Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help

Unread postby Spawn » June 20th, 2009, 8:58 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:56 PM Demented, on 6/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\trdhost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Hotspot Shield\bin\openvpn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [winIogon.exe] C:\DOCUME~1\Bryan\LOCALS~1\Temp\Temporary Directory 1 for Adobe CS4 Keygen.zip\Adobe Photoshop CS4 Keygen.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Task Drv] trdhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Task Drv] trdhost.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5076077000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5074629406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C991A25-6C03-4118-93A0-E9CB33E34BEA}: NameServer = 85.255.113.134,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{6331A031-3BF1-4E08-890F-33ECCC758051}: NameServer = 10.8.176.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBDB2374-70D2-4FA0-B56D-59F5487C57D7}: NameServer = 85.255.113.134,85.255.112.104
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.134,85.255.112.104
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.134,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.134,85.255.112.104
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 14610 bytes























7-Zip 4.65
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 6
AIM 7
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Battlefield 2(TM)
Battlezone
Brother MFL-Pro Suite MFC-290C
BZ2 ME
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Download Updater (AOL LLC)
EPSON Printer Software
FEAR
Foxit Reader
GameSpy Arcade
Grand Theft Auto
GTA Liberty City
GTA San Andreas
GTA Winter02
GTA2
Half-Life
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HEAT
High Definition Audio Driver Package - KB835221
High-Speed Internet Options
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Instant Wireless USB Adapter
Intel Application Accelerator
Intel(R) PRO Network Adapters and Drivers
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 13
LibUSB-Win32-0.1.10.1
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
MagicDisc 2.7.106
Memor32 Savegame Manager 1.3
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft DirectX SDK (June 2008)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft VC9 runtime libraries
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MoodLogic
Movielink eHome version 1.1
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Need for Speed™ Most Wanted
Nullsoft Install System
OpenMG Limited Patch 4.0-04-07-14-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.0.00
Orbit Downloader
Pando Media Booster
PaperPort Image Printer
Portable Media Center
QuickTime
Realtek High Definition Audio Driver
ScanSoft PaperPort 11
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Sierra Utilities
SILENT HILL 4
SlimBrowser (remove only)
Sonic Encoders
SonicStage 2.1.00
SonicStage Mastering Studio 1.3
SonicStage Mastering Studio Plugins 1.3
SonicStage MP3 Add-on program
Sony Certificate PCH
Sony Download Taxi 1.5.0.0
Sony TV Tuner Library 1.0
Sony Video Shared Library
Sothink SWF Catcher for Internet Explorer
SQL Server System CLR Types
Star Wars Republic Commando
System Requirements Lab
Total Video Converter 3.11 070908
Total Video Converter 3.21 090220
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility
TVUBroadcast 2.5.1.1
TVUPlayer 2.4.5.3
UNICCodec
Universal Extractor 1.6
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VAIO Edit Components
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Registration
VAIO SLIT Pattern Wallpaper
VAIO SLIT-C Screen Saver
VAIO Survey Standalone
VAIO System Information
VAIO Update 2
VC80CRTRedist - 8.0.50727.762
VLC media player 0.9.8a
WildGames
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Wireless-B USB Network Adapter Configuration Utility
WordPerfect Office 2002 OEM
Zune Desktop Theme
Spawn
Regular Member
 
Posts: 47
Joined: February 1st, 2009, 3:43 pm
Location: The United States of America
Advertisement
Register to Remove

Re: Help

Unread postby MWR 3 day Mod » June 24th, 2009, 12:05 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Help

Unread postby Axephilic » June 24th, 2009, 4:35 pm

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. :)
  2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

Download and Run ComboFix
Please visit this page to download and run Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Save it to your desktop.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will see the following message if Microsoft Windows Recovery Console is not installed.

    Image

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes to continue scanning for malware.

When finished, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

Please also post a new HijackThis log.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Help

Unread postby Spawn » June 25th, 2009, 12:39 am

lol that was weird...

I got a message about some rootkit activity and was told to write these files down.

C:\Windows\System32\Drivers\gaopdxrojkvqvw.sys
C:\Windows\System32\gaopdxcunrlfug.dll

Don't know what that means...

Any way it ran showed that, restarded, ran some more, restarted. ran some more, gave the file

ComboFix 09-06-23.01 - Patrik 06/25/2009 0:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.700 [GMT -4:00]
Running from: c:\documents and settings\Patrik\Desktop\Toolbars\Orbit Downloader\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bryan\Start Menu\Programs\videoplay
c:\documents and settings\Patrik\Start Menu\Programs\UNICCodec
c:\program files\UNICCodec
c:\recycler\S-1-5-21-3512029613-2423967743-4251448157-500
c:\recycler\S-1-5-21-448539723-1292428093-725345543-500
c:\recycler\S-1-5-21-557095708-3767741508-915953974-500
C:\resycled
c:\windows\system32\drivers\gaopdxrojkvqvw.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\gaopdxcunrlfug.dll
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
C:\Autorun.inf
c:\docume~1\Patrik\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Patrik\Start Menu\Programs\UNICCodec\Uninstall.lnk
c:\program files\UNICCodec\Uninstall.exe
c:\recycler\S-1-5-21-3512029613-2423967743-4251448157-500\desktop.ini
c:\recycler\S-1-5-21-3512029613-2423967743-4251448157-500\INFO2
c:\recycler\S-1-5-21-448539723-1292428093-725345543-500\desktop.ini
c:\recycler\S-1-5-21-448539723-1292428093-725345543-500\INFO2
c:\recycler\S-1-5-21-557095708-3767741508-915953974-500\desktop.ini
c:\recycler\S-1-5-21-557095708-3767741508-915953974-500\INFO2
c:\resycled\boot.com
c:\windows\jestertb.dll
c:\windows\setup.exe
c:\windows\system32\drivers\gaopdxrojkvqvw.sys
c:\windows\system32\gaopdxcunrlfug.dll
c:\windows\system32\gaopdxpltwunru.dll
c:\windows\system32\gaopdxqxtefotk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-21 00:55 . 2009-06-21 00:55 -------- d-----w- c:\program files\Trend Micro
2009-06-16 21:11 . 2009-06-16 21:11 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Application Data\AIM
2009-06-16 21:11 . 2009-06-16 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-06-16 01:47 . 2009-06-16 01:47 -------- d-----w- c:\documents and settings\Patrik\Application Data\DivX
2009-06-15 14:02 . 2009-06-15 14:02 -------- d-----r- c:\documents and settings\Patrik\Application Data\Brother
2009-06-14 21:09 . 2009-06-14 21:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-06-14 17:05 . 2009-05-01 21:03 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-14 17:05 . 2009-05-01 21:03 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-14 17:05 . 2009-05-01 21:03 129784 ------w- c:\windows\system32\pxafs.dll
2009-06-14 17:04 . 2009-06-14 17:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-14 17:04 . 2009-06-14 17:05 -------- d-----w- c:\program files\DivX
2009-06-10 14:47 . 2009-06-10 14:47 -------- d-----w- c:\documents and settings\Patrik\Application Data\WildTangent
2009-06-10 14:46 . 2009-06-10 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-06-10 14:42 . 2009-06-10 14:46 -------- d-----w- c:\program files\WildGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 04:29 . 2009-03-28 03:30 -------- d-----w- c:\documents and settings\Patrik\Application Data\Orbit
2009-06-25 03:57 . 2009-03-28 05:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-23 20:15 . 2008-12-21 21:12 -------- d-----w- c:\documents and settings\Patrik\Application Data\uTorrent
2009-06-21 19:11 . 2009-02-02 00:46 -------- d-----w- c:\program files\Battlezone II
2009-06-16 21:12 . 2008-12-18 22:04 -------- d-----w- c:\program files\AIM6
2009-06-15 16:20 . 2009-03-28 03:30 -------- d-----w- c:\program files\Orbitdownloader
2009-06-02 17:23 . 2009-05-02 00:54 -------- d-----w- c:\program files\Hotspot Shield
2009-05-20 19:54 . 2009-04-03 18:18 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-05-19 05:22 . 2008-12-18 02:14 55880 ----a-w- c:\documents and settings\Patrik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 05:03 . 2009-05-19 05:03 50 ----a-w- c:\windows\system32\bridf08b.dat
2009-05-19 05:03 . 2009-05-19 05:03 -------- d-----w- c:\program files\Brother
2009-05-19 05:03 . 2004-09-28 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 04:57 . 2009-05-19 04:57 -------- d-----w- c:\documents and settings\Patrik\Application Data\InstallShield
2009-05-19 04:56 . 2009-05-19 04:56 10134 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2009-05-19 04:56 . 2009-05-19 04:56 -------- d-----w- c:\program files\Nuance
2009-05-19 04:55 . 2009-05-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-05-19 04:55 . 2009-05-19 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-19 04:55 . 2009-05-19 04:54 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-19 04:54 . 2004-09-28 20:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-19 04:54 . 2009-05-19 04:54 -------- d-----w- c:\program files\ScanSoft
2009-05-19 04:54 . 2009-05-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-05-18 22:00 . 2009-04-02 00:53 -------- d-----w- c:\program files\TVUPlayer
2009-05-18 21:59 . 2009-05-18 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-05-11 20:44 . 2008-12-18 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-11 20:41 . 2009-01-09 22:46 -------- d-----w- c:\program files\iTunes
2009-05-11 20:41 . 2009-01-09 22:45 -------- d-----w- c:\program files\Common Files\Apple
2009-05-11 20:39 . 2004-09-28 23:12 -------- d-----w- c:\program files\Google
2009-05-08 21:13 . 2009-05-08 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-05-07 01:51 . 2009-05-07 01:51 -------- d-----w- c:\program files\Total Video Converter 3-21
2009-05-07 01:38 . 2009-05-07 01:38 -------- d-----w- c:\documents and settings\Patrik\Application Data\TVU networks
2009-05-07 01:37 . 2009-05-07 01:37 -------- d-----w- c:\program files\TVUBroadcast
2009-05-04 23:56 . 2009-05-04 23:56 -------- d-----w- c:\program files\BZ2ME
2009-05-04 20:32 . 2009-05-04 20:32 -------- d-----w- c:\program files\Foxit Software
2009-05-04 20:32 . 2009-05-04 20:32 -------- d-----w- c:\documents and settings\Patrik\Application Data\Foxit
2009-05-04 19:07 . 2009-05-20 02:29 2298680 ----a-w- c:\documents and settings\Patrik\Application Data\Mozilla\Firefox\Profiles\5wr5ssgs.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-02 00:54 . 2009-05-02 00:54 0 ----a-w- c:\windows\system32\cd.dat
2009-05-01 21:03 . 2004-09-28 23:09 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-01 21:03 . 2004-09-28 23:09 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-01 21:03 . 2004-09-28 20:02 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-25 03:22 . 2009-04-25 03:22 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2009-04-20 05:40 . 2009-05-08 21:13 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\vwpt.exe
2009-04-20 05:40 . 2009-05-08 21:13 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\unregister.bat
2009-04-20 05:40 . 2009-05-08 21:13 376568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\unagi3.exe
2009-04-20 05:39 . 2009-05-08 21:13 1484496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\toolbar.exe
2009-04-20 05:39 . 2009-05-08 21:13 383128 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\tbsetup.exe
2009-04-20 05:39 . 2009-05-08 21:13 11568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\tbinst.dll
2009-04-20 05:39 . 2009-05-08 21:13 36704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\postproc.exe
2009-04-20 05:39 . 2009-05-08 21:13 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\register.bat
2009-04-20 05:39 . 2009-05-08 21:13 172840 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\setup.exe
2009-04-20 05:37 . 2009-05-08 21:13 4478456 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ocpinst.exe
2009-04-20 05:37 . 2009-05-08 21:13 15144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ocpchk.dll
2009-04-20 05:37 . 2009-05-08 21:13 1225352 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\msvc9rt.exe
2009-04-20 05:37 . 2009-05-08 21:13 231728 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\migrator.exe
2009-04-20 05:37 . 2009-05-08 21:13 74536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\instSup.dll
2009-04-20 05:37 . 2009-05-08 21:13 10544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\imappver.dll
2009-04-20 05:36 . 2009-05-08 21:13 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\bsetutil.exe
2009-04-20 05:36 . 2009-05-08 21:13 1025328 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\gui.dll
2009-04-20 05:36 . 2009-05-08 21:13 120368 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\aoldlmgr.exe
2009-04-20 05:36 . 2009-05-08 21:13 69104 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\amos.exe
2009-04-20 05:36 . 2009-05-08 21:13 37888 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\amoinst.exe
2009-04-20 05:36 . 2009-05-08 21:13 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\Uninstaller.exe
2009-04-20 05:36 . 2009-05-08 21:13 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\alsetup.exe
2009-04-20 05:36 . 2009-05-08 21:13 83752 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ProgUpd.dll
2009-04-20 05:36 . 2009-05-08 21:13 95792 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AOLFirewallMgr.dll
2009-04-20 05:36 . 2009-05-08 21:13 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AOLSearch.dll
2009-04-20 05:35 . 2009-05-08 21:13 2401960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AIMinst.exe
2009-04-20 05:35 . 2009-05-08 21:13 548296 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AIMLang.exe
2009-04-19 04:51 . 2009-04-19 04:51 8854 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\UNINST_Uninstall_G_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 40960 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\gta_lc.exe1_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 40960 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\gta_lc.exe_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 2238 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\ARPPRODUCTICON.exe
2009-04-14 23:51 . 2009-04-14 23:51 8854 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\UNINST_Uninstall_G_125A40E7334C4E9DA86FF4A5DFAF8557.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\gtaw02.exe1_F501CF454CD2470781782D480D8968C9.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\gtaw02.exe_86CA2BBFCF064767AB995E1D110DA77F.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\ARPPRODUCTICON.exe
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-04-12 21:01 . 2009-01-15 21:09 520192 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-04-12 00:51 . 2009-04-11 13:55 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-01 20:24 . 2009-04-01 20:24 152576 ----a-w- c:\documents and settings\Patrik\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-28 03:59 . 2009-03-28 03:59 27136 ----a-w- c:\windows\~GLH0000.TMP
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-02 00:54 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-18 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 77887]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2004-07-28 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-28 2551808]

c:\documents and settings\Patrik\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-3-27 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-3-27 1719496]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-7-10 634880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Army Men RTS\\Army Men RTS.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\SIERRA\\Half-Life\\hlds.exe"=
"c:\\Program Files\\Battlezone II 11\\bzone.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARServer.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto\\WINO\\Grand Theft Auto.exe"=
"c:\\Program Files\\TVUBroadcast\\TVUBroadcast.exe"=
"c:\\Program Files\\AIM6\\aim.exe"=
"c:\\Program Files\\Battlezone II\\bzone.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58645:TCP"= 58645:TCP:Pando Media Booster
"58645:UDP"= 58645:UDP:Pando Media Booster
"17770:TCP"= 17770:TCP:ENABLE
"17770:UDP"= 17770:UDP:ENABLE
"17771:TCP"= 17771:TCP:ENABLE
"17771:UDP"= 17771:UDP:ENABLE
"17772:TCP"= 17772:TCP:ENABLE
"17772:UDP"= 17772:UDP:ENABLE
"17773:TCP"= 17773:TCP:ENABLE
"17773:UDP"= 17773:UDP:ENABLE
"17774:TCP"= 17774:TCP:ENABLE
"17774:UDP"= 17774:UDP:ENABLE
"17775:TCP"= 17775:TCP:ENABLE
"17775:UDP"= 17775:UDP:ENABLE

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/30/2009 10:51 AM Demented 64160]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [6/1/2009 2:13 PM Demented 331312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM Demented 921936]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 NICSer_WUSB11;NICSer_WUSB11;c:\program files\Linksys\Wireless-B USB Network Adapter\NICServ.exe [10/26/2008 9:10 PM Demented 458752]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [4/7/2009 8:26 PM Demented 33792]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [11/29/2008 8:25 PM Demented 264576]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/3/2002 1:57 AM Demented 13532]
S3 akbdclas;akbdclas;\??\c:\docume~1\Patrik\LOCALS~1\Temp\akbdclas.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\akbdclas.sys [?]
S3 apciidex;apciidex;\??\c:\docume~1\Patrik\LOCALS~1\Temp\apciidex.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\apciidex.sys [?]
S3 ediskdum;ediskdum;\??\c:\docume~1\Patrik\LOCALS~1\Temp\ediskdum.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\ediskdum.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [6/1/2009 2:58 PM Demented 34352]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [10/26/2008 10:23 PM Demented 83552]
S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;c:\windows\system32\drivers\LSPMUSB.sys [10/26/2008 9:10 PM Demented 666624]
S3 SaegisP;SaegisP;\??\c:\docume~1\Patrik\LOCALS~1\Temp\SaegisP.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\SaegisP.sys [?]
S3 tfdc;tfdc;\??\c:\docume~1\Patrik\LOCALS~1\Temp\tfdc.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\tfdc.sys [?]
S3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [10/26/2008 5:27 PM Demented 118877]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
S3 yfastfat;yfastfat;\??\c:\docume~1\Patrik\LOCALS~1\Temp\yfastfat.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\yfastfat.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SJYPKT
.
Contents of the 'Scheduled Tasks' folder

2009-06-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2009-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4005589452-2318379434-3939991973-1006.job
- c:\documents and settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-18 02:14]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4005589452-2318379434-3939991973-1007.job
- c:\documents and settings\Bryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-12 22:12]

2008-10-26 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]

2008-10-26 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]

2008-10-26 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-winIogon.exe - c:\docume~1\Bryan\LOCALS~1\Temp\Temporary Directory 1 for Adobe CS4 Keygen.zip\Adobe Photoshop CS4 Keygen.exe
HKLM-Run-Task Drv - trdhost.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {6331A031-3BF1-4E08-890F-33ECCC758051} = 10.13.144.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 00:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
winIogon.exe = c:\docume~1\Bryan\LOCALS~1\Temp\Temporary Directory 1 for Adobe CS4 Keygen.zip\Adobe Photoshop CS4 Keygen.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Hotspot Shield\bin\openvpntray.exe
c:\program files\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Completion time: 2009-06-25 0:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 04:33

Pre-Run: 25,353,351,168 bytes free
Post-Run: 26,759,946,240 bytes free

342 --- E O F --- 2009-01-14 04:15































Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:57 AM Demented, on 6/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5076077000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5074629406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6331A031-3BF1-4E08-890F-33ECCC758051}: NameServer = 10.13.144.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 13456 bytes
Spawn
Regular Member
 
Posts: 47
Joined: February 1st, 2009, 3:43 pm
Location: The United States of America

Re: Help

Unread postby Spawn » June 25th, 2009, 12:40 am

lol that was weird...

I got a message about some rootkit activity and was told to write these files down.

C:\Windows\System32\Drivers\gaopdxrojkvqvw.sys
C:\Windows\System32\gaopdxcunrlfug.dll

Don't know what that means...

Any way it ran showed that, restarded, ran some more, restarted. ran some more, gave the file

ComboFix 09-06-23.01 - Patrik 06/25/2009 0:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.700 [GMT -4:00]
Running from: c:\documents and settings\Patrik\Desktop\Toolbars\Orbit Downloader\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bryan\Start Menu\Programs\videoplay
c:\documents and settings\Patrik\Start Menu\Programs\UNICCodec
c:\program files\UNICCodec
c:\recycler\S-1-5-21-3512029613-2423967743-4251448157-500
c:\recycler\S-1-5-21-448539723-1292428093-725345543-500
c:\recycler\S-1-5-21-557095708-3767741508-915953974-500
C:\resycled
c:\windows\system32\drivers\gaopdxrojkvqvw.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\gaopdxcunrlfug.dll
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
C:\Autorun.inf
c:\docume~1\Patrik\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Patrik\Start Menu\Programs\UNICCodec\Uninstall.lnk
c:\program files\UNICCodec\Uninstall.exe
c:\recycler\S-1-5-21-3512029613-2423967743-4251448157-500\desktop.ini
c:\recycler\S-1-5-21-3512029613-2423967743-4251448157-500\INFO2
c:\recycler\S-1-5-21-448539723-1292428093-725345543-500\desktop.ini
c:\recycler\S-1-5-21-448539723-1292428093-725345543-500\INFO2
c:\recycler\S-1-5-21-557095708-3767741508-915953974-500\desktop.ini
c:\recycler\S-1-5-21-557095708-3767741508-915953974-500\INFO2
c:\resycled\boot.com
c:\windows\jestertb.dll
c:\windows\setup.exe
c:\windows\system32\drivers\gaopdxrojkvqvw.sys
c:\windows\system32\gaopdxcunrlfug.dll
c:\windows\system32\gaopdxpltwunru.dll
c:\windows\system32\gaopdxqxtefotk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-21 00:55 . 2009-06-21 00:55 -------- d-----w- c:\program files\Trend Micro
2009-06-16 21:11 . 2009-06-16 21:11 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Application Data\AIM
2009-06-16 21:11 . 2009-06-16 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-06-16 01:47 . 2009-06-16 01:47 -------- d-----w- c:\documents and settings\Patrik\Application Data\DivX
2009-06-15 14:02 . 2009-06-15 14:02 -------- d-----r- c:\documents and settings\Patrik\Application Data\Brother
2009-06-14 21:09 . 2009-06-14 21:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-06-14 17:05 . 2009-05-01 21:03 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-14 17:05 . 2009-05-01 21:03 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-14 17:05 . 2009-05-01 21:03 129784 ------w- c:\windows\system32\pxafs.dll
2009-06-14 17:04 . 2009-06-14 17:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-14 17:04 . 2009-06-14 17:05 -------- d-----w- c:\program files\DivX
2009-06-10 14:47 . 2009-06-10 14:47 -------- d-----w- c:\documents and settings\Patrik\Application Data\WildTangent
2009-06-10 14:46 . 2009-06-10 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-06-10 14:42 . 2009-06-10 14:46 -------- d-----w- c:\program files\WildGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 04:29 . 2009-03-28 03:30 -------- d-----w- c:\documents and settings\Patrik\Application Data\Orbit
2009-06-25 03:57 . 2009-03-28 05:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-23 20:15 . 2008-12-21 21:12 -------- d-----w- c:\documents and settings\Patrik\Application Data\uTorrent
2009-06-21 19:11 . 2009-02-02 00:46 -------- d-----w- c:\program files\Battlezone II
2009-06-16 21:12 . 2008-12-18 22:04 -------- d-----w- c:\program files\AIM6
2009-06-15 16:20 . 2009-03-28 03:30 -------- d-----w- c:\program files\Orbitdownloader
2009-06-02 17:23 . 2009-05-02 00:54 -------- d-----w- c:\program files\Hotspot Shield
2009-05-20 19:54 . 2009-04-03 18:18 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-05-19 05:22 . 2008-12-18 02:14 55880 ----a-w- c:\documents and settings\Patrik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 05:03 . 2009-05-19 05:03 50 ----a-w- c:\windows\system32\bridf08b.dat
2009-05-19 05:03 . 2009-05-19 05:03 -------- d-----w- c:\program files\Brother
2009-05-19 05:03 . 2004-09-28 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 04:57 . 2009-05-19 04:57 -------- d-----w- c:\documents and settings\Patrik\Application Data\InstallShield
2009-05-19 04:56 . 2009-05-19 04:56 10134 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2009-05-19 04:56 . 2009-05-19 04:56 -------- d-----w- c:\program files\Nuance
2009-05-19 04:55 . 2009-05-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-05-19 04:55 . 2009-05-19 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-19 04:55 . 2009-05-19 04:54 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-19 04:54 . 2004-09-28 20:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-19 04:54 . 2009-05-19 04:54 -------- d-----w- c:\program files\ScanSoft
2009-05-19 04:54 . 2009-05-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-05-18 22:00 . 2009-04-02 00:53 -------- d-----w- c:\program files\TVUPlayer
2009-05-18 21:59 . 2009-05-18 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-05-11 20:44 . 2008-12-18 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-11 20:41 . 2009-01-09 22:46 -------- d-----w- c:\program files\iTunes
2009-05-11 20:41 . 2009-01-09 22:45 -------- d-----w- c:\program files\Common Files\Apple
2009-05-11 20:39 . 2004-09-28 23:12 -------- d-----w- c:\program files\Google
2009-05-08 21:13 . 2009-05-08 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-05-07 01:51 . 2009-05-07 01:51 -------- d-----w- c:\program files\Total Video Converter 3-21
2009-05-07 01:38 . 2009-05-07 01:38 -------- d-----w- c:\documents and settings\Patrik\Application Data\TVU networks
2009-05-07 01:37 . 2009-05-07 01:37 -------- d-----w- c:\program files\TVUBroadcast
2009-05-04 23:56 . 2009-05-04 23:56 -------- d-----w- c:\program files\BZ2ME
2009-05-04 20:32 . 2009-05-04 20:32 -------- d-----w- c:\program files\Foxit Software
2009-05-04 20:32 . 2009-05-04 20:32 -------- d-----w- c:\documents and settings\Patrik\Application Data\Foxit
2009-05-04 19:07 . 2009-05-20 02:29 2298680 ----a-w- c:\documents and settings\Patrik\Application Data\Mozilla\Firefox\Profiles\5wr5ssgs.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-02 00:54 . 2009-05-02 00:54 0 ----a-w- c:\windows\system32\cd.dat
2009-05-01 21:03 . 2004-09-28 23:09 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-01 21:03 . 2004-09-28 23:09 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-01 21:03 . 2004-09-28 20:02 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-25 03:22 . 2009-04-25 03:22 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2009-04-20 05:40 . 2009-05-08 21:13 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\vwpt.exe
2009-04-20 05:40 . 2009-05-08 21:13 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\unregister.bat
2009-04-20 05:40 . 2009-05-08 21:13 376568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\unagi3.exe
2009-04-20 05:39 . 2009-05-08 21:13 1484496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\toolbar.exe
2009-04-20 05:39 . 2009-05-08 21:13 383128 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\tbsetup.exe
2009-04-20 05:39 . 2009-05-08 21:13 11568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\tbinst.dll
2009-04-20 05:39 . 2009-05-08 21:13 36704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\postproc.exe
2009-04-20 05:39 . 2009-05-08 21:13 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\register.bat
2009-04-20 05:39 . 2009-05-08 21:13 172840 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\setup.exe
2009-04-20 05:37 . 2009-05-08 21:13 4478456 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ocpinst.exe
2009-04-20 05:37 . 2009-05-08 21:13 15144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ocpchk.dll
2009-04-20 05:37 . 2009-05-08 21:13 1225352 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\msvc9rt.exe
2009-04-20 05:37 . 2009-05-08 21:13 231728 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\migrator.exe
2009-04-20 05:37 . 2009-05-08 21:13 74536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\instSup.dll
2009-04-20 05:37 . 2009-05-08 21:13 10544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\imappver.dll
2009-04-20 05:36 . 2009-05-08 21:13 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\bsetutil.exe
2009-04-20 05:36 . 2009-05-08 21:13 1025328 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\gui.dll
2009-04-20 05:36 . 2009-05-08 21:13 120368 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\aoldlmgr.exe
2009-04-20 05:36 . 2009-05-08 21:13 69104 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\amos.exe
2009-04-20 05:36 . 2009-05-08 21:13 37888 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\amoinst.exe
2009-04-20 05:36 . 2009-05-08 21:13 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\Uninstaller.exe
2009-04-20 05:36 . 2009-05-08 21:13 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\alsetup.exe
2009-04-20 05:36 . 2009-05-08 21:13 83752 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ProgUpd.dll
2009-04-20 05:36 . 2009-05-08 21:13 95792 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AOLFirewallMgr.dll
2009-04-20 05:36 . 2009-05-08 21:13 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AOLSearch.dll
2009-04-20 05:35 . 2009-05-08 21:13 2401960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AIMinst.exe
2009-04-20 05:35 . 2009-05-08 21:13 548296 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AIMLang.exe
2009-04-19 04:51 . 2009-04-19 04:51 8854 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\UNINST_Uninstall_G_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 40960 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\gta_lc.exe1_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 40960 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\gta_lc.exe_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 2238 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\ARPPRODUCTICON.exe
2009-04-14 23:51 . 2009-04-14 23:51 8854 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\UNINST_Uninstall_G_125A40E7334C4E9DA86FF4A5DFAF8557.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\gtaw02.exe1_F501CF454CD2470781782D480D8968C9.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\gtaw02.exe_86CA2BBFCF064767AB995E1D110DA77F.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\ARPPRODUCTICON.exe
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-04-12 21:01 . 2009-01-15 21:09 520192 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-04-12 00:51 . 2009-04-11 13:55 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-01 20:24 . 2009-04-01 20:24 152576 ----a-w- c:\documents and settings\Patrik\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-28 03:59 . 2009-03-28 03:59 27136 ----a-w- c:\windows\~GLH0000.TMP
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-02 00:54 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-18 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 77887]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2004-07-28 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-28 2551808]

c:\documents and settings\Patrik\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-3-27 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-3-27 1719496]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-7-10 634880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Army Men RTS\\Army Men RTS.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\SIERRA\\Half-Life\\hlds.exe"=
"c:\\Program Files\\Battlezone II 11\\bzone.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARServer.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto\\WINO\\Grand Theft Auto.exe"=
"c:\\Program Files\\TVUBroadcast\\TVUBroadcast.exe"=
"c:\\Program Files\\AIM6\\aim.exe"=
"c:\\Program Files\\Battlezone II\\bzone.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58645:TCP"= 58645:TCP:Pando Media Booster
"58645:UDP"= 58645:UDP:Pando Media Booster
"17770:TCP"= 17770:TCP:ENABLE
"17770:UDP"= 17770:UDP:ENABLE
"17771:TCP"= 17771:TCP:ENABLE
"17771:UDP"= 17771:UDP:ENABLE
"17772:TCP"= 17772:TCP:ENABLE
"17772:UDP"= 17772:UDP:ENABLE
"17773:TCP"= 17773:TCP:ENABLE
"17773:UDP"= 17773:UDP:ENABLE
"17774:TCP"= 17774:TCP:ENABLE
"17774:UDP"= 17774:UDP:ENABLE
"17775:TCP"= 17775:TCP:ENABLE
"17775:UDP"= 17775:UDP:ENABLE

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/30/2009 10:51 AM Demented 64160]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [6/1/2009 2:13 PM Demented 331312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM Demented 921936]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 NICSer_WUSB11;NICSer_WUSB11;c:\program files\Linksys\Wireless-B USB Network Adapter\NICServ.exe [10/26/2008 9:10 PM Demented 458752]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [4/7/2009 8:26 PM Demented 33792]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [11/29/2008 8:25 PM Demented 264576]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/3/2002 1:57 AM Demented 13532]
S3 akbdclas;akbdclas;\??\c:\docume~1\Patrik\LOCALS~1\Temp\akbdclas.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\akbdclas.sys [?]
S3 apciidex;apciidex;\??\c:\docume~1\Patrik\LOCALS~1\Temp\apciidex.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\apciidex.sys [?]
S3 ediskdum;ediskdum;\??\c:\docume~1\Patrik\LOCALS~1\Temp\ediskdum.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\ediskdum.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [6/1/2009 2:58 PM Demented 34352]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [10/26/2008 10:23 PM Demented 83552]
S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;c:\windows\system32\drivers\LSPMUSB.sys [10/26/2008 9:10 PM Demented 666624]
S3 SaegisP;SaegisP;\??\c:\docume~1\Patrik\LOCALS~1\Temp\SaegisP.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\SaegisP.sys [?]
S3 tfdc;tfdc;\??\c:\docume~1\Patrik\LOCALS~1\Temp\tfdc.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\tfdc.sys [?]
S3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [10/26/2008 5:27 PM Demented 118877]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
S3 yfastfat;yfastfat;\??\c:\docume~1\Patrik\LOCALS~1\Temp\yfastfat.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\yfastfat.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SJYPKT
.
Contents of the 'Scheduled Tasks' folder

2009-06-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2009-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4005589452-2318379434-3939991973-1006.job
- c:\documents and settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-18 02:14]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4005589452-2318379434-3939991973-1007.job
- c:\documents and settings\Bryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-12 22:12]

2008-10-26 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]

2008-10-26 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]

2008-10-26 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-winIogon.exe - c:\docume~1\Bryan\LOCALS~1\Temp\Temporary Directory 1 for Adobe CS4 Keygen.zip\Adobe Photoshop CS4 Keygen.exe
HKLM-Run-Task Drv - trdhost.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {6331A031-3BF1-4E08-890F-33ECCC758051} = 10.13.144.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 00:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
winIogon.exe = c:\docume~1\Bryan\LOCALS~1\Temp\Temporary Directory 1 for Adobe CS4 Keygen.zip\Adobe Photoshop CS4 Keygen.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Hotspot Shield\bin\openvpntray.exe
c:\program files\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Completion time: 2009-06-25 0:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 04:33

Pre-Run: 25,353,351,168 bytes free
Post-Run: 26,759,946,240 bytes free

342 --- E O F --- 2009-01-14 04:15































Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:57 AM Demented, on 6/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5076077000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5074629406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6331A031-3BF1-4E08-890F-33ECCC758051}: NameServer = 10.13.144.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 13456 bytes
Spawn
Regular Member
 
Posts: 47
Joined: February 1st, 2009, 3:43 pm
Location: The United States of America

Re: Help

Unread postby Axephilic » June 25th, 2009, 1:02 am

Hi there,

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
c:\docume~1\Bryan\LOCALS~1\Temp\Temporary Directory 1 for Adobe CS4 Keygen.zip\Adobe Photoshop CS4 Keygen.exe
Folder::
c:\documents and settings\Patrik\Application Data\uTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"winIogon.exe"=-
DirLook::
c:\docume~1\Bryan\LOCALS~1\Temp


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Upload a file to VirusTotal

Please visit Virustotal
  • Click the Browse.. button
  • Navigate to the file c:\documents and settings\Patrik\Local Settings\Temp\yfastfat.sys
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

Run GMER
Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.
  6. Double click on gmer.exe to run it.
  7. Select the Rootkit tab.
  8. On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  9. Select all drives that are connected to your system to be scanned.
  10. Click on the Scan button.
  11. When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  12. Open Notepad or a similar text editor.
  13. Paste the clipboard contents into the text editor.
  14. Save the Gmer scan log and post it in your next reply.
  15. Close Gmer.
  16. Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  17. In Command Prompt, type in net stop gmer. Press Enter.
  18. Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.

In your next reply, please include:
  1. CF log
  2. VirusTotal results
  3. GMER log
  4. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Help

Unread postby Spawn » June 25th, 2009, 11:58 am

ComboFix 09-06-23.01 - Patrik 06/25/2009 9:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.625 [GMT -4:00]
Running from: c:\documents and settings\Patrik\Desktop\Toolbars\Orbit Downloader\ComboFix.exe
Command switches used :: c:\documents and settings\Patrik\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

FILE ::
"c:\docume~1\Bryan\LOCALS~1\Temp\Temporary Directory 1 for Adobe CS4 Keygen.zip\Adobe Photoshop CS4 Keygen.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Patrik\Application Data\uTorrent
c:\documents and settings\Patrik\Application Data\uTorrent\[NDS]Grand_Theft_Auto_Chinatown_Wars[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Patrik\Application Data\uTorrent\0431 - Metroid Prime Hunters (E) ds.torrent
c:\documents and settings\Patrik\Application Data\uTorrent\12 Barbie Movies - dvdrip xvid.torrent
c:\documents and settings\Patrik\Application Data\uTorrent\Barbie fairytopia mermaidia-david244us.avi.torrent
c:\documents and settings\Patrik\Application Data\uTorrent\Barbie.And.The.Diamond.Castle.2008.DVDRiP.XViD.torrent
c:\documents and settings\Patrik\Application Data\uTorrent\Battlezone II.zip.torrent
c:\documents and settings\Patrik\Application Data\uTorrent\Dark.Reign.2.game.patches.key.dl instructions.and.maps.zip.torrent
c:\documents and settings\Patrik\Application Data\uTorrent\dht.dat
c:\documents and settings\Patrik\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Patrik\Application Data\uTorrent\Fate 2 - Undiscovered Realms.torrent
c:\documents and settings\Patrik\Application Data\uTorrent\One Piece 200 Hentai Pics.rar.torrent
c:\documents and settings\Patrik\Application Data\uTorrent\resume.dat
c:\documents and settings\Patrik\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Patrik\Application Data\uTorrent\rss.dat
c:\documents and settings\Patrik\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Patrik\Application Data\uTorrent\settings.dat
c:\documents and settings\Patrik\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Patrik\Application Data\uTorrent\Spore-RELOADED + crackfix + keygen.torrent
c:\documents and settings\Patrik\Application Data\uTorrent\Star.Trek.Deluxe.Quality.DVDRip.2009.torrent
c:\documents and settings\Patrik\Application Data\uTorrent\utorrent.lng

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 04:32 . 2009-06-25 04:32 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-21 00:55 . 2009-06-21 00:55 -------- d-----w- c:\program files\Trend Micro
2009-06-16 21:11 . 2009-06-16 21:11 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Application Data\AIM
2009-06-16 21:11 . 2009-06-16 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-06-16 01:47 . 2009-06-16 01:47 -------- d-----w- c:\documents and settings\Patrik\Application Data\DivX
2009-06-15 14:02 . 2009-06-15 14:02 -------- d-----r- c:\documents and settings\Patrik\Application Data\Brother
2009-06-14 21:09 . 2009-06-14 21:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-06-14 17:05 . 2009-05-01 21:03 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-14 17:05 . 2009-05-01 21:03 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-14 17:05 . 2009-05-01 21:03 129784 ------w- c:\windows\system32\pxafs.dll
2009-06-14 17:04 . 2009-06-14 17:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-14 17:04 . 2009-06-14 17:05 -------- d-----w- c:\program files\DivX
2009-06-10 14:47 . 2009-06-10 14:47 -------- d-----w- c:\documents and settings\Patrik\Application Data\WildTangent
2009-06-10 14:46 . 2009-06-10 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-06-10 14:42 . 2009-06-10 14:46 -------- d-----w- c:\program files\WildGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 13:32 . 2009-03-28 03:30 -------- d-----w- c:\documents and settings\Patrik\Application Data\Orbit
2009-06-25 04:35 . 2009-03-28 03:30 -------- d-----w- c:\program files\Orbitdownloader
2009-06-25 03:57 . 2009-03-28 05:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-21 19:11 . 2009-02-02 00:46 -------- d-----w- c:\program files\Battlezone II
2009-06-16 21:12 . 2008-12-18 22:04 -------- d-----w- c:\program files\AIM6
2009-06-02 17:23 . 2009-05-02 00:54 -------- d-----w- c:\program files\Hotspot Shield
2009-05-20 19:54 . 2009-04-03 18:18 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-05-19 05:22 . 2008-12-18 02:14 55880 ----a-w- c:\documents and settings\Patrik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 05:03 . 2009-05-19 05:03 50 ----a-w- c:\windows\system32\bridf08b.dat
2009-05-19 05:03 . 2009-05-19 05:03 -------- d-----w- c:\program files\Brother
2009-05-19 05:03 . 2004-09-28 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 04:57 . 2009-05-19 04:57 -------- d-----w- c:\documents and settings\Patrik\Application Data\InstallShield
2009-05-19 04:56 . 2009-05-19 04:56 10134 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2009-05-19 04:56 . 2009-05-19 04:56 -------- d-----w- c:\program files\Nuance
2009-05-19 04:55 . 2009-05-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-05-19 04:55 . 2009-05-19 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-19 04:55 . 2009-05-19 04:54 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-19 04:54 . 2004-09-28 20:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-19 04:54 . 2009-05-19 04:54 -------- d-----w- c:\program files\ScanSoft
2009-05-19 04:54 . 2009-05-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-05-18 22:00 . 2009-04-02 00:53 -------- d-----w- c:\program files\TVUPlayer
2009-05-18 21:59 . 2009-05-18 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-05-11 20:44 . 2008-12-18 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-11 20:41 . 2009-01-09 22:46 -------- d-----w- c:\program files\iTunes
2009-05-11 20:41 . 2009-01-09 22:45 -------- d-----w- c:\program files\Common Files\Apple
2009-05-11 20:39 . 2004-09-28 23:12 -------- d-----w- c:\program files\Google
2009-05-08 21:13 . 2009-05-08 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-05-07 01:51 . 2009-05-07 01:51 -------- d-----w- c:\program files\Total Video Converter 3-21
2009-05-07 01:38 . 2009-05-07 01:38 -------- d-----w- c:\documents and settings\Patrik\Application Data\TVU networks
2009-05-07 01:37 . 2009-05-07 01:37 -------- d-----w- c:\program files\TVUBroadcast
2009-05-04 23:56 . 2009-05-04 23:56 -------- d-----w- c:\program files\BZ2ME
2009-05-04 20:32 . 2009-05-04 20:32 -------- d-----w- c:\program files\Foxit Software
2009-05-04 20:32 . 2009-05-04 20:32 -------- d-----w- c:\documents and settings\Patrik\Application Data\Foxit
2009-05-04 19:07 . 2009-05-20 02:29 2298680 ----a-w- c:\documents and settings\Patrik\Application Data\Mozilla\Firefox\Profiles\5wr5ssgs.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-02 00:54 . 2009-05-02 00:54 0 ----a-w- c:\windows\system32\cd.dat
2009-05-01 21:03 . 2004-09-28 23:09 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-01 21:03 . 2004-09-28 23:09 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-01 21:03 . 2004-09-28 20:02 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-25 03:22 . 2009-04-25 03:22 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2009-04-20 05:40 . 2009-05-08 21:13 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\vwpt.exe
2009-04-20 05:40 . 2009-05-08 21:13 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\unregister.bat
2009-04-20 05:40 . 2009-05-08 21:13 376568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\unagi3.exe
2009-04-20 05:39 . 2009-05-08 21:13 1484496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\toolbar.exe
2009-04-20 05:39 . 2009-05-08 21:13 383128 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\tbsetup.exe
2009-04-20 05:39 . 2009-05-08 21:13 11568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\tbinst.dll
2009-04-20 05:39 . 2009-05-08 21:13 36704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\postproc.exe
2009-04-20 05:39 . 2009-05-08 21:13 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\register.bat
2009-04-20 05:39 . 2009-05-08 21:13 172840 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\setup.exe
2009-04-20 05:37 . 2009-05-08 21:13 4478456 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ocpinst.exe
2009-04-20 05:37 . 2009-05-08 21:13 15144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ocpchk.dll
2009-04-20 05:37 . 2009-05-08 21:13 1225352 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\msvc9rt.exe
2009-04-20 05:37 . 2009-05-08 21:13 231728 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\migrator.exe
2009-04-20 05:37 . 2009-05-08 21:13 74536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\instSup.dll
2009-04-20 05:37 . 2009-05-08 21:13 10544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\imappver.dll
2009-04-20 05:36 . 2009-05-08 21:13 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\bsetutil.exe
2009-04-20 05:36 . 2009-05-08 21:13 1025328 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\gui.dll
2009-04-20 05:36 . 2009-05-08 21:13 120368 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\aoldlmgr.exe
2009-04-20 05:36 . 2009-05-08 21:13 69104 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\amos.exe
2009-04-20 05:36 . 2009-05-08 21:13 37888 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\amoinst.exe
2009-04-20 05:36 . 2009-05-08 21:13 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\Uninstaller.exe
2009-04-20 05:36 . 2009-05-08 21:13 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\alsetup.exe
2009-04-20 05:36 . 2009-05-08 21:13 83752 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ProgUpd.dll
2009-04-20 05:36 . 2009-05-08 21:13 95792 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AOLFirewallMgr.dll
2009-04-20 05:36 . 2009-05-08 21:13 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AOLSearch.dll
2009-04-20 05:35 . 2009-05-08 21:13 2401960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AIMinst.exe
2009-04-20 05:35 . 2009-05-08 21:13 548296 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AIMLang.exe
2009-04-19 04:51 . 2009-04-19 04:51 8854 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\UNINST_Uninstall_G_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 40960 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\gta_lc.exe1_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 40960 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\gta_lc.exe_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 2238 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\ARPPRODUCTICON.exe
2009-04-14 23:51 . 2009-04-14 23:51 8854 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\UNINST_Uninstall_G_125A40E7334C4E9DA86FF4A5DFAF8557.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\gtaw02.exe1_F501CF454CD2470781782D480D8968C9.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\gtaw02.exe_86CA2BBFCF064767AB995E1D110DA77F.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\ARPPRODUCTICON.exe
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-04-12 21:01 . 2009-01-15 21:09 520192 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-04-12 00:51 . 2009-04-11 13:55 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-01 20:24 . 2009-04-01 20:24 152576 ----a-w- c:\documents and settings\Patrik\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-28 03:59 . 2009-03-28 03:59 27136 ----a-w- c:\windows\~GLH0000.TMP
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\docume~1\Bryan\LOCALS~1\Temp ----



((((((((((((((((((((((((((((( SnapShot@2009-06-25_04.28.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 13:30 . 2009-06-25 13:30 16384 c:\windows\Temp\Perflib_Perfdata_408.dat
+ 2009-06-25 04:32 . 2008-10-16 19:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-25 04:32 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-25 04:32 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-25 04:32 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-25 04:32 . 2008-10-16 01:00 666112 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-25 04:32 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-25 04:32 . 2008-04-14 00:12 108544 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-25 04:32 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-25 04:32 . 2008-04-14 00:11 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-25 04:32 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-25 04:32 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-02 00:54 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-18 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 77887]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2004-07-28 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-28 2551808]

c:\documents and settings\Patrik\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-3-27 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-3-27 1719496]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-7-10 634880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Army Men RTS\\Army Men RTS.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\SIERRA\\Half-Life\\hlds.exe"=
"c:\\Program Files\\Battlezone II 11\\bzone.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARServer.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto\\WINO\\Grand Theft Auto.exe"=
"c:\\Program Files\\TVUBroadcast\\TVUBroadcast.exe"=
"c:\\Program Files\\AIM6\\aim.exe"=
"c:\\Program Files\\Battlezone II\\bzone.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58645:TCP"= 58645:TCP:Pando Media Booster
"58645:UDP"= 58645:UDP:Pando Media Booster
"17770:TCP"= 17770:TCP:ENABLE
"17770:UDP"= 17770:UDP:ENABLE
"17771:TCP"= 17771:TCP:ENABLE
"17771:UDP"= 17771:UDP:ENABLE
"17772:TCP"= 17772:TCP:ENABLE
"17772:UDP"= 17772:UDP:ENABLE
"17773:TCP"= 17773:TCP:ENABLE
"17773:UDP"= 17773:UDP:ENABLE
"17774:TCP"= 17774:TCP:ENABLE
"17774:UDP"= 17774:UDP:ENABLE
"17775:TCP"= 17775:TCP:ENABLE
"17775:UDP"= 17775:UDP:ENABLE

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/30/2009 10:51 AM Demented 64160]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [6/1/2009 2:13 PM Demented 331312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM Demented 921936]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 NICSer_WUSB11;NICSer_WUSB11;c:\program files\Linksys\Wireless-B USB Network Adapter\NICServ.exe [10/26/2008 9:10 PM Demented 458752]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [4/7/2009 8:26 PM Demented 33792]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [11/29/2008 8:25 PM Demented 264576]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/3/2002 1:57 AM Demented 13532]
S3 akbdclas;akbdclas;\??\c:\docume~1\Patrik\LOCALS~1\Temp\akbdclas.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\akbdclas.sys [?]
S3 apciidex;apciidex;\??\c:\docume~1\Patrik\LOCALS~1\Temp\apciidex.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\apciidex.sys [?]
S3 ediskdum;ediskdum;\??\c:\docume~1\Patrik\LOCALS~1\Temp\ediskdum.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\ediskdum.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [6/1/2009 2:58 PM Demented 34352]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [10/26/2008 10:23 PM Demented 83552]
S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;c:\windows\system32\drivers\LSPMUSB.sys [10/26/2008 9:10 PM Demented 666624]
S3 SaegisP;SaegisP;\??\c:\docume~1\Patrik\LOCALS~1\Temp\SaegisP.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\SaegisP.sys [?]
S3 tfdc;tfdc;\??\c:\docume~1\Patrik\LOCALS~1\Temp\tfdc.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\tfdc.sys [?]
S3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [10/26/2008 5:27 PM Demented 118877]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
S3 yfastfat;yfastfat;\??\c:\docume~1\Patrik\LOCALS~1\Temp\yfastfat.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\yfastfat.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SJYPKT
.
Contents of the 'Scheduled Tasks' folder

2009-06-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2009-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4005589452-2318379434-3939991973-1006.job
- c:\documents and settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-18 02:14]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4005589452-2318379434-3939991973-1007.job
- c:\documents and settings\Bryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-12 22:12]

2008-10-26 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]

2008-10-26 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]

2008-10-26 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {6331A031-3BF1-4E08-890F-33ECCC758051} = 10.13.144.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 09:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-25 9:58
ComboFix-quarantined-files.txt 2009-06-25 13:58
ComboFix2.txt 2009-06-25 04:33

Pre-Run: 26,957,746,176 bytes free
Post-Run: 26,939,850,752 bytes free

331 --- E O F --- 2009-01-14 04:15



















for the VirusTotal scan. it couldn't find the file....





















GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-25 11:55:01
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF78DF87E]
SSDT F7EAC1E4 ZwCreateThread
SSDT F7EAC1D0 ZwOpenProcess
SSDT F7EAC1D5 ZwOpenThread
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF78DFC10]
SSDT F7EAC1DF ZwTerminateProcess
SSDT F7EAC1DA ZwWriteVirtualMemory

Code \??\C:\DOCUME~1\Patrik\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Patrik\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 417404

---- EOF - GMER 1.0.15 ----























Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:22 AM Demented, on 6/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5076077000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5074629406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6331A031-3BF1-4E08-890F-33ECCC758051}: NameServer = 10.13.144.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 13477 bytes
Spawn
Regular Member
 
Posts: 47
Joined: February 1st, 2009, 3:43 pm
Location: The United States of America

Re: Help

Unread postby Axephilic » June 25th, 2009, 1:01 pm

Hi there,

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
Driver::
yfastfat


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

In your next reply, please include:
  1. CF log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Help

Unread postby Spawn » June 25th, 2009, 8:26 pm

ComboFix 09-06-23.01 - Patrik 06/25/2009 20:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.577 [GMT -4:00]
Running from: c:\documents and settings\Patrik\Desktop\Toolbars\Orbit Downloader\ComboFix.exe
Command switches used :: c:\documents and settings\Patrik\Desktop\Toolbars\Orbit Downloader\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YFASTFAT
-------\Service_yfastfat


((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-25 04:32 . 2009-06-25 04:32 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-21 00:55 . 2009-06-21 00:55 -------- d-----w- c:\program files\Trend Micro
2009-06-16 21:11 . 2009-06-16 21:11 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Application Data\AIM
2009-06-16 21:11 . 2009-06-16 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-06-16 01:47 . 2009-06-16 01:47 -------- d-----w- c:\documents and settings\Patrik\Application Data\DivX
2009-06-15 14:02 . 2009-06-15 14:02 -------- d-----r- c:\documents and settings\Patrik\Application Data\Brother
2009-06-14 21:09 . 2009-06-14 21:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-06-14 17:05 . 2009-05-01 21:03 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-14 17:05 . 2009-05-01 21:03 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-14 17:05 . 2009-05-01 21:03 129784 ------w- c:\windows\system32\pxafs.dll
2009-06-14 17:04 . 2009-06-14 17:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-14 17:04 . 2009-06-14 17:05 -------- d-----w- c:\program files\DivX
2009-06-10 14:47 . 2009-06-10 14:47 -------- d-----w- c:\documents and settings\Patrik\Application Data\WildTangent
2009-06-10 14:46 . 2009-06-10 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-06-10 14:42 . 2009-06-10 14:46 -------- d-----w- c:\program files\WildGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 00:14 . 2009-03-28 03:30 -------- d-----w- c:\documents and settings\Patrik\Application Data\Orbit
2009-06-25 13:59 . 2009-03-28 03:30 -------- d-----w- c:\program files\Orbitdownloader
2009-06-25 03:57 . 2009-03-28 05:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-21 19:11 . 2009-02-02 00:46 -------- d-----w- c:\program files\Battlezone II
2009-06-16 21:12 . 2008-12-18 22:04 -------- d-----w- c:\program files\AIM6
2009-06-02 17:23 . 2009-05-02 00:54 -------- d-----w- c:\program files\Hotspot Shield
2009-05-20 19:54 . 2009-04-03 18:18 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-05-19 05:22 . 2008-12-18 02:14 55880 ----a-w- c:\documents and settings\Patrik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 05:03 . 2009-05-19 05:03 50 ----a-w- c:\windows\system32\bridf08b.dat
2009-05-19 05:03 . 2009-05-19 05:03 -------- d-----w- c:\program files\Brother
2009-05-19 05:03 . 2004-09-28 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 04:57 . 2009-05-19 04:57 -------- d-----w- c:\documents and settings\Patrik\Application Data\InstallShield
2009-05-19 04:56 . 2009-05-19 04:56 10134 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2009-05-19 04:56 . 2009-05-19 04:56 -------- d-----w- c:\program files\Nuance
2009-05-19 04:55 . 2009-05-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-05-19 04:55 . 2009-05-19 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-19 04:55 . 2009-05-19 04:54 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-19 04:54 . 2004-09-28 20:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-19 04:54 . 2009-05-19 04:54 -------- d-----w- c:\program files\ScanSoft
2009-05-19 04:54 . 2009-05-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-05-18 22:00 . 2009-04-02 00:53 -------- d-----w- c:\program files\TVUPlayer
2009-05-18 21:59 . 2009-05-18 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-05-11 20:44 . 2008-12-18 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-11 20:41 . 2009-01-09 22:46 -------- d-----w- c:\program files\iTunes
2009-05-11 20:41 . 2009-01-09 22:45 -------- d-----w- c:\program files\Common Files\Apple
2009-05-11 20:39 . 2004-09-28 23:12 -------- d-----w- c:\program files\Google
2009-05-08 21:13 . 2009-05-08 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-05-07 01:51 . 2009-05-07 01:51 -------- d-----w- c:\program files\Total Video Converter 3-21
2009-05-07 01:38 . 2009-05-07 01:38 -------- d-----w- c:\documents and settings\Patrik\Application Data\TVU networks
2009-05-07 01:37 . 2009-05-07 01:37 -------- d-----w- c:\program files\TVUBroadcast
2009-05-04 23:56 . 2009-05-04 23:56 -------- d-----w- c:\program files\BZ2ME
2009-05-04 20:32 . 2009-05-04 20:32 -------- d-----w- c:\program files\Foxit Software
2009-05-04 20:32 . 2009-05-04 20:32 -------- d-----w- c:\documents and settings\Patrik\Application Data\Foxit
2009-05-04 19:07 . 2009-05-20 02:29 2298680 ----a-w- c:\documents and settings\Patrik\Application Data\Mozilla\Firefox\Profiles\5wr5ssgs.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-02 00:54 . 2009-05-02 00:54 0 ----a-w- c:\windows\system32\cd.dat
2009-05-01 21:03 . 2004-09-28 23:09 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-01 21:03 . 2004-09-28 23:09 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-01 21:03 . 2004-09-28 20:02 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-25 03:22 . 2009-04-25 03:22 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2009-04-20 05:40 . 2009-05-08 21:13 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\vwpt.exe
2009-04-20 05:40 . 2009-05-08 21:13 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\unregister.bat
2009-04-20 05:40 . 2009-05-08 21:13 376568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\unagi3.exe
2009-04-20 05:39 . 2009-05-08 21:13 1484496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\toolbar.exe
2009-04-20 05:39 . 2009-05-08 21:13 383128 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\tbsetup.exe
2009-04-20 05:39 . 2009-05-08 21:13 11568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\tbinst.dll
2009-04-20 05:39 . 2009-05-08 21:13 36704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\postproc.exe
2009-04-20 05:39 . 2009-05-08 21:13 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\register.bat
2009-04-20 05:39 . 2009-05-08 21:13 172840 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\setup.exe
2009-04-20 05:37 . 2009-05-08 21:13 4478456 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ocpinst.exe
2009-04-20 05:37 . 2009-05-08 21:13 15144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ocpchk.dll
2009-04-20 05:37 . 2009-05-08 21:13 1225352 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\msvc9rt.exe
2009-04-20 05:37 . 2009-05-08 21:13 231728 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\migrator.exe
2009-04-20 05:37 . 2009-05-08 21:13 74536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\instSup.dll
2009-04-20 05:37 . 2009-05-08 21:13 10544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\imappver.dll
2009-04-20 05:36 . 2009-05-08 21:13 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\bsetutil.exe
2009-04-20 05:36 . 2009-05-08 21:13 1025328 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\gui.dll
2009-04-20 05:36 . 2009-05-08 21:13 120368 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\aoldlmgr.exe
2009-04-20 05:36 . 2009-05-08 21:13 69104 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\amos.exe
2009-04-20 05:36 . 2009-05-08 21:13 37888 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\amoinst.exe
2009-04-20 05:36 . 2009-05-08 21:13 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\Uninstaller.exe
2009-04-20 05:36 . 2009-05-08 21:13 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\alsetup.exe
2009-04-20 05:36 . 2009-05-08 21:13 83752 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ProgUpd.dll
2009-04-20 05:36 . 2009-05-08 21:13 95792 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AOLFirewallMgr.dll
2009-04-20 05:36 . 2009-05-08 21:13 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AOLSearch.dll
2009-04-20 05:35 . 2009-05-08 21:13 2401960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AIMinst.exe
2009-04-20 05:35 . 2009-05-08 21:13 548296 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AIMLang.exe
2009-04-19 04:51 . 2009-04-19 04:51 8854 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\UNINST_Uninstall_G_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 40960 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\gta_lc.exe1_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 40960 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\gta_lc.exe_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 2238 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\ARPPRODUCTICON.exe
2009-04-14 23:51 . 2009-04-14 23:51 8854 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\UNINST_Uninstall_G_125A40E7334C4E9DA86FF4A5DFAF8557.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\gtaw02.exe1_F501CF454CD2470781782D480D8968C9.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\gtaw02.exe_86CA2BBFCF064767AB995E1D110DA77F.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\ARPPRODUCTICON.exe
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-04-12 21:01 . 2009-01-15 21:09 520192 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-04-12 00:51 . 2009-04-11 13:55 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-01 20:24 . 2009-04-01 20:24 152576 ----a-w- c:\documents and settings\Patrik\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-28 03:59 . 2009-03-28 03:59 27136 ----a-w- c:\windows\~GLH0000.TMP
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-25_04.28.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 00:12 . 2009-06-26 00:12 16384 c:\windows\Temp\Perflib_Perfdata_3bc.dat
+ 2009-06-25 04:32 . 2008-10-16 19:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-25 04:32 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-25 04:32 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-25 04:32 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-25 04:32 . 2008-10-16 01:00 666112 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-25 04:32 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-25 04:32 . 2008-04-14 00:12 108544 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-25 04:32 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-25 04:32 . 2008-04-14 00:11 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-25 04:32 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-25 04:32 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-02 00:54 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-18 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 77887]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2004-07-28 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-28 2551808]

c:\documents and settings\Patrik\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-3-27 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-3-27 1719496]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-7-10 634880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Army Men RTS\\Army Men RTS.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\SIERRA\\Half-Life\\hlds.exe"=
"c:\\Program Files\\Battlezone II 11\\bzone.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARServer.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto\\WINO\\Grand Theft Auto.exe"=
"c:\\Program Files\\TVUBroadcast\\TVUBroadcast.exe"=
"c:\\Program Files\\AIM6\\aim.exe"=
"c:\\Program Files\\Battlezone II\\bzone.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58645:TCP"= 58645:TCP:Pando Media Booster
"58645:UDP"= 58645:UDP:Pando Media Booster
"17770:TCP"= 17770:TCP:ENABLE
"17770:UDP"= 17770:UDP:ENABLE
"17771:TCP"= 17771:TCP:ENABLE
"17771:UDP"= 17771:UDP:ENABLE
"17772:TCP"= 17772:TCP:ENABLE
"17772:UDP"= 17772:UDP:ENABLE
"17773:TCP"= 17773:TCP:ENABLE
"17773:UDP"= 17773:UDP:ENABLE
"17774:TCP"= 17774:TCP:ENABLE
"17774:UDP"= 17774:UDP:ENABLE
"17775:TCP"= 17775:TCP:ENABLE
"17775:UDP"= 17775:UDP:ENABLE

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/30/2009 10:51 AM Demented 64160]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [6/1/2009 2:13 PM Demented 331312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM Demented 921936]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 NICSer_WUSB11;NICSer_WUSB11;c:\program files\Linksys\Wireless-B USB Network Adapter\NICServ.exe [10/26/2008 9:10 PM Demented 458752]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [4/7/2009 8:26 PM Demented 33792]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [11/29/2008 8:25 PM Demented 264576]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/3/2002 1:57 AM Demented 13532]
S3 akbdclas;akbdclas;\??\c:\docume~1\Patrik\LOCALS~1\Temp\akbdclas.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\akbdclas.sys [?]
S3 apciidex;apciidex;\??\c:\docume~1\Patrik\LOCALS~1\Temp\apciidex.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\apciidex.sys [?]
S3 ediskdum;ediskdum;\??\c:\docume~1\Patrik\LOCALS~1\Temp\ediskdum.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\ediskdum.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [6/1/2009 2:58 PM Demented 34352]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [10/26/2008 10:23 PM Demented 83552]
S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;c:\windows\system32\drivers\LSPMUSB.sys [10/26/2008 9:10 PM Demented 666624]
S3 SaegisP;SaegisP;\??\c:\docume~1\Patrik\LOCALS~1\Temp\SaegisP.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\SaegisP.sys [?]
S3 tfdc;tfdc;\??\c:\docume~1\Patrik\LOCALS~1\Temp\tfdc.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\tfdc.sys [?]
S3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [10/26/2008 5:27 PM Demented 118877]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SJYPKT
.
Contents of the 'Scheduled Tasks' folder

2009-06-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2009-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4005589452-2318379434-3939991973-1006.job
- c:\documents and settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-18 02:14]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4005589452-2318379434-3939991973-1007.job
- c:\documents and settings\Bryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-12 22:12]

2008-10-26 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]

2008-10-26 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]

2008-10-26 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {6331A031-3BF1-4E08-890F-33ECCC758051} = 10.20.160.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 20:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Completion time: 2009-06-26 20:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 00:18
ComboFix2.txt 2009-06-25 13:58
ComboFix3.txt 2009-06-25 04:33

Pre-Run: 25,435,504,640 bytes free
Post-Run: 25,423,183,872 bytes free

336 --- E O F --- 2009-01-14 04:15





















Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:57 PM Demented, on 6/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5076077000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5074629406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6331A031-3BF1-4E08-890F-33ECCC758051}: NameServer = 10.20.160.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 13056 bytes
Spawn
Regular Member
 
Posts: 47
Joined: February 1st, 2009, 3:43 pm
Location: The United States of America

Re: Help

Unread postby Axephilic » June 25th, 2009, 11:09 pm

Hello,

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next reply, please include:
  1. Kaspersky report
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Help

Unread postby Spawn » June 26th, 2009, 3:40 pm

well I scanned... It took a few hours then got stuck at 67% froze and gave me no report....
Spawn
Regular Member
 
Posts: 47
Joined: February 1st, 2009, 3:43 pm
Location: The United States of America

Re: Help

Unread postby Axephilic » June 26th, 2009, 4:35 pm

Hmm, not sure why it did that. Let's try a different scanner.

Eset Online Scanner

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply along with a new HJT log.
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Help

Unread postby Spawn » June 27th, 2009, 4:12 pm

This scanner was much better.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=f3c24d5ce8fcbc49834c0d6b66e0e758
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-06-27 05:06:31
# local_time=2009-06-27 01:06:31 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1793 37 100 100 554594375000
# scanned=119693
# found=17
# cleaned=0
# scan_time=3674
C:\Documents and Settings\Bryan\My Documents\Downloads\Keygen.WinRAR.3.80c3098.exe a variant of Win32/Kryptik.ES trojan 00000000000000000000000000000000
C:\Documents and Settings\Bryan\My Documents\Downloads\1128RWR\Rarlab.WinRAR.v3.80\Rarlab.WinRAR.v3.80\wrar380.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000
C:\Documents and Settings\Bryan\My Documents\LimeWire\Incomplete\Preview-T-3545427-we will rock you nickleback.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\Bryan\My Documents\LimeWire\Incomplete\T-3545427-we will rock you nickleback.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\autorun.inf.vir Win32/AutoRun.Agent.BE worm 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\resycled\boot.com.vir a variant of Win32/Kryptik.ES trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxcunrlfug.dll.vir a variant of Win32/Kryptik.EQ trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxpltwunru.dll.vir a variant of Win32/Kryptik.EQ trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxqxtefotk.dll.vir a variant of Win32/Kryptik.EQ trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gaopdxrojkvqvw.sys.vir a variant of Win32/Olmarik.FQ trojan 00000000000000000000000000000000
C:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP0\A0000001.sys a variant of Win32/Olmarik.FQ trojan 00000000000000000000000000000000
C:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP0\A0000002.dll a variant of Win32/Kryptik.EQ trojan 00000000000000000000000000000000
C:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP0\A0000009.exe Win32/Rbot trojan 00000000000000000000000000000000
C:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP0\A0000021.inf Win32/AutoRun.Agent.BE worm 00000000000000000000000000000000
C:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP0\A0000026.com a variant of Win32/Kryptik.ES trojan 00000000000000000000000000000000
C:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP0\A0000031.dll a variant of Win32/Kryptik.EQ trojan 00000000000000000000000000000000
C:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP0\A0000032.dll a variant of Win32/Kryptik.EQ trojan 00000000000000000000000000000000



























Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:07 PM Demented, on 6/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TVUPlayer\TVUPlayer.exe
C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Game_Maker6\Game_Maker.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5076077000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5074629406
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6331A031-3BF1-4E08-890F-33ECCC758051}: NameServer = 10.13.224.1
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 14385 bytes
Spawn
Regular Member
 
Posts: 47
Joined: February 1st, 2009, 3:43 pm
Location: The United States of America

Re: Help

Unread postby Axephilic » June 27th, 2009, 5:04 pm

Hi there,

How is the system running now?

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\Documents and Settings\Bryan\My Documents\Downloads\Keygen.WinRAR.3.80c3098.exe
C:\Documents and Settings\Bryan\My Documents\LimeWire\Incomplete\Preview-T-3545427-we will rock you nickleback.mp3
C:\Documents and Settings\Bryan\My Documents\LimeWire\Incomplete\T-3545427-we will rock you nickleback.mp3
Folder::
C:\Documents and Settings\Bryan\My Documents\Downloads\1128RWR


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Help

Unread postby Spawn » June 29th, 2009, 1:19 pm

I noticed that you were scanning some of my brothers files. He only used that account for a few days but I don't know what he did with it. Any way I was gonna delete that account any way.

As for how my computer is. It is running better and faster and doesn't seem to have any of the problems it had before you started so it's good.

But there is something I would like to report. Avira Antivir as been acting up lately. Its been marking this file as a virus.

C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe

Avira wont ignor it. I even tried to delete it. Deleting it through Avira doesn't work and I don't have the permissions to manually delete it. I don't know what to do as Avira never stops with the warnings...


ComboFix 09-06-23.01 - Patrik 06/29/2009 12:45.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.604 [GMT -4:00]
Running from: c:\documents and settings\Patrik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Patrik\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Bryan\My Documents\Downloads\Keygen.WinRAR.3.80c3098.exe"
"c:\documents and settings\Bryan\My Documents\LimeWire\Incomplete\Preview-T-3545427-we will rock you nickleback.mp3"
"c:\documents and settings\Bryan\My Documents\LimeWire\Incomplete\T-3545427-we will rock you nickleback.mp3"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bryan\My Documents\Downloads\1128RWR
c:\documents and settings\Bryan\My Documents\Downloads\1128RWR\Rarlab.WinRAR.v3.80\desktop.ini
c:\documents and settings\Bryan\My Documents\Downloads\1128RWR\Rarlab.WinRAR.v3.80\Netmasterz.gif
c:\documents and settings\Bryan\My Documents\Downloads\1128RWR\Rarlab.WinRAR.v3.80\Rarlab.WinRAR.v3.80\Read Me First !!!.txt
c:\documents and settings\Bryan\My Documents\Downloads\1128RWR\Rarlab.WinRAR.v3.80\Rarlab.WinRAR.v3.80\visit us www.netmasterz.net.url
c:\documents and settings\Bryan\My Documents\Downloads\1128RWR\Rarlab.WinRAR.v3.80\Rarlab.WinRAR.v3.80\wrar380.exe
c:\documents and settings\Bryan\My Documents\Downloads\1128RWR\Rarlab.WinRAR.v3.80\Read Me First !!!.txt
c:\documents and settings\Bryan\My Documents\Downloads\1128RWR\Rarlab.WinRAR.v3.80\Thumbs.db
c:\documents and settings\Bryan\My Documents\Downloads\1128RWR\Rarlab.WinRAR.v3.80\visit us www.netmasterz.net.url
c:\documents and settings\Bryan\My Documents\Downloads\1128RWR\Read Me First !!!.txt
c:\documents and settings\Bryan\My Documents\Downloads\1128RWR\visit us www.netmasterz.net.url
c:\documents and settings\Bryan\My Documents\Downloads\Keygen.WinRAR.3.80c3098.exe
c:\documents and settings\Bryan\My Documents\LimeWire\Incomplete\Preview-T-3545427-we will rock you nickleback.mp3
c:\documents and settings\Bryan\My Documents\LimeWire\Incomplete\T-3545427-we will rock you nickleback.mp3

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-27 15:49 . 2009-06-27 15:49 -------- d-sh--w- c:\documents and settings\Patrik\IETldCache
2009-06-27 15:49 . 2009-06-27 15:49 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-27 15:33 . 2009-06-27 15:35 -------- dc-h--w- c:\windows\ie8
2009-06-26 13:53 . 2009-06-26 13:53 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-26 13:53 . 2009-06-26 13:53 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-26 13:53 . 2009-06-26 13:53 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-26 13:53 . 2009-06-26 13:53 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-26 13:53 . 2009-06-26 13:53 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-26 13:53 . 2009-06-26 13:53 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-26 13:53 . 2009-06-26 13:53 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-26 13:53 . 2009-06-26 13:53 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-26 13:53 . 2009-06-26 13:53 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-26 13:53 . 2009-06-26 13:53 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-26 13:53 . 2009-06-26 13:53 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-26 13:53 . 2009-06-26 13:53 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-26 13:52 . 2009-06-26 13:52 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-26 13:52 . 2009-06-26 13:52 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-26 13:52 . 2009-06-26 13:52 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-26 13:52 . 2009-06-26 13:52 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-26 13:52 . 2009-06-26 13:52 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-26 13:52 . 2009-06-26 13:52 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-26 13:52 . 2009-06-26 13:52 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-25 04:32 . 2009-06-25 04:32 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-21 00:55 . 2009-06-21 00:55 -------- d-----w- c:\program files\Trend Micro
2009-06-16 21:11 . 2009-06-16 21:11 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Application Data\AIM
2009-06-16 21:11 . 2009-06-16 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-06-16 01:47 . 2009-06-16 01:47 -------- d-----w- c:\documents and settings\Patrik\Application Data\DivX
2009-06-15 14:02 . 2009-06-15 14:02 -------- d-----r- c:\documents and settings\Patrik\Application Data\Brother
2009-06-14 21:09 . 2009-06-14 21:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-06-14 17:05 . 2009-05-01 21:03 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-14 17:05 . 2009-05-01 21:03 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-14 17:05 . 2009-05-01 21:03 129784 ------w- c:\windows\system32\pxafs.dll
2009-06-14 17:04 . 2009-06-14 17:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-14 17:04 . 2009-06-14 17:05 -------- d-----w- c:\program files\DivX
2009-06-10 14:47 . 2009-06-10 14:47 -------- d-----w- c:\documents and settings\Patrik\Application Data\WildTangent
2009-06-10 14:46 . 2009-06-10 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-06-10 14:42 . 2009-06-10 14:46 -------- d-----w- c:\program files\WildGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 15:48 . 2009-03-28 03:30 -------- d-----w- c:\documents and settings\Patrik\Application Data\Orbit
2009-06-27 20:11 . 2009-03-28 03:30 -------- d-----w- c:\program files\Orbitdownloader
2009-06-27 15:32 . 2004-09-28 23:12 -------- d-----w- c:\program files\Google
2009-06-27 01:42 . 2009-01-15 17:41 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-25 03:57 . 2009-03-28 05:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-21 19:11 . 2009-02-02 00:46 -------- d-----w- c:\program files\Battlezone II
2009-06-16 21:12 . 2008-12-18 22:04 -------- d-----w- c:\program files\AIM6
2009-06-02 17:23 . 2009-05-02 00:54 -------- d-----w- c:\program files\Hotspot Shield
2009-05-20 19:54 . 2009-04-03 18:18 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-05-19 05:22 . 2008-12-18 02:14 55880 ----a-w- c:\documents and settings\Patrik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 05:03 . 2009-05-19 05:03 50 ----a-w- c:\windows\system32\bridf08b.dat
2009-05-19 05:03 . 2009-05-19 05:03 -------- d-----w- c:\program files\Brother
2009-05-19 05:03 . 2004-09-28 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 04:57 . 2009-05-19 04:57 -------- d-----w- c:\documents and settings\Patrik\Application Data\InstallShield
2009-05-19 04:56 . 2009-05-19 04:56 10134 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2009-05-19 04:56 . 2009-05-19 04:56 -------- d-----w- c:\program files\Nuance
2009-05-19 04:55 . 2009-05-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-05-19 04:55 . 2009-05-19 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-19 04:55 . 2009-05-19 04:54 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-19 04:54 . 2004-09-28 20:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-19 04:54 . 2009-05-19 04:54 -------- d-----w- c:\program files\ScanSoft
2009-05-19 04:54 . 2009-05-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-05-18 22:00 . 2009-04-02 00:53 -------- d-----w- c:\program files\TVUPlayer
2009-05-18 21:59 . 2009-05-18 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-05-11 20:44 . 2008-12-18 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-11 20:41 . 2009-01-09 22:46 -------- d-----w- c:\program files\iTunes
2009-05-11 20:41 . 2009-01-09 22:45 -------- d-----w- c:\program files\Common Files\Apple
2009-05-08 21:13 . 2009-05-08 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-05-07 01:51 . 2009-05-07 01:51 -------- d-----w- c:\program files\Total Video Converter 3-21
2009-05-07 01:38 . 2009-05-07 01:38 -------- d-----w- c:\documents and settings\Patrik\Application Data\TVU networks
2009-05-07 01:37 . 2009-05-07 01:37 -------- d-----w- c:\program files\TVUBroadcast
2009-05-04 23:56 . 2009-05-04 23:56 -------- d-----w- c:\program files\BZ2ME
2009-05-04 20:32 . 2009-05-04 20:32 -------- d-----w- c:\program files\Foxit Software
2009-05-04 20:32 . 2009-05-04 20:32 -------- d-----w- c:\documents and settings\Patrik\Application Data\Foxit
2009-05-04 19:07 . 2009-05-20 02:29 2298680 ----a-w- c:\documents and settings\Patrik\Application Data\Mozilla\Firefox\Profiles\5wr5ssgs.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-02 00:54 . 2009-05-02 00:54 0 ----a-w- c:\windows\system32\cd.dat
2009-05-01 21:03 . 2004-09-28 23:09 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-01 21:03 . 2004-09-28 23:09 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-01 21:03 . 2004-09-28 20:02 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-25 03:22 . 2009-04-25 03:22 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2009-04-20 05:40 . 2009-05-08 21:13 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\vwpt.exe
2009-04-20 05:40 . 2009-05-08 21:13 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\unregister.bat
2009-04-20 05:40 . 2009-05-08 21:13 376568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\unagi3.exe
2009-04-20 05:39 . 2009-05-08 21:13 1484496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\toolbar.exe
2009-04-20 05:39 . 2009-05-08 21:13 383128 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\tbsetup.exe
2009-04-20 05:39 . 2009-05-08 21:13 11568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\tbinst.dll
2009-04-20 05:39 . 2009-05-08 21:13 36704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\postproc.exe
2009-04-20 05:39 . 2009-05-08 21:13 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\register.bat
2009-04-20 05:39 . 2009-05-08 21:13 172840 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\setup.exe
2009-04-20 05:37 . 2009-05-08 21:13 4478456 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ocpinst.exe
2009-04-20 05:37 . 2009-05-08 21:13 15144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ocpchk.dll
2009-04-20 05:37 . 2009-05-08 21:13 1225352 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\msvc9rt.exe
2009-04-20 05:37 . 2009-05-08 21:13 231728 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\migrator.exe
2009-04-20 05:37 . 2009-05-08 21:13 74536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\instSup.dll
2009-04-20 05:37 . 2009-05-08 21:13 10544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\imappver.dll
2009-04-20 05:36 . 2009-05-08 21:13 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\bsetutil.exe
2009-04-20 05:36 . 2009-05-08 21:13 1025328 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\gui.dll
2009-04-20 05:36 . 2009-05-08 21:13 120368 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\aoldlmgr.exe
2009-04-20 05:36 . 2009-05-08 21:13 69104 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\amos.exe
2009-04-20 05:36 . 2009-05-08 21:13 37888 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\amoinst.exe
2009-04-20 05:36 . 2009-05-08 21:13 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\Uninstaller.exe
2009-04-20 05:36 . 2009-05-08 21:13 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\alsetup.exe
2009-04-20 05:36 . 2009-05-08 21:13 83752 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\ProgUpd.dll
2009-04-20 05:36 . 2009-05-08 21:13 95792 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AOLFirewallMgr.dll
2009-04-20 05:36 . 2009-05-08 21:13 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AOLSearch.dll
2009-04-20 05:35 . 2009-05-08 21:13 2401960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AIMinst.exe
2009-04-20 05:35 . 2009-05-08 21:13 548296 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4418\AIMLang.exe
2009-04-19 04:51 . 2009-04-19 04:51 8854 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\UNINST_Uninstall_G_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 40960 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\gta_lc.exe1_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 40960 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\gta_lc.exe_0B2D20D278D9485AB4CF7025AB96F8CF.exe
2009-04-19 04:51 . 2009-04-19 04:51 2238 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{0B2D20D2-78D9-485A-B4CF-7025AB96F8CF}\ARPPRODUCTICON.exe
2009-04-14 23:51 . 2009-04-14 23:51 8854 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\UNINST_Uninstall_G_125A40E7334C4E9DA86FF4A5DFAF8557.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\gtaw02.exe1_F501CF454CD2470781782D480D8968C9.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\gtaw02.exe_86CA2BBFCF064767AB995E1D110DA77F.exe
2009-04-14 23:51 . 2009-04-14 23:51 25214 ----a-r- c:\documents and settings\Patrik\Application Data\Microsoft\Installer\{C417C098-BAFB-4231-85F7-A7E10638EBBA}\ARPPRODUCTICON.exe
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-04-14 01:41 . 2009-04-14 01:41 207872 ----a-w- c:\documents and settings\Patrik\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-04-12 21:01 . 2009-01-15 21:09 520192 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-04-12 00:51 . 2009-04-11 13:55 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-01 20:24 . 2009-04-01 20:24 152576 ----a-w- c:\documents and settings\Patrik\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-25_04.28.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-29 15:46 . 2009-06-29 15:46 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat
+ 2008-10-27 02:57 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
- 2008-10-27 02:57 . 2008-06-12 16:27 26144 c:\windows\system32\spupdsvc.exe
+ 2008-12-11 21:20 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
- 2008-12-11 21:20 . 2008-06-12 16:27 16928 c:\windows\system32\spmsg.dll
+ 2004-09-28 19:54 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2008-06-12 16:27 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
- 2008-06-12 16:27 . 2008-06-12 16:27 23552 c:\windows\system32\normaliz.dll
- 2008-06-12 16:27 . 2008-06-12 16:27 24576 c:\windows\system32\nlsdl.dll
+ 2008-06-12 16:27 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
+ 2004-09-28 19:54 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-09-28 19:54 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-09-28 19:54 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-09-28 19:54 . 2009-03-08 08:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-09-28 19:54 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-09-28 19:54 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2004-09-28 19:54 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2008-08-22 08:06 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-09-28 19:54 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2004-09-28 19:54 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
- 2008-06-12 16:27 . 2008-06-12 16:27 26112 c:\windows\system32\idndl.dll
+ 2008-06-12 16:27 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-03-08 08:34 . 2009-03-08 08:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2004-09-28 20:04 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-25 04:32 . 2008-10-16 19:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-25 04:32 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-25 04:32 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-25 04:32 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-03-08 08:32 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-09-28 19:54 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2004-09-28 19:54 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2009-06-27 15:33 . 2008-04-14 00:12 37888 c:\windows\ie8\url.dll
+ 2009-06-27 15:34 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-06-27 15:33 . 2008-04-14 00:12 39424 c:\windows\ie8\pngfilt.dll
+ 2009-06-27 15:33 . 2008-04-14 00:12 96256 c:\windows\ie8\occache.dll
+ 2009-06-27 15:33 . 2008-04-13 16:26 56832 c:\windows\ie8\mshtmler.dll
+ 2009-06-27 15:33 . 2008-04-14 00:12 29184 c:\windows\ie8\mshta.exe
+ 2009-06-27 15:33 . 2008-04-14 00:11 22016 c:\windows\ie8\licmgr10.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 15872 c:\windows\ie8\jsproxy.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 96256 c:\windows\ie8\inseng.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 35840 c:\windows\ie8\imgutil.dll
+ 2009-06-27 15:33 . 2008-04-14 00:12 93184 c:\windows\ie8\iexplore.exe
+ 2009-06-27 15:33 . 2008-04-14 00:11 62976 c:\windows\ie8\iesetup.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 48640 c:\windows\ie8\iernonce.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 81920 c:\windows\ie8\ieencode.dll
+ 2009-06-27 15:33 . 2008-04-14 00:12 34304 c:\windows\ie8\ie4uinit.exe
+ 2009-06-27 15:33 . 2008-04-14 00:11 38912 c:\windows\ie8\hmmapi.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 99840 c:\windows\ie8\advpack.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 61440 c:\windows\ie8\admparse.dll
- 2008-10-28 00:36 . 2006-07-14 15:51 121856 c:\windows\system32\xmllite.dll
+ 2008-10-28 00:36 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
+ 2004-09-28 19:54 . 2009-03-08 08:34 914944 c:\windows\system32\wininet.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-09-28 19:54 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2004-09-28 19:54 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2004-09-28 19:54 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2004-09-28 19:54 . 2009-03-08 08:34 109568 c:\windows\system32\occache.dll
+ 2004-09-28 19:54 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2004-09-28 19:54 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
+ 2004-09-28 19:54 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll
- 2008-08-05 22:55 . 2008-08-05 22:55 265720 c:\windows\system32\msdbg2.dll
+ 2008-08-05 22:55 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-09-28 19:54 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2004-09-28 19:54 . 2009-03-08 08:31 183808 c:\windows\system32\iepeers.dll
+ 2004-09-28 19:54 . 2009-03-08 18:09 391536 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-09-28 19:54 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2004-09-28 19:54 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-09-28 19:54 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-09-28 19:54 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-09-28 19:54 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-09-28 19:54 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-08-20 05:30 . 2009-03-08 08:34 914944 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 109568 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2004-09-28 19:54 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-09-28 20:04 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 183808 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 18:09 . 2009-03-08 18:09 391536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-09-28 19:54 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-25 04:32 . 2008-10-16 01:00 666112 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-25 04:32 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-25 04:32 . 2008-04-14 00:12 108544 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-25 04:32 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-25 04:32 . 2008-04-14 00:11 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-25 04:32 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-09-28 19:54 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2009-06-27 15:33 . 2008-10-16 01:00 666112 c:\windows\ie8\wininet.dll
+ 2009-06-27 15:33 . 2008-04-14 00:12 276480 c:\windows\ie8\webcheck.dll
+ 2009-06-27 15:33 . 2008-04-14 00:12 851968 c:\windows\ie8\vgx.dll
+ 2009-06-27 15:33 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-06-27 15:33 . 2008-10-16 01:00 619520 c:\windows\ie8\urlmon.dll
+ 2009-06-27 15:34 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-06-27 15:34 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-06-27 15:33 . 2008-04-14 00:12 532480 c:\windows\ie8\mstime.dll
+ 2009-06-27 15:33 . 2008-04-14 00:12 146432 c:\windows\ie8\msrating.dll
+ 2009-06-27 15:33 . 2004-08-10 12:00 146432 c:\windows\ie8\msls31.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 449024 c:\windows\ie8\mshtmled.dll
+ 2009-06-27 15:33 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 251904 c:\windows\ie8\iepeers.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 323584 c:\windows\ie8\iedkcs32.dll
+ 2009-06-27 15:33 . 2004-08-10 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 216576 c:\windows\ie8\ieaksie.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 143360 c:\windows\ie8\ieakeng.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 205312 c:\windows\ie8\dxtrans.dll
+ 2009-06-27 15:33 . 2008-04-14 00:11 357888 c:\windows\ie8\dxtmsft.dll
+ 2004-09-28 19:54 . 2009-03-08 08:34 1206784 c:\windows\system32\urlmon.dll
+ 2004-09-28 19:54 . 2009-03-08 08:41 5937152 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 1985024 c:\windows\system32\iertutil.dll
+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-08-20 05:30 . 2009-03-08 08:34 1206784 c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-20 05:30 . 2009-03-08 08:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-25 04:32 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-25 04:32 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-25 04:32 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-25 04:32 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-01-07 22:20 . 2009-01-07 22:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2009-06-27 15:33 . 2008-12-12 17:01 3067904 c:\windows\ie8\mshtml.dll
+ 2009-03-08 08:39 . 2009-03-08 08:39 11063808 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-02 00:54 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-18 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 77887]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2004-07-28 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-28 2551808]

c:\documents and settings\Patrik\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-3-27 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-3-27 1719496]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-7-10 634880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Army Men RTS\\Army Men RTS.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\SIERRA\\Half-Life\\hlds.exe"=
"c:\\Program Files\\Battlezone II 11\\bzone.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARServer.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto\\WINO\\Grand Theft Auto.exe"=
"c:\\Program Files\\TVUBroadcast\\TVUBroadcast.exe"=
"c:\\Program Files\\AIM6\\aim.exe"=
"c:\\Program Files\\Battlezone II\\bzone.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58645:TCP"= 58645:TCP:Pando Media Booster
"58645:UDP"= 58645:UDP:Pando Media Booster
"17770:TCP"= 17770:TCP:ENABLE
"17770:UDP"= 17770:UDP:ENABLE
"17771:TCP"= 17771:TCP:ENABLE
"17771:UDP"= 17771:UDP:ENABLE
"17772:TCP"= 17772:TCP:ENABLE
"17772:UDP"= 17772:UDP:ENABLE
"17773:TCP"= 17773:TCP:ENABLE
"17773:UDP"= 17773:UDP:ENABLE
"17774:TCP"= 17774:TCP:ENABLE
"17774:UDP"= 17774:UDP:ENABLE
"17775:TCP"= 17775:TCP:ENABLE
"17775:UDP"= 17775:UDP:ENABLE

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/30/2009 10:51 AM Demented 64160]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [6/1/2009 2:13 PM Demented 331312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM Demented 921936]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 NICSer_WUSB11;NICSer_WUSB11;c:\program files\Linksys\Wireless-B USB Network Adapter\NICServ.exe [10/26/2008 9:10 PM Demented 458752]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [4/7/2009 8:26 PM Demented 33792]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [11/29/2008 8:25 PM Demented 264576]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/3/2002 1:57 AM Demented 13532]
S3 akbdclas;akbdclas;\??\c:\docume~1\Patrik\LOCALS~1\Temp\akbdclas.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\akbdclas.sys [?]
S3 apciidex;apciidex;\??\c:\docume~1\Patrik\LOCALS~1\Temp\apciidex.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\apciidex.sys [?]
S3 ediskdum;ediskdum;\??\c:\docume~1\Patrik\LOCALS~1\Temp\ediskdum.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\ediskdum.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [6/1/2009 2:58 PM Demented 34352]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [10/26/2008 10:23 PM Demented 83552]
S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;c:\windows\system32\drivers\LSPMUSB.sys [10/26/2008 9:10 PM Demented 666624]
S3 SaegisP;SaegisP;\??\c:\docume~1\Patrik\LOCALS~1\Temp\SaegisP.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\SaegisP.sys [?]
S3 tfdc;tfdc;\??\c:\docume~1\Patrik\LOCALS~1\Temp\tfdc.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\tfdc.sys [?]
S3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [10/26/2008 5:27 PM Demented 118877]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2009-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4005589452-2318379434-3939991973-1006.job
- c:\documents and settings\Patrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-18 02:14]

2009-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4005589452-2318379434-3939991973-1007.job
- c:\documents and settings\Bryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-12 22:12]

2008-10-26 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]

2008-10-26 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]

2008-10-26 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-28 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {6331A031-3BF1-4E08-890F-33ECCC758051} = 10.23.80.1
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 12:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3452)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-06-29 13:01
ComboFix-quarantined-files.txt 2009-06-29 17:01
ComboFix2.txt 2009-06-26 00:18
ComboFix3.txt 2009-06-25 13:58
ComboFix4.txt 2009-06-25 04:33

Pre-Run: 23,261,835,264 bytes free
Post-Run: 23,325,437,952 bytes free

486 --- E O F --- 2009-01-14 04:15
Spawn
Regular Member
 
Posts: 47
Joined: February 1st, 2009, 3:43 pm
Location: The United States of America
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware