1428A7C024C7460CBCFB287B7B51D1E7.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2009/11/15 02:09:08 | 00,000,213 | ---- | M] ()(C:\WINDOWS\??) -- C:\WINDOWS\Š
[2009/11/15 02:09:08 | 00,000,213 | ---- | C] ()(C:\WINDOWS\??) -- C:\WINDOWS\Š
Use Full Editor Cancel Edit Complete Edit[2009/11/15 02:09:08 | 00,000,167 | ---- | M] ()(C:\WINDOWS\??????????) -- C:\WINDOWS\ᄚŠ粐Ǡ粑??Š
  Full Edit Quick Edit « Next Oldest · V[2009/11/15 02:09:08 | 00,000,167 | ---- | C] ()(C:\WINDOWS\??????????) -- C:\WINDOWS\ᄚŠ粐Ǡ粑??Š
< End of report >

Edited by Onelook, 28 December 2009 - 08:41 AM.

  • 0

#19
Rorschach112
Posted 28 December 2009 - 08:38 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
think you made a mistake

can you do this again

* Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#20
Onelook
Posted 28 December 2009 - 08:53 AM

Onelook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTL logfile created on: 12/28/2009 8:51:26 AM - Run 4
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Smilodon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 73.51 Gb Free Space | 57.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMP-FZMZW7DFC6
Current User Name: Smilodon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/23 05:57:02 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTL.exe
PRC - [2009/12/13 23:50:46 | 01,403,904 | ---- | M] (Avant Force) -- C:\Program Files\Avant Browser\avant.exe
PRC - [2009/12/11 12:33:38 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 15:19:58 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/04 16:50:06 | 01,711,304 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2009/01/04 11:20:30 | 00,356,352 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2008/12/16 11:07:18 | 03,528,440 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/12 03:33:10 | 16,132,608 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2004/04/13 04:07:18 | 00,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2009/12/23 05:57:02 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2009/12/11 12:33:38 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/08/18 11:04:00 | 03,332,216 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/10/21 13:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\Mozilla\Firefox\extensions
[2009/10/21 13:44:21 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Smilodon\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

Hosts file not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CSolidBrowserObj Object) - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll (Solid State Networks)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\forteManager.lnk = C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1224894145687 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1225321165046 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} http://rfonline-full..._downloader.cab (ccr_downloader Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://www.playwhat....lidstateion.cab (CSolidBrowserObj Object)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O30 - LSA: Security Packages - (X Shared\ecurity Packages setti) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/25 03:38:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 08:35:00 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/27 17:17:33 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Smilodon\Desktop\mbam-setup.exe
[2009/12/27 17:05:58 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/27 17:03:45 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/12/27 17:02:44 | 00,452,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTM.exe
[2009/12/27 16:22:59 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/27 16:22:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/27 16:22:15 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/27 16:22:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/27 16:22:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/27 16:20:36 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/23 05:56:55 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTL.exe
[2009/12/23 02:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Smilodon\Application Data\Malwarebytes
[2009/12/23 02:18:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/23 02:18:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/23 02:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/23 02:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/23 02:16:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/23 02:16:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/23 02:12:37 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Smilodon\Desktop\erunt_setup.exe
[2009/12/23 02:11:17 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Smilodon\Desktop\SysRestorePoint.exe
[2009/12/23 02:01:33 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\TFC.exe
[2009/12/22 05:39:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Smilodon\Application Data\Avant Profiles
[2009/12/22 05:39:39 | 00,000,000 | ---D | C] -- C:\Program Files\Avant Browser
[2009/09/13 19:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/10 22:33:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/08/19 18:56:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/07/01 13:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/29 15:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2008/10/29 17:31:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/25 03:46:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/10/25 03:37:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2009/12/28 08:49:41 | 00,194,932 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/28 08:49:40 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
[2009/12/28 08:49:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/28 08:49:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 08:48:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/28 08:48:21 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\Smilodon\ntuser.dat
[2009/12/28 08:45:33 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Smilodon\ntuser.ini
[2009/12/28 08:45:21 | 06,423,568 | -H-- | M] () -- C:\Documents and Settings\Smilodon\Local Settings\Application Data\IconCache.db
[2009/12/28 01:01:43 | 00,001,650 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L1428A7C024C7460CBCFB287B7B51D1E7.job
[2009/12/27 17:18:12 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/27 17:17:55 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Smilodon\Desktop\mbam-setup.exe
[2009/12/27 17:02:48 | 00,452,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTM.exe
[2009/12/27 16:37:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/27 16:23:08 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2009/12/27 16:20:19 | 03,867,118 | R--- | M] () -- C:\Documents and Settings\Smilodon\Desktop\ComboFix.exe
[2009/12/27 04:34:04 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/23 05:57:02 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\OTL.exe
[2009/12/23 02:35:50 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Smilodon\Desktop\gmer.zip
[2009/12/23 02:12:40 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Smilodon\Desktop\erunt_setup.exe
[2009/12/23 02:11:17 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Smilodon\Desktop\SysRestorePoint.exe
[2009/12/23 02:01:35 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Smilodon\Desktop\TFC.exe
[2009/12/22 05:40:52 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\Smilodon\Desktop\Avant Browser.lnk
[2009/12/22 05:39:45 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2009/12/16 19:56:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Smilodon\Desktop\gmer.exe

========== Files Created - No Company Name ==========

[2009/12/27 17:18:12 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/27 16:23:08 | 00,000,223 | ---- | C] () -- C:\Boot.bak
[2009/12/27 16:23:04 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/27 16:22:15 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/27 16:22:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/27 16:22:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/27 16:22:15 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/27 16:22:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/27 16:20:06 | 03,867,118 | R--- | C] () -- C:\Documents and Settings\Smilodon\Desktop\ComboFix.exe
[2009/12/23 02:36:01 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Smilodon\Desktop\gmer.exe
[2009/12/23 02:35:48 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Smilodon\Desktop\gmer.zip
[2009/12/22 05:40:52 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\Smilodon\Desktop\Avant Browser.lnk
[2009/12/22 05:39:45 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/18 20:16:16 | 00,000,125 | ---- | C] () -- C:\WINDOWS\Clean.ini
[2009/06/10 14:06:27 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/04/20 08:23:24 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/20 08:19:12 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Smilodon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/20 06:22:49 | 88,768,5726 | ---- | C] () -- C:\Program Files\Silkroad.rar
[2009/03/12 00:59:10 | 00,107,832 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\PnkBstrB.exe
[2009/03/12 00:57:12 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\PnkBstrK.sys
[2009/03/11 22:02:49 | 00,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9 sse2.INI
[2008/12/18 04:04:04 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/18 04:04:04 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/11/12 19:03:25 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/11/07 23:40:58 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\b0c42833b4963225
[2008/11/07 23:21:05 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\b610da165d9d336
[2008/11/07 23:17:50 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\b18019b7f2721261
[2008/11/07 23:17:45 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\23f86ff1cbdb86af
[2008/11/07 23:16:40 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\37d41b1731d7ee3f
[2008/11/07 23:16:35 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\6520df032b97d734
[2008/11/07 23:16:30 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\da88c6beff56fb3d
[2008/11/07 23:16:25 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\cef52ca1c2265b53
[2008/11/07 23:13:45 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\fbf0a82945c9eb6d
[2008/11/07 23:12:55 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\ef5fc9b83a9889e5
[2008/11/07 22:36:44 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Smilodon\Application Data\707d03c21b8172dc
[2008/11/07 22:31:17 | 00,000,124 | -H-- | C] () -- C:\Documents and Settings\Smilodon\Local Settings\Application Data\Thumbs.db
[2008/10/25 04:32:20 | 00,022,421 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/10/25 04:32:08 | 00,022,093 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/10/25 04:32:08 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/10/25 04:31:48 | 00,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007/11/07 00:00:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/07 00:00:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/07 00:00:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/07 00:00:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/07 00:00:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2009/03/12 08:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/10/30 19:18:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2008/10/30 20:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/05/17 18:35:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/12 01:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\DAEMON Tools Lite
[2009/03/12 08:54:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\DAEMON Tools Pro
[2008/12/18 03:55:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\FMZilla
[2009/11/02 04:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\GetRightToGo
[2009/10/26 17:53:02 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Smilodon\Application Data\ijjigame
[2009/03/11 23:29:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\Leadertech
[2009/10/08 05:23:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\LimeWire
[2009/10/26 18:05:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\NPLUTO Corporation
[2009/12/28 08:50:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\Orbit
[2009/11/01 13:39:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\projectSgsp
[2009/03/12 04:01:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\ScummVM
[2009/11/08 18:40:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\TeamViewer
[2008/11/07 22:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Smilodon\Application Data\_5849_fHx8fDYxfHx8_
[2009/12/28 01:01:43 | 00,001,650 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L1428A7C024C7460CBCFB287B7B51D1E7.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/11/15 02:09:08 | 00,000,213 | ---- | M] ()(C:\WINDOWS\??) -- C:\WINDOWS\Š
[2009/11/15 02:09:08 | 00,000,213 | ---- | C] ()(C:\WINDOWS\??) -- C:\WINDOWS\Š
Use Full Editor Cancel Edit Complete Edit[2009/11/15 02:09:08 | 00,000,167 | ---- | M] ()(C:\WINDOWS\??????????) -- C:\WINDOWS\ᄚŠ粐Ǡ粑??Š
  Full Edit Quick Edit « Next Oldest · V[2009/11/15 02:09:08 | 00,000,167 | ---- | C] ()(C:\WINDOWS\??????????) -- C:\WINDOWS\ᄚŠ粐Ǡ粑??Š
< End of report >

Edited by Onelook, 28 December 2009 - 08:54 AM.

  • 0

#21
Rorschach112
Posted 28 December 2009 - 09:35 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.




Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#22
Onelook
Posted 28 December 2009 - 04:04 PM

Onelook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thankyou i appreciate your help... thank you thanks
  • 0

#23
Rorschach112
Posted 28 December 2009 - 04:05 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP