Something is preventing me from playing games on PB servers...

NashEquil · 09-08-2007, 01:10 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:46 PM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: http://onecare.live.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1188739894093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1188739867375
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5668 bytes

NashEquil · 09-08-2007, 02:38 PM

Sorry if i wasn't more clear. I keep getting a reoccuring file on my computer called oreans32.sys

I cannot figure out what I making it come back over and over.

I have ran AVG anti-spyware, spybot, and SUPERAntiSpyware and let it clean anything it found. But even after this, it keeps showing back up in my C:\WINDOWS\System32\drivers folder.

Can someone help me troubleshoot this?

NashEquil · 09-08-2007, 02:54 PM

I ran combo fix also today:

ComboFix 07-09-08.7 - "Administrator" 2007-09-08 16:46:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1515 [GMT -4:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000110_.tmp.dll

((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 16:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 03:21 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-08 03:20 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-09-08 03:14 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-09-08 03:14 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-09-07 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-09-07 19:38 <DIR> d-------- C:\WINDOWS\nview
2007-09-07 18:37 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-07 17:10 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2007-09-06 14:03 765,952 --a------ C:\DOCUME~1\ADMINI~1\msvcp71d.dll
2007-09-06 14:03 61,440 --a------ C:\DOCUME~1\ADMINI~1\msvcrt40.dll
2007-09-06 14:03 565,760 --a------ C:\DOCUME~1\ADMINI~1\msvcp50.dll
2007-09-06 14:03 544,768 --a------ C:\DOCUME~1\ADMINI~1\msvcr71d.dll
2007-09-06 14:03 54,784 --a------ C:\DOCUME~1\ADMINI~1\msvcirt.dll
2007-09-06 14:03 499,712 --a------ C:\DOCUME~1\ADMINI~1\msvcp71.dll
2007-09-06 14:03 434,252 --a------ C:\DOCUME~1\ADMINI~1\MSVCRTD.DLL
2007-09-06 14:03 413,696 --a------ C:\DOCUME~1\ADMINI~1\msvcp60.dll
2007-09-06 14:03 348,160 --a------ C:\DOCUME~1\ADMINI~1\msvcr71.dll
2007-09-06 14:03 343,040 --a------ C:\DOCUME~1\ADMINI~1\msvcrt.dll
2007-09-06 14:03 253,952 --a------ C:\DOCUME~1\ADMINI~1\msvcrt20.dll
2007-09-06 14:03 249,856 --a------ C:\DOCUME~1\ADMINI~1\MSX Systemhelper 1.0.exe
2007-09-06 14:03 1,388,544 --a------ C:\DOCUME~1\ADMINI~1\MSVBVM6N.DLL
2007-09-06 14:03 1,386,496 --a------ C:\DOCUME~1\ADMINI~1\msvbvm60.dll
2007-09-06 14:03 1,355,776 --a------ C:\DOCUME~1\ADMINI~1\msvbvm50.dll
2007-09-03 18:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-03 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-03 18:16 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-02 10:29 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-09-02 09:58 <DIR> d-------- C:\Program Files\MSBuild
2007-09-02 09:56 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-09-02 09:56 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-09-02 09:56 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-09-02 09:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-02 09:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-02 09:55 <DIR> d-------- C:\982bde8dfe5d17a640
2007-09-02 09:55 <DIR> d-------- C:\39bb7ce70b72ed2a6448
2007-09-02 09:55 <DIR> d-------- C:\038c976c53719d1c99089af0
2007-09-02 09:54 <DIR> d-------- C:\c6a931c7eb84ff3227da763602caf1
2007-09-02 09:52 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-02 09:44 <DIR> d-------- C:\e330ba9d348fdb2daddab539
2007-09-02 09:41 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-09-02 09:41 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-09-02 09:41 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-09-02 09:35 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-02 09:33 <DIR> d-------- C:\WUTemp
2007-09-02 09:33 <DIR> d-------- C:\146085ae7c6bc75ffc1dc96d27
2007-09-02 09:31 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-09-02 09:31 <DIR> d--hs---- C:\DOCUME~1\ADMINI~1\UserData
2007-09-01 16:19 4,136 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2007-08-31 23:40 <DIR> d-------- C:\Program Files\Download Manager
2007-08-31 23:28 <DIR> d-------- C:\Program Files\Electronic Arts
2007-08-31 22:57 22,328 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\PnkBstrK.sys
2007-08-31 22:10 <DIR> d-------- C:\Program Files\Total Uninstall 3
2007-08-31 13:47 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-08-31 12:22 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-08-31 12:22 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-08-31 12:22 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-08-30 17:37 <DIR> d-------- C:\Temp
2007-08-28 20:52 61,056 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
2007-08-28 20:52 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2007-08-28 20:52 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys
2007-08-28 20:52 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-08-28 20:52 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2007-08-28 20:52 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2007-08-28 20:51 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-08-28 20:51 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-08-27 18:43 <DIR> d-------- C:\Program Files\RF Addiction
2007-08-25 08:13 50,552 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-08-16 20:43 <DIR> d-------- C:\Program Files\mIRC
2007-08-16 20:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\mIRC
2007-08-13 18:10 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-08-13 18:10 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-08-13 18:10 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-08-13 18:10 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-08-13 18:10 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-08-13 18:10 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-08-13 18:10 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-08-13 18:09 98,304 -ra------ C:\WINDOWS\system32\hpzjsn01.dll
2007-08-13 18:09 73,728 -ra------ C:\WINDOWS\system32\hptcpmib.dll
2007-08-13 18:09 28,672 -ra------ C:\WINDOWS\system32\hpzjfw01.dll
2007-08-13 18:09 212,992 -ra------ C:\WINDOWS\system32\hptcpmui.dll
2007-08-13 18:09 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
2007-08-13 18:09 110,592 -ra------ C:\WINDOWS\system32\hptcpmon.dll
2007-08-13 18:09 <DIR> d-------- C:\Program Files\HP
2007-08-13 18:09 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-08-11 00:19 <DIR> d-------- C:\Program Files\Google
2007-08-10 12:04 277 --a------ C:\WINDOWS\strings.sys
2007-08-10 12:04 164 --a------ C:\WINDOWS\Settings.sys
2007-08-10 10:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-09 02:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-08-09 02:49 <DIR> d-------- C:\Program Files\QuickTime
2007-08-09 02:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-09 02:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-07 19:29 --------- d-------- C:\Program Files\Creative
2007-09-07 17:05 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-07 17:05 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-07 17:03 --------- d-------- C:\Program Files\Granado Espada
2007-09-01 16:41 --------- d-------- C:\Program Files\EA SPORTS
2007-09-01 16:13 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\IGN_DLM
2007-08-31 23:17 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-08-31 22:29 --------- d-------- C:\Program Files\IGN
2007-08-30 17:37 --------- d-------- C:\Program Files\Sony
2007-08-29 10:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
2007-08-29 10:00 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PACE Anti-Piracy
2007-08-28 20:46 --------- d-------- C:\Program Files\Ubisoft
2007-08-06 00:12 224048 --a------ C:\Program Files\utorrent.exe
2007-07-28 16:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-26 22:52 --------- d-------- C:\Program Files\NVIDIA Corporation
2007-07-25 02:22 --------- d-------- C:\Program Files\Futuremark
2007-07-23 14:53 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ventrilo
2007-07-21 05:06 --------- d-------- C:\Program Files\Common Files\EasyInfo
2007-07-15 23:52 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
2007-07-14 01:22 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Creative
2007-07-10 15:22 --------- d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2007-07-09 19:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-07-09 19:26 --------- d-------- C:\Program Files\Microsoft Works
2007-07-09 19:26 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-07-09 19:26 --------- d-------- C:\Program Files\Common Files\L&H
2007-07-09 19:21 --------- d-------- C:\Program Files\Microsoft ACT
2007-07-09 19:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-07-09 18:09 --------- d-------- C:\Program Files\ASUS
2007-07-09 17:27 --------- d-------- C:\Program Files\Common Files\Merge Modules
2007-07-09 17:18 --------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2007-07-09 17:02 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
2007-07-09 16:58 --------- d-------- C:\Program Files\HTML Help Workshop
2007-07-09 16:51 --------- d-------- C:\Program Files\Common Files\Crystal Decisions
2007-07-09 16:38 --------- d-------- C:\Program Files\Microsoft.NET
2007-07-09 12:12 --------- d-------- C:\Program Files\Common Files\SWF Studio
2007-07-09 02:03 --------- d-------- C:\Program Files\Valve
2007-07-08 18:13 28624 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-08 18:13 --------- d-------- C:\Program Files\EACOM
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-09-21 15:40]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-25 20:32]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 13:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-07-09 18:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 17:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
S2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys
S3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
S3 XDva011;XDva011;\??\C:\WINDOWS\system32\XDva011.sys
S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-08 16:50:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-08 16:51:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-08 16:51
.
--- E O F ---

**LonnyRJones** · 09-13-2007, 08:07 AM

Welcome to the forum

Is one of your programs alerting to oreans32.sys ? is so which

Post a report from one or better yet both of these free online scans

Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Pess "scan your PC now" allow the active x to install (if prompted)
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2

Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

09-08-2007, 01:10 AM	#1 (permalink)
NashEquil Registered User Join Date: Sep 2007 Posts: 3 OS: XP Pro	Something is preventing me from playing games on PB servers... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:47:46 PM, on 9/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O15 - Trusted Zone: http://onecare.live.com O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1188739894093 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1188739867375 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 5668 bytes

09-08-2007, 02:38 PM	#2 (permalink)
NashEquil Registered User Join Date: Sep 2007 Posts: 3 OS: XP Pro	Re: Something is preventing me from playing games on PB servers... Sorry if i wasn't more clear. I keep getting a reoccuring file on my computer called oreans32.sys I cannot figure out what I making it come back over and over. I have ran AVG anti-spyware, spybot, and SUPERAntiSpyware and let it clean anything it found. But even after this, it keeps showing back up in my C:\WINDOWS\System32\drivers folder. Can someone help me troubleshoot this?

09-08-2007, 02:54 PM	#3 (permalink)
NashEquil Registered User Join Date: Sep 2007 Posts: 3 OS: XP Pro	Re: Something is preventing me from playing games on PB servers... I ran combo fix also today: ComboFix 07-09-08.7 - "Administrator" 2007-09-08 16:46:31.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1515 [GMT -4:00] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_000003_.tmp.dll C:\WINDOWS\system32\_000005_.tmp.dll C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\_000009_.tmp.dll C:\WINDOWS\system32\_000010_.tmp.dll C:\WINDOWS\system32\_000012_.tmp.dll C:\WINDOWS\system32\_000110_.tmp.dll ((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 ))))))))))))))))))))))))))))))) . 2007-09-08 16:46 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-08 03:21 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-09-08 03:20 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe 2007-09-08 03:14 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-09-08 03:14 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-09-07 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles 2007-09-07 19:38 <DIR> d-------- C:\WINDOWS\nview 2007-09-07 18:37 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-07 17:10 (2) -rahs-ot- C:\WINDOWS\winstart.bat 2007-09-06 14:03 765,952 --a------ C:\DOCUME~1\ADMINI~1\msvcp71d.dll 2007-09-06 14:03 61,440 --a------ C:\DOCUME~1\ADMINI~1\msvcrt40.dll 2007-09-06 14:03 565,760 --a------ C:\DOCUME~1\ADMINI~1\msvcp50.dll 2007-09-06 14:03 544,768 --a------ C:\DOCUME~1\ADMINI~1\msvcr71d.dll 2007-09-06 14:03 54,784 --a------ C:\DOCUME~1\ADMINI~1\msvcirt.dll 2007-09-06 14:03 499,712 --a------ C:\DOCUME~1\ADMINI~1\msvcp71.dll 2007-09-06 14:03 434,252 --a------ C:\DOCUME~1\ADMINI~1\MSVCRTD.DLL 2007-09-06 14:03 413,696 --a------ C:\DOCUME~1\ADMINI~1\msvcp60.dll 2007-09-06 14:03 348,160 --a------ C:\DOCUME~1\ADMINI~1\msvcr71.dll 2007-09-06 14:03 343,040 --a------ C:\DOCUME~1\ADMINI~1\msvcrt.dll 2007-09-06 14:03 253,952 --a------ C:\DOCUME~1\ADMINI~1\msvcrt20.dll 2007-09-06 14:03 249,856 --a------ C:\DOCUME~1\ADMINI~1\MSX Systemhelper 1.0.exe 2007-09-06 14:03 1,388,544 --a------ C:\DOCUME~1\ADMINI~1\MSVBVM6N.DLL 2007-09-06 14:03 1,386,496 --a------ C:\DOCUME~1\ADMINI~1\msvbvm60.dll 2007-09-06 14:03 1,355,776 --a------ C:\DOCUME~1\ADMINI~1\msvbvm50.dll 2007-09-03 18:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-09-03 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-09-03 18:16 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com 2007-09-02 10:29 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-09-02 09:58 <DIR> d-------- C:\Program Files\MSBuild 2007-09-02 09:56 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-09-02 09:56 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-09-02 09:56 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-09-02 09:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-09-02 09:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-09-02 09:55 <DIR> d-------- C:\982bde8dfe5d17a640 2007-09-02 09:55 <DIR> d-------- C:\39bb7ce70b72ed2a6448 2007-09-02 09:55 <DIR> d-------- C:\038c976c53719d1c99089af0 2007-09-02 09:54 <DIR> d-------- C:\c6a931c7eb84ff3227da763602caf1 2007-09-02 09:52 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-09-02 09:44 <DIR> d-------- C:\e330ba9d348fdb2daddab539 2007-09-02 09:41 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-09-02 09:41 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-09-02 09:41 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-09-02 09:35 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-09-02 09:33 <DIR> d-------- C:\WUTemp 2007-09-02 09:33 <DIR> d-------- C:\146085ae7c6bc75ffc1dc96d27 2007-09-02 09:31 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-09-02 09:31 <DIR> d--hs---- C:\DOCUME~1\ADMINI~1\UserData 2007-09-01 16:19 4,136 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2007-08-31 23:40 <DIR> d-------- C:\Program Files\Download Manager 2007-08-31 23:28 <DIR> d-------- C:\Program Files\Electronic Arts 2007-08-31 22:57 22,328 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\PnkBstrK.sys 2007-08-31 22:10 <DIR> d-------- C:\Program Files\Total Uninstall 3 2007-08-31 13:47 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll 2007-08-31 12:22 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-08-31 12:22 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-08-31 12:22 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-08-30 17:37 <DIR> d-------- C:\Temp 2007-08-28 20:52 61,056 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys 2007-08-28 20:52 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys 2007-08-28 20:52 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys 2007-08-28 20:52 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-08-28 20:52 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys 2007-08-28 20:52 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys 2007-08-28 20:51 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-08-28 20:51 <DIR> d-------- C:\Program Files\AGEIA Technologies 2007-08-27 18:43 <DIR> d-------- C:\Program Files\RF Addiction 2007-08-25 08:13 50,552 --ah----- C:\WINDOWS\system32\mlfcache.dat 2007-08-16 20:43 <DIR> d-------- C:\Program Files\mIRC 2007-08-16 20:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\mIRC 2007-08-13 18:10 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-08-13 18:10 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-08-13 18:10 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-08-13 18:10 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-08-13 18:10 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-08-13 18:10 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-08-13 18:10 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-08-13 18:09 98,304 -ra------ C:\WINDOWS\system32\hpzjsn01.dll 2007-08-13 18:09 73,728 -ra------ C:\WINDOWS\system32\hptcpmib.dll 2007-08-13 18:09 28,672 -ra------ C:\WINDOWS\system32\hpzjfw01.dll 2007-08-13 18:09 212,992 -ra------ C:\WINDOWS\system32\hptcpmui.dll 2007-08-13 18:09 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll 2007-08-13 18:09 110,592 -ra------ C:\WINDOWS\system32\hptcpmon.dll 2007-08-13 18:09 <DIR> d-------- C:\Program Files\HP 2007-08-13 18:09 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-08-11 00:19 <DIR> d-------- C:\Program Files\Google 2007-08-10 12:04 277 --a------ C:\WINDOWS\strings.sys 2007-08-10 12:04 164 --a------ C:\WINDOWS\Settings.sys 2007-08-10 10:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-08-09 02:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer 2007-08-09 02:49 <DIR> d-------- C:\Program Files\QuickTime 2007-08-09 02:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer 2007-08-09 02:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-07 19:29 --------- d-------- C:\Program Files\Creative 2007-09-07 17:05 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-07 17:05 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-07 17:03 --------- d-------- C:\Program Files\Granado Espada 2007-09-01 16:41 --------- d-------- C:\Program Files\EA SPORTS 2007-09-01 16:13 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\IGN_DLM 2007-08-31 23:17 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent 2007-08-31 22:29 --------- d-------- C:\Program Files\IGN 2007-08-30 17:37 --------- d-------- C:\Program Files\Sony 2007-08-29 10:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy 2007-08-29 10:00 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PACE Anti-Piracy 2007-08-28 20:46 --------- d-------- C:\Program Files\Ubisoft 2007-08-06 00:12 224048 --a------ C:\Program Files\utorrent.exe 2007-07-28 16:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-07-26 22:52 --------- d-------- C:\Program Files\NVIDIA Corporation 2007-07-25 02:22 --------- d-------- C:\Program Files\Futuremark 2007-07-23 14:53 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ventrilo 2007-07-21 05:06 --------- d-------- C:\Program Files\Common Files\EasyInfo 2007-07-15 23:52 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR 2007-07-14 01:22 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Creative 2007-07-10 15:22 --------- d-------- C:\Program Files\Common Files\PACE Anti-Piracy 2007-07-09 19:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative 2007-07-09 19:26 --------- d-------- C:\Program Files\Microsoft Works 2007-07-09 19:26 --------- d-------- C:\Program Files\Microsoft ActiveSync 2007-07-09 19:26 --------- d-------- C:\Program Files\Common Files\L&H 2007-07-09 19:21 --------- d-------- C:\Program Files\Microsoft ACT 2007-07-09 19:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help 2007-07-09 18:09 --------- d-------- C:\Program Files\ASUS 2007-07-09 17:27 --------- d-------- C:\Program Files\Common Files\Merge Modules 2007-07-09 17:18 --------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003 2007-07-09 17:02 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\U3 2007-07-09 16:58 --------- d-------- C:\Program Files\HTML Help Workshop 2007-07-09 16:51 --------- d-------- C:\Program Files\Common Files\Crystal Decisions 2007-07-09 16:38 --------- d-------- C:\Program Files\Microsoft.NET 2007-07-09 12:12 --------- d-------- C:\Program Files\Common Files\SWF Studio 2007-07-09 02:03 --------- d-------- C:\Program Files\Valve 2007-07-08 18:13 28624 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-07-08 18:13 --------- d-------- C:\Program Files\EACOM 2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-09-21 15:40] "CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 C:\WINDOWS\system32\CTXFIHLP.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00] "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07] "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-25 20:32] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 13:55] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\valve\steam\steam.exe" [2007-07-09 18:22] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 17:57] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys S2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys S3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys S3 XDva011;XDva011;\??\C:\WINDOWS\system32\XDva011.sys S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\LaunchU3.exe . ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-08 16:50:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-09-08 16:51:21 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-08 16:51 . --- E O F ---

09-13-2007, 08:07 AM	#4 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,341 OS: xp	Re: Something is preventing me from playing games on PB servers... Welcome to the forum Is one of your programs alerting to oreans32.sys ? is so which Post a report from one or better yet both of these free online scans Panda ActiveScan-Free online scanner, http://www.pandasoftware.com/products/activescan.htm Pess "scan your PC now" allow the active x to install (if prompted) Do a full scan > Click the my computer button After the scan click see report then Save the report and post it back here please. If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2 Kaspersky Lab - Free Online scan: http://www.kaspersky.com/virusscanner Click scan settings and place a check next to use [x]extended this database etc etc. Click ok. Then choose: my computer: scan all your hard drives and mapped disks. when finished click save as text and post that in your reply.