[musicfrk]

I'm not entirely sure when this problem first started occuring but it's been going on for quite awhile now. First let me just say that I am pretty sure that this is related to malware and not a loose wire or something like that. Basically when I first turn my computer on, the internet seems to work fine as it first boots up and loads programs. Then it simply stops working though and it is very hard for me to access any pages. I've tried to get rid of this problem with MBAM, zonealarm, Spybot search and destroy, and Dr web Cure it. I had some success when I used Spybot Search and Destroy and my internet worked for a couple minutes but then the problem returned. When I used Dr Web Cure It it displayed a message that I think may explain my problem. I can't exactly remember the message but I believe it said that some files in the registry had been changed and that problems with these files may effect my internet. It asked me if I wanted to return these files to the default one's and I said yes. Like When I used Spybot Search and Destroy my internet worked fine for a couple of minutes before the problem returned. Also I think my flash drive (identified as J in the otl scan) has a trojan on it. I haven't used that flash drive for quite awhile and I first put it into my laptop yesterday and within seconds my antivirus(zonealarm) popped up telling me about a trojan. I'm not 100 percent sure if I was able to completely get rid of it from the flash drive. Any assistance you can provide would be greatly appreciated. Here is the otl log.


OTL logfile created on: 7/27/2011 5:11:40 PM - Run 17
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Danny Many\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.35% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.41% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 7.25 Gb Free Space | 19.44% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 10.32 Gb Free Space | 6.92% Space Free | Partition Type: NTFS
Drive E: | 639.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 4.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 1.96 Gb Total Space | 1.30 Gb Free Space | 66.63% Space Free | Partition Type: FAT
Drive M: | 495.84 Mb Total Space | 8.70 Mb Free Space | 1.76% Space Free | Partition Type: FAT

Computer Name: DANIEL-12-27-08 | User Name: Danny Many | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Danny Many\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AIM\aim.exe (AOL Inc.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Danny Many\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)


========== Driver Services (SafeList) ==========

DRV - (DwProt) -- File not found
DRV - (uteznjcy) -- C:\WINDOWS\system32\drivers\uteznjcy.sys ()
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (TSP) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\System32\DRIVERS\kl1.sys (Kaspersky Lab)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) -- C:\WINDOWS\system32\drivers\A3AB.sys (D-Link Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.92
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 12:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/30 11:31:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/06 10:02:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 22:43:26 | 000,000,000 | ---D | M]

[2011/02/27 19:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danny Many\Application Data\Mozilla\Extensions
[2010/01/25 20:53:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danny Many\Application Data\Mozilla\Extensions\[email protected]
[2011/07/27 11:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danny Many\Application Data\Mozilla\Firefox\Profiles\1ng84g2d.default\extensions
[2011/03/03 17:06:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Danny Many\Application Data\Mozilla\Firefox\Profiles\1ng84g2d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/07 20:52:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Danny Many\Application Data\Mozilla\Firefox\Profiles\1ng84g2d.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/09 22:41:57 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Danny Many\Application Data\Mozilla\Firefox\Profiles\1ng84g2d.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/03/01 19:55:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Danny Many\Application Data\Mozilla\Firefox\Profiles\1ng84g2d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/07/27 11:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/06 22:43:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/30 11:31:10 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/26 13:21:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/26 22:24:05 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {31435657-9980-0010-8000-00aa00389b71} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Danny Many\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Danny Many\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/27 19:40:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/06 23:49:32 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/11/06 23:49:32 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005/08/30 11:08:52 | 000,000,145 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/12/09 17:27:04 | 000,000,082 | ---- | M] () - J:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2010/11/06 23:49:34 | 000,000,000 | RHSD | M] - M:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/23 14:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny Many\My Documents\Deus Ex - Invisible War
[2011/07/23 14:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Eidos
[2011/07/06 22:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/30 14:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny Many\My Documents\Deus Ex
[2011/06/30 12:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/06/30 12:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Deus Ex
[2011/06/30 12:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny Many\Local Settings\Application Data\WinZip
[2011/06/30 12:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/06/30 12:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Danny Many\My Documents\*.tmp files -> C:\Documents and Settings\Danny Many\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 16:55:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danny Many\Desktop\OTL.exe
[2011/07/27 16:46:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/27 14:21:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1085031214-839522115-1004.job
[2011/07/27 14:21:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 14:21:00 | 000,013,736 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 14:20:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 14:12:51 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1085031214-839522115-1004.job
[2011/07/27 10:21:23 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/07/26 22:24:05 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/26 09:37:00 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/07/25 18:03:44 | 072,486,792 | ---- | M] () -- C:\Documents and Settings\Danny Many\Desktop\new dr web cure it.exe
[2011/07/23 14:15:19 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Deus Ex - Invisible War.lnk
[2011/07/22 17:46:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/13 18:25:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Danny Many\Desktop\Shortcut to Internet Explorer.lnk
[2011/07/11 11:53:21 | 000,000,294 | -HS- | M] () -- C:\boot.ini
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/06 10:20:47 | 000,000,078 | ---- | M] () -- C:\Documents and Settings\Danny Many\Desktop\AI War Fleet Command - Demo.url
[2011/06/30 12:14:55 | 000,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Danny Many\My Documents\*.tmp files -> C:\Documents and Settings\Danny Many\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 14:25:48 | 072,486,792 | ---- | C] () -- C:\Documents and Settings\Danny Many\Desktop\new dr web cure it.exe
[2011/07/24 16:41:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/07/23 14:15:19 | 000,000,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Deus Ex - Invisible War.lnk
[2011/07/13 18:25:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Danny Many\Desktop\Shortcut to Internet Explorer.lnk
[2011/07/06 10:20:47 | 000,000,078 | ---- | C] () -- C:\Documents and Settings\Danny Many\Desktop\AI War Fleet Command - Demo.url
[2011/06/30 12:14:55 | 000,001,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/02/25 16:16:12 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uteznjcy.sys
[2011/01/30 16:55:10 | 000,354,304 | ---- | C] () -- C:\WINDOWS\System32\pythoncom26.dll
[2011/01/30 16:55:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\pywintypes26.dll
[2011/01/05 20:40:05 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/05 20:40:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/12/17 17:15:16 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/12/13 17:41:11 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/13 17:41:02 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/13 17:41:02 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/11 01:45:51 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/09/14 09:03:59 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/01 15:57:07 | 000,008,128 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/20 19:29:06 | 000,242,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/04 14:59:07 | 000,035,190 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/06/28 14:03:09 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/06/28 14:03:09 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/06/28 14:03:09 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/05/11 20:03:56 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/08 01:38:44 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Danny Many\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/17 10:43:52 | 000,000,314 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/10/09 23:20:11 | 000,017,068 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/30 17:20:06 | 000,007,409 | ---- | C] () -- C:\WINDOWS\extend.dat
[2009/09/26 21:47:38 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2009/07/30 21:29:24 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/04/25 10:36:29 | 000,000,680 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2009/04/10 22:09:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/26 22:32:29 | 000,000,749 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/01/25 12:51:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2009/01/25 12:51:51 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/10 16:59:53 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Danny Many\Local Settings\Application Data\fusioncache.dat
[2009/01/09 19:02:50 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/01/09 19:02:35 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/01/09 19:02:32 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/01/09 19:02:31 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2008/12/29 21:24:09 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/12/27 19:59:19 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008/12/27 19:59:10 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/12/27 19:59:10 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/27 19:49:38 | 000,000,267 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/12/27 19:48:56 | 000,021,037 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/12/27 19:48:54 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/12/27 19:48:49 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/12/27 19:42:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/27 19:38:07 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/27 14:26:28 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/27 14:25:04 | 000,110,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/15 18:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,088,248 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/03 20:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1996/11/17 01:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== LOP Check ==========

[2010/12/31 18:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/12/31 18:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/07/31 20:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/01/01 23:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/26 22:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/12/04 23:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/11/06 18:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/12/30 12:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/09/12 12:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/03/12 17:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SimCity Societies
[2010/04/22 20:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/30 12:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/11/12 19:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/03/18 17:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/06/16 17:45:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2011/03/05 19:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/04 19:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 20:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/26 21:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\.minecraft
[2010/08/02 11:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\ABA72CDCC25BA487AB3C9D998923EE3F
[2011/01/01 14:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\acccore
[2011/05/18 18:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\AtomZombieData
[2011/04/24 13:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\AtomZombieDemoData
[2010/05/06 20:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\Beat Hazard
[2010/04/05 19:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\Bioshock2
[2010/01/03 16:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\Braid
[2009/11/06 17:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\CheckPoint
[2009/01/01 23:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\DAEMON Tools
[2009/01/02 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\DAEMON Tools Lite
[2009/01/01 23:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\DAEMON Tools Pro
[2010/06/06 09:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\eMule
[2011/03/31 23:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\FrostWire
[2009/10/16 22:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\GrabPro
[2010/04/22 21:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\IObit
[2010/06/23 14:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\Leadertech
[2010/08/04 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\MailFrontier
[2010/01/31 01:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\Orbit
[2010/06/30 21:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\runic games
[2009/10/03 10:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\SystemRequirementsLab
[2011/03/04 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\The Creative Assembly
[2010/08/07 13:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\Tropico 3
[2011/07/09 03:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\uTorrent
[2009/04/13 21:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny Many\Application Data\XRay Engine

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40FCD9A0

< End of report >

[Advertisements]

Hi, musicfrk! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
• Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
• Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
• Please reply within 3 days to be fair to other people asking for help.
• When in doubt, please stop and ask first. There's no harm in asking questions!

Sorry for the delay.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Is this laptop or desktop?

Step 1

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
  
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Step 2

We need to run an OTL Fix

• Please right click on on your desktop and click on Run as administrator.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  :OTL
  DRV - (uteznjcy) -- C:\WINDOWS\system32\drivers\uteznjcy.sys ()
    	
  :Files
  C:\WINDOWS\system32\drivers\uteznjcy.sys
  ipconfig /flushdns /c
  
  :Reg
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [emptyflash]
  [createrestorepoint]
  [reboot]

• Click on button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click on button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
• When asked if you want to download Avast's virus definitions please select No.
• Click the Scan button to start scan.
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 4

Please delete your current OTL.exe file from your Desktop.

OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  CREATERESTOREPOINT

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

• OTL fix log
  
• aswMBR log
  
• OTL scan log
  
• Extras log
  

[Render]

Hi, musicfrk! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
• Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
• Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
• Please reply within 3 days to be fair to other people asking for help.
• When in doubt, please stop and ask first. There's no harm in asking questions!

Sorry for the delay.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Is this laptop or desktop?

Step 1

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
  
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Step 2

We need to run an OTL Fix

• Please right click on on your desktop and click on Run as administrator.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  :OTL
  DRV - (uteznjcy) -- C:\WINDOWS\system32\drivers\uteznjcy.sys ()
    	
  :Files
  C:\WINDOWS\system32\drivers\uteznjcy.sys
  ipconfig /flushdns /c
  
  :Reg
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [emptyflash]
  [createrestorepoint]
  [reboot]

• Click on button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click on button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
• When asked if you want to download Avast's virus definitions please select No.
• Click the Scan button to start scan.
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 4

Please delete your current OTL.exe file from your Desktop.

OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  CREATERESTOREPOINT

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

• OTL fix log
  
• aswMBR log
  
• OTL scan log
  
• Extras log
  

[musicfrk]

Hey Render thanks for the reply unfortunately things have gone from bad to worse. After Reading your reply I booted up my computer but got an error telling me " windows could not start because the following file is missing or corrupt windows\system32\config\system." so I used my windows cd to repair it. Halfway through the repair proccess when it asked me to put in the cd that came with my motherboard I suddenly noticed that my mouse and keyboard were no longer working. I tried using another mouse and keyboard but they still didn't work. I was forced to restart the computer. Luckily it finished up the install when the computer rebooted but while I could use my keyboard I still couldn't use my mouse. I was able to finish the installation and then I used the repair function on my windows cd again and this time I had no problems. When I finally got the computer booted up I received two messages telling me there had been a fatal error during installation of my mouse and keyboard but for some reason my mouse and keyboard were still working. So I started following your instructions unfortunately after I restarted the computer, after using flash disinfector, neither my mouse nor keyboard works again. I tried using safe mode but I had no luck again. Also the keyboard works when the computer's booting up. Like I can still use it to get into safe mode or boot using the recovery console. O and im using a desktop.

Edited by musicfrk, 01 August 2011 - 04:53 PM.

[Render]

Hi,

So you are writing this from some other workable machine? What OS you have on that machine?

Halfway through the repair proccess when it asked me to put in the cd that came with my motherboard...

That is a little strange. What kind of mouse and keyboard connectors you have? PS/2 or USB?

First we will try with Windows repair one more time. Please follow the steps bellow:

Please, have your Windows XP CD-KEY ready.

• Boot from your Windows XP CD. Insert the Windows XP CD into your computer's CD-ROM or DVD-ROM drive, and then restart your computer.
• When the "Press any key to boot from CD" message appears on the screen, press a key to start your computer from the Windows XP CD.
  

  NOTE: If computer does not boot from CD you must change device boot order in BIOS. Read here for more information.

• A blue screen will appear and begin loading Windows XP Setup from the CD.
• When completed loading files, you will be presented with the following "Windows Setup" screen, and your first option. Select "To set up Windows XP now, press ENTER". DO NOT select Recovery Console.
  
  

  

• When presented with the screen below. press the F8 key to continue.
  
  

  

• Next, Windows Setup will find existing Windows XP installations. You will be asked to repair an existing XP installation, or install a fresh copy of Windows XP.
• Press the R key.
  
  

  

• Windows XP will appear to be installing itself for the first time, but it will retain all of your data and settings.
• Follow the instructions that appear on the screen to reinstall Windows XP. After you repair Windows XP, you may have to reactivate your copy of Windows XP.
• Let me know if the bootup problem has been solved.

[musicfrk]

Im writing this from my laptop which has windows seven on it. All the information I've given you is from my desktop though. I've just been using my laptop to reply and download the neccessary programs to a flash drive. Which I then use to transfer them to my desktop. The connectors are usb. To be honest I'm not sure exactly when my mouse and keyboard stopped working only that I followed the steps exactly as you listed them below so my keyboard was working at the point I hit R. Anyway I repaired windows again and it seems to only temporarily fix the problem. My mouse and keyboard work but for some reason I still get the message that my computer was unable to install the hardware for my mouse and keyboard.The keyboard and mouse work fine though. Once I restart the computer my keyboard and mouse no longer work however. As I said earlier though my keyboard works until I get to windows.

[Render]

Probably USB stack is somehow corrupted. We will try with system restore now. Please, follow the steps below:

Boot from the Windows XP installation CD...after the first several screens load, you will be given a choice to choose R for Recovery Console. You will then be asked to log in. Choose the installation to be repaired by number (usually 1) and press "Enter". When you are asked for the Administrator password, leave it blank and press "Enter".

When you get to the recovery console prompt:

• Type cd \ and press "Enter".
• Type cd system~1\_resto~1 and press "Enter".
• Type dir and press "Enter".

After you press enter you will see a list of folders (like rp1, rp2) If the list of restore points has more than one page then press the "Enter" key until you reach the end of the list

• Type cd rp {number of the second to last folder in the list} and press "Enter". (Example: Type cd rp9 if rp10 is the last restore point.)
• Type cd snapshot and press "Enter".
• Type copy _registry_machine_system c:\windows\system32\config\system and press "Enter".
• Type copy _registry_machine_software c:\windows\system32\config\software and press "Enter".
• Type exit and press "Enter".

Your PC will reboot.

If you get an access denied error when doing the above, then do the following at the recovery console:

• Type cd \ and press "Enter".
• Type cd windows\system32\config and press "Enter".
• Type ren system system.bak and press "Enter".
• Type exit and press "Enter".

Your PC will reboot, go back into the Recovery Console and start from the beginning.

[musicfrk]

Still no luck. My keyboards backlight turned on which is more response than I normally get from it when I've been having this problem but I was unable to use my keyboard or mouse.

[Render]

How many restore points you have there?

[musicfrk]

only the files that say Rp are restore points right. If that's the case three. Which is strange because I'm almost positive I've used erunt in the past more than that especially when I was having computer troubles.

[Render]

Number of restore points depends on available disk space. OK. Try to reconnect keyboard and mouse to different USB ports if you have not already done so. If that fail please try to restore your system to the first restore point (rp1).

[musicfrk]

I keeping getting an access is denied message and When I type in ren system system.bak it just tells me that a directory or file with that name already exists.

[Render]

You are getting access denied message when accessing rp1 folder? You had no problems in rp2?

Try also this:

• Take out your Win XP setup CD
• Restart the computer.
• As soon as the computer starts hit F8 every second to bring up the Advanced Options Menu.
• Choose the Last Known Good Configuration.

Let me know results.

[musicfrk]

Last known good configuration didn't work. I got the access denied error the first time I tried to use rp2 when I tried to type in "cd system~1\_resto~1" so I followed your instructions and then I was able to use rp2. when I tried to use rp1 I got the access denied error again when I typed in "cd system~1\_resto~1". I tried to follow your instructions for what to do if I receive an access denied error and when I type in "ren system system.bak" it simply tells me that that directory or file was already exists.

[Render]

OK. Probably we have problems with USB drivers. As you have USB keyboard and mouse we can't do anything in OS. Now... Please take a look at a back side of your computer if there are PS/2 ports on a motherboard's backplate. If they are there the easiest way to gain control in OS is to connect keyboard and mouse with PS/2 connectors. Are you able to find, borrow from some of your friends etc. keyboard and mouse with these connectors?

[musicfrk]

Okay so I've looked around a little bit and so far I was able to dig up an old IBM keyboard and using an IBM to ps2 adapter I was able to get it working. Unfortuanetly I still haven't been able to find a mouse to use. I found a couple of usb to ps2 adapters but I couldn't get anything to work with them. I'm still waiting on a couple friends to get back to me though.