allzlost
2010-07-12, 10:53
After a strange Java screen popped up i noticed a few new processes in task manager: loader.exe and opykrostssd.exe.
Some of the issues I've noticed are: new instances of iexplore.exe, it drops the Wave/MP3 volume all the way down so i have no sound, firefox is redirecting me to blocked malware sites, and so on.
Here's the dds.txt:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 0:39:07.50 on Mon 07/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1451 [GMT -7:00]
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\Explorer.EXE
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
svchost.exe 4
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [ujhqykvr] c:\documents and settings\administrator\local settings\application data\ammdygskf\opykrostssd.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ujhqykvr] c:\documents and settings\administrator\local settings\application data\ammdygskf\opykrostssd.exe
mRun: [combofix] "c:\combofix\cf32095.cfxxe" /c "c:\combofix\C.bat"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\themat~1.lnk - c:\documents and settings\administrator\local settings\temp\{a5834d08-b713-4d09-8a91-c6fbeb061d01}\{e571e8b1-9771-465d-9de0-3ba2d1bdae99}\ATR1.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\owf3asu8.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\owf3asu8.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-10-13 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-2-27 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-2-27 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-2-27 29776]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-10-13 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-10-13 151297]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-2-27 1282248]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-27 24652]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-10-13 52056]
R3 JakNDisMP;JakNDisMP;c:\windows\system32\drivers\JakNDis.sys [2009-5-11 21504]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-2-27 3291336]
S3 JakNDis;Jaksta Service;c:\windows\system32\drivers\JakNDis.sys [2009-5-11 21504]
S3 MSCLSSTs;MSCLSSTs;c:\windows\system32\drivers\MSCLSSTs.sys [2009-1-24 50287]
S3 MSCLSSTu;Solid State MP3 Player Control Driver;c:\windows\system32\drivers\MSCLSSTu.sys [2009-1-24 35810]
S3 perm2;perm2;c:\windows\system32\drivers\perm2.sys [2008-10-12 27904]
=============== Created Last 30 ================
2010-07-12 06:55:59 98816 ----a-w- c:\windows\sed.exe
2010-07-12 06:55:59 77312 ----a-w- c:\windows\MBR.exe
2010-07-12 06:55:59 256512 ----a-w- c:\windows\PEV.exe
2010-07-12 06:55:59 161792 ----a-w- c:\windows\SWREG.exe
2010-07-12 06:55:38 0 d-s---w- C:\ComboFix
2010-07-12 06:50:38 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 06:50:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-12 03:52:44 745 ----a-w- c:\windows\CoD.INI
2010-07-08 01:08:08 0 d-----w- c:\program files\Call of Duty
2010-06-28 10:57:55 0 d-----w- c:\program files\Surreal
2010-06-28 10:57:16 29 ----a-w- c:\windows\encore_launcher.ini
2010-06-23 08:18:21 0 d-----w- c:\program files\Orbitdownloader
2010-06-17 22:58:27 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
2010-06-17 19:52:22 0 d-----w- c:\program files\Rockstar Games
2010-06-15 02:11:02 0 d-----w- c:\program files\Ulead Systems
==================== Find3M ====================
2010-06-29 00:31:29 344 ----a-w- c:\docume~1\admini~1\applic~1\wklnhst.dat
2010-06-23 08:00:48 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-06-23 08:00:48 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-06-23 08:00:46 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-05-13 22:05:40 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-04-15 02:36:07 32148 ---ha-w- c:\windows\system32\mlfcache.dat
============= FINISH: 0:39:17.42 ===============
any help would be appreciated.
Some of the issues I've noticed are: new instances of iexplore.exe, it drops the Wave/MP3 volume all the way down so i have no sound, firefox is redirecting me to blocked malware sites, and so on.
Here's the dds.txt:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 0:39:07.50 on Mon 07/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1451 [GMT -7:00]
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\Explorer.EXE
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
svchost.exe 4
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [ujhqykvr] c:\documents and settings\administrator\local settings\application data\ammdygskf\opykrostssd.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ujhqykvr] c:\documents and settings\administrator\local settings\application data\ammdygskf\opykrostssd.exe
mRun: [combofix] "c:\combofix\cf32095.cfxxe" /c "c:\combofix\C.bat"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\themat~1.lnk - c:\documents and settings\administrator\local settings\temp\{a5834d08-b713-4d09-8a91-c6fbeb061d01}\{e571e8b1-9771-465d-9de0-3ba2d1bdae99}\ATR1.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\owf3asu8.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\owf3asu8.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-10-13 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-2-27 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-2-27 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-2-27 29776]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-10-13 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-10-13 151297]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-2-27 1282248]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-27 24652]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-10-13 52056]
R3 JakNDisMP;JakNDisMP;c:\windows\system32\drivers\JakNDis.sys [2009-5-11 21504]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-2-27 3291336]
S3 JakNDis;Jaksta Service;c:\windows\system32\drivers\JakNDis.sys [2009-5-11 21504]
S3 MSCLSSTs;MSCLSSTs;c:\windows\system32\drivers\MSCLSSTs.sys [2009-1-24 50287]
S3 MSCLSSTu;Solid State MP3 Player Control Driver;c:\windows\system32\drivers\MSCLSSTu.sys [2009-1-24 35810]
S3 perm2;perm2;c:\windows\system32\drivers\perm2.sys [2008-10-12 27904]
=============== Created Last 30 ================
2010-07-12 06:55:59 98816 ----a-w- c:\windows\sed.exe
2010-07-12 06:55:59 77312 ----a-w- c:\windows\MBR.exe
2010-07-12 06:55:59 256512 ----a-w- c:\windows\PEV.exe
2010-07-12 06:55:59 161792 ----a-w- c:\windows\SWREG.exe
2010-07-12 06:55:38 0 d-s---w- C:\ComboFix
2010-07-12 06:50:38 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 06:50:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-12 03:52:44 745 ----a-w- c:\windows\CoD.INI
2010-07-08 01:08:08 0 d-----w- c:\program files\Call of Duty
2010-06-28 10:57:55 0 d-----w- c:\program files\Surreal
2010-06-28 10:57:16 29 ----a-w- c:\windows\encore_launcher.ini
2010-06-23 08:18:21 0 d-----w- c:\program files\Orbitdownloader
2010-06-17 22:58:27 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
2010-06-17 19:52:22 0 d-----w- c:\program files\Rockstar Games
2010-06-15 02:11:02 0 d-----w- c:\program files\Ulead Systems
==================== Find3M ====================
2010-06-29 00:31:29 344 ----a-w- c:\docume~1\admini~1\applic~1\wklnhst.dat
2010-06-23 08:00:48 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-06-23 08:00:48 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-06-23 08:00:46 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-05-13 22:05:40 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-04-15 02:36:07 32148 ---ha-w- c:\windows\system32\mlfcache.dat
============= FINISH: 0:39:17.42 ===============
any help would be appreciated.