Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Persistant Virus

Started by daemon37 , Jan 07 2011 06:25 AM

  • Please log in to reply

#1
daemon37
Posted 07 January 2011 - 06:25 AM

daemon37

    New Member

  • Member
  • Pip
  • 5 posts
I downloaded a virus today which has been causing the following problems:

1) Internet Explorer will spontaneously open windows to various scam sites.
2) When starting Firefox I get this message "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item. (jqsnotify.exe)".
3) Trend Micro Housecall will not run, it indicates a Java related problem.
4) All my restore points in System Restore have been erased.
5) Safe mode does not seem to start correctly

Besides all these problems, the computer seems fine. I don't want to do too much on it though, until the virus has been removed. I've tried running a few other virus removal programs, such as Dr.Web and ComboFix, but they don't seem to have helped much. I'm going to try to run MalwareBytes AntiMalware, but I don't expect it will work either. I know exactly where I got the virus, and can provide a link to the offending file if that will help.

Please help,
Dave

OTL logfile created on: 1/7/2011 11:08:33 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 320.48 Gb Free Space | 68.81% Space Free | Partition Type: NTFS
Drive E: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 931.51 Gb Total Space | 368.93 Gb Free Space | 39.61% Space Free | Partition Type: NTFS

Computer Name: RED | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/07 23:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
PRC - [2011/01/07 12:12:46 | 000,229,888 | ---- | M] () -- C:\WINDOWS\Mcacea.exe
PRC - [2010/12/29 20:51:45 | 001,242,448 | ---- | M] (Valve Corporation) -- G:\Games\Steam\Steam.exe
PRC - [2010/11/24 11:10:46 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/04/01 20:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/01/20 06:14:44 | 000,186,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009/01/20 06:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/11/10 07:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/12 12:17:32 | 000,288,768 | ---- | M] () -- C:\Program Files\Lightscreen\lightscreen.exe
PRC - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/10 14:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2011/01/07 23:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2009/01/20 06:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/11/10 07:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/11/14 19:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/10 14:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ntpad.sys -- (VendorJoystickEnabler)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\TMPassthru.sys -- (TMPassthruMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\padenum.sys -- (padenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dave\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2010/08/16 15:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/08/16 15:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2010/07/08 20:21:52 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/01/12 15:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/12/19 01:28:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/08 15:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2008/12/05 08:32:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/10/07 05:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/08/19 09:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/04/17 19:33:26 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 05:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/20 23:11:52 | 000,103,680 | R--- | M] (AMOI Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\INQ1usbser.sys -- (INQ1usbser)
DRV - [2008/02/15 18:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 15:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 15:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 23:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/02/17 05:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 10:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/07/02 16:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/10 14:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2003/08/10 10:10:18 | 000,021,922 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PPortJoy.sys -- (PPortJoystick)
DRV - [2003/08/10 10:10:17 | 000,011,330 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPJoyBus.sys -- (PPJoyBus)
DRV - [2002/01/12 16:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PortTalk.sys -- (PortTalk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 10:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 10:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2011/01/04 10:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2011/01/04 10:43:25 | 000,000,000 | ---D | M]

[2009/04/23 19:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2011/01/07 20:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions
[2010/03/24 16:35:58 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/10/09 19:19:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/27 06:25:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/10/09 12:38:01 | 000,000,000 | ---D | M] (East Asian Translator) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\eastasian@eunheui
[2010/03/24 16:35:55 | 000,000,000 | ---D | M] (Linky) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\[email protected]
[2009/06/02 18:19:00 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\[email protected]
[2010/10/09 19:19:25 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\[email protected]
[2011/01/07 20:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 10:27:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/11 10:04:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/16 13:26:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 12:03:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 20:52:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/07 20:52:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/07 20:10:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Lightscreen] C:\Program Files\Lightscreen\lightscreen.exe ()
O4 - HKCU..\Run: [Steam] G:\Games\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-970NH.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1240444910140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/23 09:53:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/27 19:47:12 | 000,000,000 | R--D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/27 19:47:12 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/07 23:07:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2011/01/07 22:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/07 22:47:15 | 002,592,840 | ---- | C] (www.orbitdownloader.com ) -- C:\Documents and Settings\All Users\Documents\OrbitDownloaderSetup3005.exe
[2011/01/07 22:47:10 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mbam-setup.exe
[2011/01/07 21:22:05 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/01/07 21:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/01/07 21:21:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/01/07 20:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/07 20:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\JavaRa
[2011/01/07 20:13:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/07 20:00:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/07 19:56:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/07 19:56:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/07 19:56:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/07 19:56:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/07 19:56:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/07 19:55:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/07 19:23:10 | 000,000,000 | ---D | C] -- C:\found.000
[2011/01/07 12:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\DoctorWeb
[2011/01/07 12:55:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/01/07 12:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/04 10:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/04 10:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/04 10:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/04 10:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/01/04 10:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/02 15:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\The Witcher
[2011/01/02 15:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\The Witcher
[2011/01/02 15:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The Witcher
[2011/01/02 01:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\My Spore Creations
[2011/01/02 01:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Spore
[2011/01/01 02:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\THQ
[2010/12/29 20:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2010/12/29 11:22:26 | 000,003,567 | ---- | C] (Beyond Logic http://www.beyondlogic.org) -- C:\WINDOWS\System32\drivers\PortTalk.sys
[2010/12/17 20:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\SORTYTHIS
[2010/12/14 10:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2010/12/14 10:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[259 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/07 23:16:10 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/01/07 23:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2011/01/07 22:49:39 | 000,709,456 | ---- | M] () -- C:\WINDOWS\is-970NH.exe
[2011/01/07 22:49:39 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-970NH.msg
[2011/01/07 22:49:39 | 000,000,352 | ---- | M] () -- C:\WINDOWS\is-970NH.lst
[2011/01/07 22:46:25 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mbam-setup.exe
[2011/01/07 22:46:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\SAS_565311.COM
[2011/01/07 22:44:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\VIPRERescue7973.exe
[2011/01/07 22:42:43 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\rkill.com
[2011/01/07 22:42:30 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\rkill.exe
[2011/01/07 22:42:10 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\explorer.exe
[2011/01/07 22:41:43 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\exeHelper.com
[2011/01/07 22:21:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-764733703-839522115-1003UA.job
[2011/01/07 21:06:23 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/01/07 21:06:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/07 21:05:54 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/01/07 21:05:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/07 21:05:12 | 3220,557,824 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/07 20:48:32 | 000,159,757 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\JavaRa.zip
[2011/01/07 20:10:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/07 20:00:35 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2011/01/07 19:53:29 | 004,149,589 | R--- | M] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2011/01/07 19:47:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/07 12:50:56 | 054,251,664 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\d4a78g85.exe
[2011/01/07 12:30:11 | 000,621,694 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/07 12:12:46 | 000,229,888 | ---- | M] () -- C:\WINDOWS\Mcacea.exe
[2011/01/07 12:12:44 | 000,076,800 | RHS- | M] () -- C:\WINDOWS\System32\shginaz.dll
[2011/01/06 13:46:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2011/01/06 13:21:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-764733703-839522115-1003Core.job
[2011/01/04 10:45:06 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/02 02:35:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2010/12/30 22:11:02 | 000,000,221 | ---- | M] () -- C:\Boot.bak
[2010/12/29 20:56:58 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/12/29 20:42:22 | 001,588,224 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SteamInstall.msi
[2010/12/29 12:38:44 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2010/12/26 15:59:47 | 000,137,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/12/23 16:21:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\New Microsoft Office Word Document.docx
[2010/12/21 16:58:20 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/17 09:05:57 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/17 01:21:03 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 11:13:38 | 000,002,849 | ---- | M] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2010/12/14 17:21:51 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Google Chrome.lnk
[2010/12/14 17:21:51 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/09 18:20:27 | 000,000,817 | ---- | M] () -- C:\WINDOWS\PWCMDLST.BAK
[259 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/07 22:49:39 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-970NH.exe
[2011/01/07 22:49:39 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-970NH.msg
[2011/01/07 22:49:39 | 000,000,352 | ---- | C] () -- C:\WINDOWS\is-970NH.lst
[2011/01/07 22:47:42 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\explorer.exe
[2011/01/07 22:47:29 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\rkill.exe
[2011/01/07 22:47:26 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\rkill.com
[2011/01/07 22:47:26 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\exeHelper.com
[2011/01/07 22:47:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\VIPRERescue7973.exe
[2011/01/07 22:47:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\SAS_565311.COM
[2011/01/07 20:48:31 | 000,159,757 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\JavaRa.zip
[2011/01/07 20:00:35 | 000,000,221 | ---- | C] () -- C:\Boot.bak
[2011/01/07 20:00:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/07 19:56:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/07 19:56:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/07 19:56:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/07 19:56:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/07 19:56:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/07 19:54:03 | 004,149,589 | R--- | C] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2011/01/07 19:47:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/07 19:25:39 | 3220,557,824 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/07 12:44:49 | 054,251,664 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\d4a78g85.exe
[2011/01/07 12:30:00 | 000,621,694 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/07 12:12:51 | 000,229,888 | ---- | C] () -- C:\WINDOWS\Mcacea.exe
[2011/01/07 12:12:48 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/01/07 12:12:44 | 000,076,800 | RHS- | C] () -- C:\WINDOWS\System32\shginaz.dll
[2011/01/04 10:45:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/29 20:51:14 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/12/29 20:42:20 | 001,588,224 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SteamInstall.msi
[2010/12/23 16:21:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\New Microsoft Office Word Document.docx
[2010/12/15 11:13:38 | 000,002,849 | ---- | C] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2010/12/09 18:20:27 | 000,000,817 | ---- | C] () -- C:\WINDOWS\PWCMDLST.BAK
[2010/12/09 18:17:57 | 000,725,064 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010/12/09 18:17:57 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/12/09 18:17:57 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/06/29 18:03:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/13 12:48:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/05/01 12:19:26 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\obtf503
[2010/04/02 18:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/01/15 17:01:20 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2010/01/07 05:24:38 | 000,033,852 | ---- | C] () -- C:\Program Files\ffdsvsetts.reg
[2010/01/07 03:59:45 | 000,137,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/01/07 03:59:45 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\PnkBstrK.sys
[2010/01/04 20:06:28 | 000,076,533 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2010/01/04 20:06:28 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/12/19 02:29:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2009/12/19 01:28:20 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/16 12:18:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\housecall.guid.cache
[2009/11/01 21:19:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/28 18:01:04 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\filerenamerred.sys
[2009/10/17 01:57:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\Battle.ini
[2009/10/17 00:51:35 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ANTSWLIB.INI
[2009/09/02 21:36:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/02 21:19:30 | 000,001,341 | ---- | C] () -- C:\WINDOWS\cdiemu.ini
[2009/07/04 03:20:46 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/07/04 03:20:30 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/06/23 20:05:42 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
[2009/06/12 10:17:34 | 000,000,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/06/12 10:14:50 | 000,006,580 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\PrimoPDFSet.xml
[2009/06/12 10:13:30 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/06/07 15:00:39 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2009/06/07 14:39:09 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\DUALSHOCK3FF.dll
[2009/06/03 20:32:55 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/06/03 20:32:55 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/06/03 20:32:55 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/05/29 10:27:07 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/05/29 10:27:07 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/05/29 10:27:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2009/05/29 10:27:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2009/05/29 10:27:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2009/05/29 10:26:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/04/28 07:50:13 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/27 15:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/24 15:57:56 | 000,000,315 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/04/24 15:41:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/04/23 02:41:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/31 18:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[1998/10/11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2009/11/30 11:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/07/08 20:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/08/12 09:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitmeter2
[2009/12/19 01:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/11/19 22:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/04/23 12:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2010/05/01 12:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GraphPad Software
[2009/08/11 21:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2011/01/07 12:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/07 14:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/12/27 05:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valve
[2010/07/19 14:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/23 17:59:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[2010/07/31 23:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\.minecraft
[2009/10/24 23:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Bioshock
[2009/08/11 21:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Bitmeter2
[2010/02/14 02:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Blitware
[2009/09/12 23:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Braid
[2009/11/09 17:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Broken Rules
[2010/12/26 23:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\BSW
[2009/07/08 17:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Canon
[2009/12/19 14:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DAEMON Tools Lite
[2010/05/01 12:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GraphPad Software
[2010/12/15 00:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\gtk-2.0
[2009/10/30 09:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\HouseCall 6.6
[2009/09/22 21:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\KompoZer
[2010/07/09 18:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\LucasArts
[2009/04/23 12:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\My Games
[2011/01/07 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Orbit
[2010/01/15 17:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Red Alert 3
[2011/01/02 01:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Spore
[2010/07/14 20:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Subversion
[2010/02/11 21:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Tropico 3
[2009/05/27 18:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\UHS Reader
[2009/11/13 00:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Xilisoft Corporation
[2011/01/02 02:35:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job
[2011/01/06 13:46:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGADaily.job
[2011/01/07 21:06:23 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/01/07 23:16:10 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
kahdah
Posted 07 January 2011 - 06:31 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello daemon37

Welcome to Geeks to Go.
=====================
Can you run gmer and post that log or does it not run?
Can you post the Combofix log it should be found here > C:\Combofix.txt
Are you able to run scans to completion? Such as Drweb,Combofix ?
  • 0

#3
daemon37
Posted 07 January 2011 - 08:19 AM

daemon37

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
First of all, GOOD NEWS, MalwareBytes Antimalware seemed to do the trick. All of the problems seem to have disappeared, so far... I'll keep a watchful eye out for any persisting symptoms.

All scans that I ran seemed to finish correctly (with the exception of Trend Micro Housecall which wouldn't even start scanning). I never ran gmer, but I will do that now. In the mean-time here is my ComboFix.txt

ComboFix 11-01-06.04 - Dave 01/07/2011 20:02:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2447 [GMT 11:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0002DD27
c:\program files\MyWebSearch\bar\Cache\0002E4D8
c:\program files\MyWebSearch\bar\Cache\0002E758.bin
c:\program files\MyWebSearch\bar\Cache\0002E7E5.bin
c:\program files\MyWebSearch\bar\Cache\0002E843.bmp
c:\program files\MyWebSearch\bar\Cache\0002E881.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\_005243_.tmp.dll
c:\windows\system32\_005244_.tmp.dll
c:\windows\system32\_005245_.tmp.dll
c:\windows\system32\_005246_.tmp.dll
c:\windows\system32\_005253_.tmp.dll
c:\windows\system32\_005254_.tmp.dll
c:\windows\system32\_005255_.tmp.dll
c:\windows\system32\_005256_.tmp.dll
c:\windows\system32\_005258_.tmp.dll
c:\windows\system32\_005259_.tmp.dll
c:\windows\system32\_005262_.tmp.dll
c:\windows\system32\_005263_.tmp.dll
c:\windows\system32\_005265_.tmp.dll
c:\windows\system32\_005266_.tmp.dll
c:\windows\system32\_005267_.tmp.dll
c:\windows\system32\_005269_.tmp.dll
c:\windows\system32\_005272_.tmp.dll
c:\windows\system32\_005273_.tmp.dll
c:\windows\system32\_005277_.tmp.dll
c:\windows\system32\_005278_.tmp.dll
c:\windows\system32\_005280_.tmp.dll
c:\windows\system32\_005283_.tmp.dll
c:\windows\system32\_005285_.tmp.dll
c:\windows\system32\_005286_.tmp.dll
c:\windows\system32\_005287_.tmp.dll
c:\windows\system32\_005288_.tmp.dll
c:\windows\system32\_005289_.tmp.dll
c:\windows\system32\_005292_.tmp.dll
c:\windows\system32\_005293_.tmp.dll
c:\windows\system32\_005294_.tmp.dll
c:\windows\system32\_005295_.tmp.dll
c:\windows\system32\_005296_.tmp.dll
c:\windows\system32\_005301_.tmp.dll
c:\windows\system32\_005303_.tmp.dll
c:\windows\system32\_005304_.tmp.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\lsprst7.dll
c:\windows\system32\SET158.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-12-07 to 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-07 08:23 . 2011-01-07 08:23 -------- d-----w- C:\found.000
2011-01-07 01:57 . 2011-01-07 02:11 -------- d-----w- c:\documents and settings\Dave\DoctorWeb
2011-01-07 01:28 . 2011-01-07 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-07 01:12 . 2011-01-07 01:12 229888 ----a-w- c:\windows\Mcacea.exe
2011-01-07 01:12 . 2011-01-07 01:12 76800 --sha-r- c:\windows\system32\shginaz.dll
2011-01-03 23:44 . 2011-01-03 23:44 -------- d-----w- c:\program files\iPod
2011-01-03 23:44 . 2011-01-03 23:45 -------- d-----w- c:\program files\iTunes
2011-01-02 04:32 . 2011-01-02 06:08 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\The Witcher
2011-01-01 14:36 . 2011-01-01 14:36 -------- d-----w- c:\documents and settings\Dave\Application Data\Spore
2010-12-31 15:11 . 2010-12-31 15:11 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\THQ
2010-12-29 00:22 . 2002-01-12 05:30 3567 ----a-w- c:\windows\system32\drivers\PortTalk.sys
2010-12-16 07:48 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 07:47 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 23:49 . 2010-12-13 23:49 -------- d-----w- c:\program files\Common Files\Skype
2010-12-09 12:52 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-12-09 12:52 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-12-09 12:52 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-12-09 12:52 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-12-09 12:52 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-12-09 12:52 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-12-09 12:52 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-12-09 12:52 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-12-09 07:17 . 2010-08-16 04:31 725064 ----a-w- c:\windows\system32\pwNative.exe
2010-12-09 07:17 . 2010-08-16 04:31 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-12-09 07:17 . 2010-08-16 04:31 11104 ------w- c:\windows\system32\pwdspio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-26 04:59 . 2010-01-06 16:59 137824 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-26 04:59 . 2010-01-06 16:59 202032 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-29 06:38 . 2010-11-29 06:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 06:38 . 2010-11-29 06:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2009-04-22 22:50 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 07:53 . 2010-06-10 23:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 05:34 . 2010-04-03 21:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:26 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-10 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2009-04-29 21:49 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-10 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2009-04-29 21:49 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-01-06 18:24 . 2010-01-06 18:24 33852 ----a-w- c:\program files\ffdsvsetts.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lightscreen"="c:\program files\Lightscreen\lightscreen.exe" [2008-08-12 288768]
"Google Update"="c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-03 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="g:\games\Steam\steam.exe" [2010-12-29 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\documents and settings\Peachy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Dave\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-26 08:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\Fallout 3\\Fallout3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Games\\snes9x-1.41-1-win32\\snes9x.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Games\\StarCraft II\\StarCraft II.exe"=
"c:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Documents and Settings\\Dave\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Games\\StarCraft II\\Versions\\Base16561\\SC2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Games\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
"c:\\Games\\StarCraft II\\Versions\\Base16755\\SC2.exe"=
"g:\\Games\\Steam\\Steam.exe"=
"g:\\Games\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"g:\\Games\\Steam\\steamapps\\common\\recettear\\recettear.exe"=
"g:\\Games\\Steam\\steamapps\\common\\recettear\\custom.exe"=
"g:\\Games\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"=
"g:\\Games\\Steam\\steamapps\\common\\silent hill homecoming\\Bin\\SilentHill.exe"=
"g:\\Games\\Steam\\steamapps\\common\\back to the future ep 1\\BackToTheFuture101.exe"=
"g:\\Games\\Steam\\steamapps\\common\\penumbra black plague\\redist\\Penumbra.exe"=
"g:\\Games\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=
"g:\\Games\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\splinter cell\\system\\splintercell.exe"=
"g:\\Games\\Steam\\steamapps\\common\\team fortress 2 - mac trailer\\smp.exe"=
"g:\\Games\\Steam\\steamapps\\common\\penumbra black plague\\redist\\Requiem.exe"=
"g:\\Games\\Steam\\steamapps\\common\\poker night at the inventory\\CelebrityPoker.exe"=
"g:\\Games\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\lara croft and the guardian of light\\lcgol.exe"=
"g:\\Games\\Steam\\steamapps\\common\\thief deadly shadows\\System\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\moon base alpha\\Binaries\\Win32\\MoonBaseAlphaGame.exe"=
"g:\\Games\\Steam\\steamapps\\common\\tom clancy's splinter cell conviction\\src\\system\\conviction_game.exe"=
"g:\\Games\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commandos behind enemy lines\\Comandos.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commandos behind enemy lines\\readme.doc"=
"g:\\Games\\Steam\\steamapps\\common\\commandos beyond the call of duty\\coman_mp.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commandos beyond the call of duty\\Tutorial.exe"=
"g:\\Games\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dead rising 2\\deadrising2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commandos 2 men of courage\\comm2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commandos 2 men of courage\\Readme.rtf"=
"g:\\Games\\Steam\\steamapps\\common\\commandos 3 destination berlin\\commandos3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commandos 3 destination berlin\\readme.rtf"=
"g:\\Games\\Steam\\steamapps\\common\\resident evil 5\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\amnesia the dark descent\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\indiana jones and the fate of atlantis\\Indiana Jones and the Fate of Atlantis.exe"=
"g:\\Games\\Steam\\steamapps\\common\\loom\\Loom.exe"=
"g:\\Games\\Steam\\steamapps\\common\\sam and max 302\\SamMax302.exe"=
"g:\\Games\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"g:\\Games\\Steam\\steamapps\\common\\sam and max 301\\SamMax301.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the dig\\The Dig.exe"=
"g:\\Games\\Steam\\steamapps\\common\\civilization iv colonization\\Colonization.exe"=
"g:\\Games\\Steam\\steamapps\\common\\greed corp\\Game.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\sam and max 303\\SamMax303.exe"=
"g:\\Games\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"g:\\Games\\Steam\\steamapps\\common\\lumines\\lumines.exe"=
"g:\\Games\\Steam\\steamapps\\common\\blade kitten\\Bladekitten.exe"=
"g:\\Games\\Steam\\steamapps\\common\\monkey2\\Monkey2.exe"=
"g:\\Games\\Diablo II\\Diablo II.exe"=
"g:\\Games\\Diablo\\Diablo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\sid meier's civilization iv\\Civilization4.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest immortal throne\\Tqit.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest immortal throne\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords.exe"=
"g:\\Games\\Steam\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=
"g:\\Games\\Steam\\steamapps\\common\\sam and max 304\\SamMax304.exe"=
"g:\\Games\\Steam\\steamapps\\common\\sam and max 305\\SamMax305.exe"=
"g:\\Games\\Steam\\steamapps\\common\\tropico 3\\tropico3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\overlord ii\\Overlord2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\overlord ii\\Config.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the secret of monkey island special edition\\MISE.exe"=
"g:\\Games\\Steam\\steamapps\\common\\saints row 2\\SR2_pc.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dark forces\\DosBox\\dosbox.exe"=
"g:\\Games\\Steam\\steamapps\\common\\jedi knight mysteries of the sith\\JKM.EXE"=
"g:\\Games\\Steam\\steamapps\\common\\star wars jedi knight\\JK.EXE"=
"g:\\Games\\Steam\\steamapps\\common\\street fighter iv\\SF4Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\spore\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\deus ex invisible war\\System\\dx2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\jedi outcast\\GameData\\jk2sp.exe"=
"g:\\Games\\Steam\\steamapps\\common\\jedi outcast\\GameData\\jk2mp.exe"=
"g:\\Games\\Steam\\steamapps\\common\\batman arkham asylum\\Binaries\\BmLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\jedi academy\\GameData\\jasp.exe"=
"g:\\Games\\Steam\\steamapps\\common\\jedi academy\\GameData\\jamp.exe"=
"g:\\Games\\Steam\\steamapps\\common\\spore\\SporebinEP1\\SporeApp.exe"=
"g:\\Games\\Steam\\steamapps\\common\\spore\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\sid meier's civilization iv beyond the sword\\Beyond the Sword\\Civ4BeyondSword.exe"=
"g:\\Games\\Steam\\steamapps\\common\\splinter cell - double agent\\SCDALauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\witcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"g:\\Games\\Steam\\steamapps\\daemon37\\day of defeat source\\hl2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6260:TCP"= 6260:TCP:MULE TCP
"6260:UDP"= 6260:UDP:MULE UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/19/2009 1:28 AM 691696]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [5/25/2010 8:53 PM 2139400]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [5/15/2009 8:22 PM 2789160]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [6/7/2009 3:00 PM 33792]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [8/8/2002 5:27 PM 11330]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Dave\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Dave\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\INQ1usbser.sys [7/28/2009 6:52 PM 103680]
S3 padenum;Enumerador de dispositivos de NTPAD;c:\windows\system32\DRIVERS\padenum.sys --> c:\windows\system32\DRIVERS\padenum.sys [?]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [12/29/2010 11:22 AM 3567]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [6/8/2003 1:00 PM 21922]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [12/9/2010 6:17 PM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [12/9/2010 6:17 PM 11104]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S3 VendorJoystickEnabler;Driver para joystick paralelo de consola;c:\windows\system32\drivers\ntpad.sys --> c:\windows\system32\drivers\ntpad.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [5/15/2009 8:22 PM 15656]
.
Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\Driver Fetch.job
- c:\program files\Driver Fetch\2.0.0.0\DriverFetch.exe [2010-02-04 06:15]

2011-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-764733703-839522115-1003Core.job
- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-03 23:29]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-764733703-839522115-1003UA.job
- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-03 23:29]

2011-01-06 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]

2011-01-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]

2011-01-07 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\windows\Mcacea.exe [2011-01-07 01:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fshva%3D1%26ui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2#inbox
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: East Asian Translator: eastasian@eunheui - %profile%\extensions\eastasian@eunheui
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
AddRemove-AHL2 - c:\games\valve\steam\SteamApps\SourceMods\AHL2\Uninstall-AHL2.exe
AddRemove-Classic Doom 3 - c:\games\Doom 3\uninst.exe
AddRemove-Dungeon Keeper 2 - d:\games\Dungeon Keeper II\Uninstall.exe
AddRemove-Dungeon Keeper II - c:\games\Dungeon Keeper 2\Uninst.isu
AddRemove-l4d_vs_assault_final_is1 - c:\games\Valve\Steam\SteamApps\common\left 4 dead\left4dead\unins000.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Oblivion mod manager_is1 - d:\games\valve\steam\steamapps\common\oblivion\obmm\uninstall\unins000.exe
AddRemove-Steam App 10680 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 11450 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 11900 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 1250 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 12710 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 12900 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 130 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 13560 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 15120 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 15620 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 16810 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 17410 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 17470 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 17480 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 19000 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 20 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 215 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 21680 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 21690 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 220 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 2200 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 22000 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 22120 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 22140 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 22180 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 22320 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 22330 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 2270 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 2280 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 2290 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 2300 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 2310 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 2320 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 2330 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 2340 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 2350 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 2360 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 2370 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 2390 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 26800 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 29180 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 300 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 31220 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 31230 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 31280 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 31290 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 320 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 32310 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 32340 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 32370 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 33220 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 340 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 35130 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 3590 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 3720 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 3730 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 37400 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 37420 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 380 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 38400 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 38410 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 38420 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 39000 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 400 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 4000 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 40700 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 40930 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 420 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 440 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 4500 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 50 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 500 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 513 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 564 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 57300 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 590 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 6200 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 630 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 6800 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 6810 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 6830 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 6840 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 6910 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 6980 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 7670 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 7760 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 8400 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 8880 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 8890 - d:\games\valve\steam\steam.exe
AddRemove-Steam App 9000 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 9010 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 9030 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 9040 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 9050 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 9060 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 9070 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 9160 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 9180 - c:\games\Valve\Steam\steam.exe
AddRemove-Steam App 9740 - c:\games\valve\steam\steam.exe
AddRemove-Steam App 9870 - c:\games\valve\steam\steam.exe
AddRemove-UnInstall Lemmings Paintball - d:\games\LemBall\DeIsLog.1
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
AddRemove-{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116} - d:\games\SimCity 4 Deluxe\EAUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 20:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-764733703-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:1b,cf,5b,f9,44,2f,d8,46,24,93,81,fd,f3,b3,9e,e7,32,5b,6c,b6,44,
46,a4,30,53,a5,fd,3b,f2,30,97,b8,d5,8b,a0,ee,91,c9,75,29,3f,36,33,79,42,8a,\
"rkeysecu"=hex:8a,8c,67,65,2d,3c,c8,2d,56,82,f8,d4,f8,0e,3a,a3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1116)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Adobe\Reader 9.0\Reader\viewerps.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
.
**************************************************************************
.
Completion time: 2011-01-07 20:16:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-07 09:16

Pre-Run: 341,568,585,728 bytes free
Post-Run: 344,622,919,680 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 61D00BFC1830E06BCECBE2A9AFFB9CDB
  • 0

#4
daemon37
Posted 07 January 2011 - 05:47 PM

daemon37

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is my gmer log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-08 10:45:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 Hitachi_ rev.GM4O
Running: 5jjxhkt4.exe; Driver: C:\DOCUME~1\Dave\LOCALS~1\Temp\pxtdrpob.sys


---- System - GMER 1.0.15 ----

SSDT spmk.sys ZwCreateKey [0xB7EB50E0]
SSDT spmk.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spmk.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT spmk.sys ZwOpenKey [0xB7EB50C0]
SSDT spmk.sys ZwQueryKey [0xB7ECE20A]
SSDT spmk.sys ZwQueryValueKey [0xB7ECE08A]
SSDT spmk.sys ZwSetValueKey [0xB7ECE29C]

INT 0x62 ? 8AEC5BF8
INT 0x73 ? 8AE57BF8
INT 0x83 ? 8AE57BF8
INT 0xB4 ? 8AD32BF8

---- Kernel code sections - GMER 1.0.15 ----

? odmnp.sys The system cannot find the file specified. !
? spmk.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B7BB58AC 5 Bytes JMP 8AD321D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB709D380, 0x550AF5, 0xE8000020]
.text arwybyek.SYS B7050386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text arwybyek.SYS B70503AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text arwybyek.SYS B70503C4 3 Bytes [00, 80, 02]
.text arwybyek.SYS B70503C9 1 Byte [30]
.text arwybyek.SYS B70503C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2000] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3836] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spmk.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spmk.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spmk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spmk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spmk.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spmk.sys
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\arwybyek.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AE531F8
Device \Driver\usbohci \Device\USBPDO-0 8AD9E500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AE551F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AE551F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AE551F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AE551F8
Device \Driver\usbehci \Device\USBPDO-1 8ADA0500
Device \Driver\sptd \Device\1011775786 spmk.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AEC61F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8AEC61F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Cdrom \Device\CdRom0 8ACF21F8
Device \Driver\Cdrom \Device\CdRom1 8ACF21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 8ACF21F8
Device \Driver\Cdrom \Device\CdRom3 8ACF21F8
Device \Driver\USBSTOR \Device\00000083 89A5D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89AA1500
Device \Driver\USBSTOR \Device\00000084 89A5D1F8
Device \Driver\USBSTOR \Device\00000085 89A5D1F8
Device \Driver\NetBT \Device\NetbiosSmb 89AA1500
Device \Driver\PCI_PNP7036 \Device\0000004c spmk.sys
Device \Driver\USBSTOR \Device\00000086 89A5D1F8
Device \Driver\usbohci \Device\USBFDO-0 8AD9E500
Device \Driver\usbehci \Device\USBFDO-1 8ADA0500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A741F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A741F8
Device \Driver\Ftdisk \Device\FtControl 8AEC61F8
Device \Driver\USBSTOR \Device\0000007e 89A5D1F8
Device \Driver\arwybyek \Device\Scsi\arwybyek1Port4Path0Target1Lun0 8ACEC1F8
Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path0Target0Lun0 8AE541F8
Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path1Target1Lun0 8AE541F8
Device \Driver\arwybyek \Device\Scsi\arwybyek1Port4Path0Target0Lun0 8ACEC1F8
Device \Driver\arwybyek \Device\Scsi\arwybyek1 8ACEC1F8
Device \Driver\nvgts \Device\Scsi\nvgts1 8AE541F8
Device \Driver\nvgts \Device\Scsi\nvgts2 8AE541F8
Device \Driver\arwybyek \Device\Scsi\arwybyek1Port4Path0Target2Lun0 8ACEC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0C465799-8383-44B4-AF1C-BF59A5BB6A00} 89AA1500
Device \FileSystem\Cdfs \Cdfs 89A351F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9D 0x70 0xBB 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x45 0xBD 0xC1 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x16 0x5A 0x24 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF4 0x29 0xF2 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x80 0xCB 0x98 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEB 0xA8 0x9A 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x45 0xBD 0xC1 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x16 0x5A 0x24 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF4 0x29 0xF2 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x80 0xCB 0x98 0xC8 ...

---- EOF - GMER 1.0.15 ----
  • 0

#5
kahdah
Posted 08 January 2011 - 08:27 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok open OTL once more and click on Run scan post the new log that opens.
  • 0

#6
daemon37
Posted 08 January 2011 - 06:46 PM

daemon37

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Still haven't seen any problems. Here's my OTL.txt:

OTL logfile created on: 1/9/2011 11:41:52 AM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 320.35 Gb Free Space | 68.78% Space Free | Partition Type: NTFS
Drive E: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 931.51 Gb Total Space | 331.07 Gb Free Space | 35.54% Space Free | Partition Type: NTFS

Computer Name: RED | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/07 23:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
PRC - [2011/01/07 20:52:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2010/12/29 20:55:09 | 000,071,464 | ---- | M] (Valve Corporation) -- G:\Games\Steam\GameOverlayUI.exe
PRC - [2010/12/29 20:51:45 | 001,242,448 | ---- | M] (Valve Corporation) -- G:\Games\Steam\Steam.exe
PRC - [2010/12/11 16:17:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 16:17:21 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/24 11:10:46 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/04/01 20:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/01/20 06:14:44 | 000,186,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009/01/20 06:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/11/10 07:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/12 12:17:32 | 000,288,768 | ---- | M] () -- C:\Program Files\Lightscreen\lightscreen.exe
PRC - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/10 14:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2011/01/07 23:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2009/01/20 06:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/11/10 07:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/11/14 19:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/10 14:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ntpad.sys -- (VendorJoystickEnabler)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\TMPassthru.sys -- (TMPassthruMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\padenum.sys -- (padenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dave\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2010/08/16 15:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/08/16 15:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2010/07/08 20:21:52 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/01/12 15:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/12/19 01:28:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/04/08 15:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2008/12/05 08:32:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/10/07 05:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/08/19 09:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/04/17 19:33:26 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 05:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/20 23:11:52 | 000,103,680 | R--- | M] (AMOI Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\INQ1usbser.sys -- (INQ1usbser)
DRV - [2008/02/15 18:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 15:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 15:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 23:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/02/17 05:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 10:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/07/02 16:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/10 14:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2003/08/10 10:10:18 | 000,021,922 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PPortJoy.sys -- (PPortJoystick)
DRV - [2003/08/10 10:10:17 | 000,011,330 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPJoyBus.sys -- (PPJoyBus)
DRV - [2002/01/12 16:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PortTalk.sys -- (PortTalk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 10:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 10:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2011/01/04 10:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2011/01/04 10:43:25 | 000,000,000 | ---D | M]

[2009/04/23 19:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2011/01/08 21:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions
[2010/03/24 16:35:58 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/10/09 19:19:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/27 06:25:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/10/09 12:38:01 | 000,000,000 | ---D | M] (East Asian Translator) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\eastasian@eunheui
[2010/03/24 16:35:55 | 000,000,000 | ---D | M] (Linky) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\[email protected]
[2009/06/02 18:19:00 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\[email protected]
[2010/10/09 19:19:25 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\rhalj0ka.default\extensions\[email protected]
[2011/01/07 20:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 10:27:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/11 10:04:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/16 13:26:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 12:03:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 20:52:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/07 20:52:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/07 20:10:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Lightscreen] C:\Program Files\Lightscreen\lightscreen.exe ()
O4 - HKCU..\Run: [Steam] G:\Games\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1240444910140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/23 09:53:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/27 19:47:12 | 000,000,000 | R--D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/27 19:47:12 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/07 23:07:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2011/01/07 22:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/07 22:47:15 | 002,592,840 | ---- | C] (www.orbitdownloader.com ) -- C:\Documents and Settings\All Users\Documents\OrbitDownloaderSetup3005.exe
[2011/01/07 22:47:10 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mbam-setup.exe
[2011/01/07 21:22:05 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/01/07 21:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/01/07 20:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/07 20:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\JavaRa
[2011/01/07 20:13:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/07 20:00:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/07 19:56:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/07 19:56:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/07 19:56:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/07 19:56:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/07 19:56:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/07 19:55:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/07 19:23:10 | 000,000,000 | ---D | C] -- C:\found.000
[2011/01/07 12:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\DoctorWeb
[2011/01/07 12:55:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/01/07 12:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/04 10:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/04 10:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/04 10:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/04 10:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/01/04 10:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/02 15:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\The Witcher
[2011/01/02 15:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\The Witcher
[2011/01/02 15:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The Witcher
[2011/01/02 01:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\My Spore Creations
[2011/01/02 01:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Spore
[2011/01/01 02:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\THQ
[2010/12/29 20:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2010/12/29 11:22:26 | 000,003,567 | ---- | C] (Beyond Logic http://www.beyondlogic.org) -- C:\WINDOWS\System32\drivers\PortTalk.sys
[2010/12/17 20:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\SORTYTHIS
[2010/12/14 10:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2010/12/14 10:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[259 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/09 11:26:41 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/01/09 11:26:33 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/01/09 11:26:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/09 11:25:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/09 11:25:17 | 3220,557,824 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/09 00:21:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-764733703-839522115-1003UA.job
[2011/01/08 21:08:50 | 000,006,224 | ---- | M] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2011/01/08 13:46:02 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2011/01/08 13:21:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-764733703-839522115-1003Core.job
[2011/01/07 23:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2011/01/07 22:46:25 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mbam-setup.exe
[2011/01/07 22:46:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\SAS_565311.COM
[2011/01/07 22:44:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\VIPRERescue7973.exe
[2011/01/07 22:42:43 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\rkill.com
[2011/01/07 22:42:30 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\rkill.exe
[2011/01/07 22:42:10 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\explorer.exe
[2011/01/07 22:41:43 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\exeHelper.com
[2011/01/07 20:48:32 | 000,159,757 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\JavaRa.zip
[2011/01/07 20:10:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/07 20:00:35 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2011/01/07 19:53:29 | 004,149,589 | R--- | M] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2011/01/07 19:47:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/07 12:50:56 | 054,251,664 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\d4a78g85.exe
[2011/01/07 12:30:11 | 000,621,694 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/07 12:12:44 | 000,076,800 | RHS- | M] () -- C:\WINDOWS\System32\shginaz.dll
[2011/01/04 10:45:06 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/02 02:35:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2010/12/30 22:11:02 | 000,000,221 | ---- | M] () -- C:\Boot.bak
[2010/12/29 20:56:58 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/12/29 20:42:22 | 001,588,224 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SteamInstall.msi
[2010/12/29 12:38:44 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2010/12/26 15:59:47 | 000,137,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/12/23 16:21:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\New Microsoft Office Word Document.docx
[2010/12/21 16:58:20 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/17 09:05:57 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/17 01:21:03 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/14 17:21:51 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Google Chrome.lnk
[2010/12/14 17:21:51 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[259 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/08 21:08:50 | 000,006,224 | ---- | C] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2011/01/07 22:47:42 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\explorer.exe
[2011/01/07 22:47:29 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\rkill.exe
[2011/01/07 22:47:26 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\rkill.com
[2011/01/07 22:47:26 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\exeHelper.com
[2011/01/07 22:47:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\VIPRERescue7973.exe
[2011/01/07 22:47:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\SAS_565311.COM
[2011/01/07 20:48:31 | 000,159,757 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\JavaRa.zip
[2011/01/07 20:00:35 | 000,000,221 | ---- | C] () -- C:\Boot.bak
[2011/01/07 20:00:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/07 19:56:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/07 19:56:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/07 19:56:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/07 19:56:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/07 19:56:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/07 19:54:03 | 004,149,589 | R--- | C] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2011/01/07 19:47:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/07 19:25:39 | 3220,557,824 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/07 12:44:49 | 054,251,664 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\d4a78g85.exe
[2011/01/07 12:30:00 | 000,621,694 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/07 12:12:44 | 000,076,800 | RHS- | C] () -- C:\WINDOWS\System32\shginaz.dll
[2011/01/04 10:45:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/29 20:51:14 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/12/29 20:42:20 | 001,588,224 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SteamInstall.msi
[2010/12/23 16:21:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\New Microsoft Office Word Document.docx
[2010/12/09 18:17:57 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/12/09 18:17:57 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/06/29 18:03:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/13 12:48:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/05/01 12:19:26 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\obtf503
[2010/04/02 18:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/01/15 17:01:20 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2010/01/07 05:24:38 | 000,033,852 | ---- | C] () -- C:\Program Files\ffdsvsetts.reg
[2010/01/07 03:59:45 | 000,137,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/01/07 03:59:45 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\PnkBstrK.sys
[2010/01/04 20:06:28 | 000,076,533 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2010/01/04 20:06:28 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/12/19 02:29:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2009/12/19 01:28:20 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/16 12:18:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\housecall.guid.cache
[2009/11/01 21:19:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/28 18:01:04 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\filerenamerred.sys
[2009/10/17 01:57:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\Battle.ini
[2009/10/17 00:51:35 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ANTSWLIB.INI
[2009/09/02 21:36:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/02 21:19:30 | 000,001,341 | ---- | C] () -- C:\WINDOWS\cdiemu.ini
[2009/07/04 03:20:46 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/07/04 03:20:30 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/06/23 20:05:42 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
[2009/06/12 10:17:34 | 000,000,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/06/12 10:14:50 | 000,006,580 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\PrimoPDFSet.xml
[2009/06/12 10:13:30 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/06/07 15:00:39 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2009/06/07 14:39:09 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\DUALSHOCK3FF.dll
[2009/06/03 20:32:55 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/06/03 20:32:55 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/06/03 20:32:55 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/05/29 10:27:07 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/05/29 10:27:07 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/05/29 10:27:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2009/05/29 10:27:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2009/05/29 10:27:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2009/05/29 10:26:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/04/28 07:50:13 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/27 15:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/24 15:57:56 | 000,000,315 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/04/24 15:41:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/04/23 02:41:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/31 18:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[1998/10/11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2009/11/30 11:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/07/08 20:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/08/12 09:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitmeter2
[2009/12/19 01:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/11/19 22:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/04/23 12:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2010/05/01 12:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GraphPad Software
[2009/08/11 21:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2011/01/07 12:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/07 14:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/12/27 05:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valve
[2010/07/19 14:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/23 17:59:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[2010/07/31 23:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\.minecraft
[2009/10/24 23:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Bioshock
[2009/08/11 21:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Bitmeter2
[2010/02/14 02:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Blitware
[2009/09/12 23:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Braid
[2009/11/09 17:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Broken Rules
[2010/12/26 23:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\BSW
[2009/07/08 17:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Canon
[2009/12/19 14:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DAEMON Tools Lite
[2010/05/01 12:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GraphPad Software
[2011/01/08 21:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\gtk-2.0
[2009/10/30 09:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\HouseCall 6.6
[2009/09/22 21:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\KompoZer
[2010/07/09 18:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\LucasArts
[2009/04/23 12:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\My Games
[2011/01/07 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Orbit
[2010/01/15 17:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Red Alert 3
[2011/01/02 01:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Spore
[2010/07/14 20:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Subversion
[2010/02/11 21:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Tropico 3
[2009/05/27 18:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\UHS Reader
[2009/11/13 00:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Xilisoft Corporation
[2011/01/02 02:35:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job
[2011/01/08 13:46:02 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGADaily.job
[2011/01/09 11:26:33 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#7
kahdah
Posted 09 January 2011 - 07:25 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\WINDOWS\Mcacea.exe
C:\WINDOWS\System32\shginaz.dll

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0

#8
daemon37
Posted 09 January 2011 - 02:25 PM

daemon37

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Malwarebytes Antimalware removed those files. Those were the ones causing all the trouble apparently.
  • 0

#9
kahdah
Posted 09 January 2011 - 06:05 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok looks to be pretty clean now but I would like to check with one more thing please.
========
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan inside archives.
  • Click Scan
  • Wait for the scan to finish
  • Click on the option that says Export to text file.
  • Save it to your desktop and post the contents here in your next reply.
  • Once the log is saved click the option to delete quarantined threats and Uninstall application on close.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP