Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Stubborn malware/trojan (trojan.downloader)

Started by angriestmonster , May 15 2011 06:20 AM

This topic is locked

#1
angriestmonster

Posted 15 May 2011 - 06:20 AM

Member

Member
10 posts

I've somehow gotten a nasty bug that Malwarebytes identifies as "Trojan.Downloader". Cleaning it seems to do nothing, and I'm also getting two "Net Command has encountered a problem and needs to close" error screens once a minute or so.

Running XP Pro 32bit, if that helps at all.

Here's my OTL log (also I'm attaching aswMBR and GMER scans, assuming that will help speed things along):

OTL logfile created on: 5/15/2011 5:06:01 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 431.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 9.63 Gb Free Space | 9.86% Space Free | Partition Type: NTFS
Drive D: | 14.13 Gb Total Space | 0.96 Gb Free Space | 6.80% Space Free | Partition Type: NTFS
Drive F: | 968.25 Mb Total Space | 827.91 Mb Free Space | 85.51% Space Free | Partition Type: FAT

Computer Name: IH8U | User Name: JERKFACE MCMONSTER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 04:26:21 | 000,068,608 | ---- | M] () -- C:\WINDOWS\temp\qtfcyyp.exe
PRC - [2011/05/07 18:14:00 | 000,608,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads\OTL.exe
PRC - [2011/04/20 16:25:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/05/26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/27 12:29:36 | 000,167,936 | ---- | M] (amBX UK Ltd.) -- C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
PRC - [2009/10/14 16:43:08 | 000,640,512 | -HS- | M] (amBX) -- C:\Program Files\amBX\System\amBX_Service.exe
PRC - [2009/09/04 13:16:54 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/09/30 12:47:30 | 000,075,264 | ---- | M] (amBX) -- C:\Program Files\amBX\Effects\amBX Event Manager.exe
PRC - [2008/06/09 14:51:48 | 000,568,320 | ---- | M] (Philips) -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe
PRC - [2008/06/09 14:51:48 | 000,038,400 | ---- | M] () -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe
PRC - [2007/12/10 16:55:26 | 000,352,256 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Philips\SPC230NC\Monitor.exe
PRC - [2007/06/13 04:26:03 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,053,248 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/04/27 14:59:24 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/02/15 16:10:16 | 000,086,016 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2004/12/13 04:34:32 | 000,077,824 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/12/02 18:23:34 | 000,131,072 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2001/08/23 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\charmap.exe

========== Modules (SafeList) ==========

MOD - [2011/05/07 18:14:00 | 000,608,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads\OTL.exe
MOD - [2009/10/27 12:29:14 | 000,057,344 | ---- | M] (amBX UK Ltd.) -- C:\Program Files\amBX\Gaming FXGen\win32\LoadLibInterceptor.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [1999/03/29 08:34:06 | 000,110,595 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Msscript1.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/11/24 15:37:36 | 004,263,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/02/19 20:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/14 16:43:08 | 000,640,512 | -HS- | M] (amBX) [Auto | Running] -- C:\Program Files\amBX\System\amBX_Service.exe -- (amBX Service)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/09/06 16:47:36 | 000,611,664 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/06/09 14:51:48 | 000,568,320 | ---- | M] (Philips) [On_Demand | Running] -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe -- (Philips amBX USB HAL)
SRV - [2008/06/09 14:51:48 | 000,038,400 | ---- | M] () [Auto | Running] -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe -- (Philips HAL Starter)
SRV - [2007/01/04 14:38:08 | 000,053,248 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/27 14:59:24 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004/12/13 04:34:32 | 000,077,824 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/05/07 13:35:14 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/06/09 14:52:04 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/12/31 17:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/09/26 15:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/06/15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/05/23 14:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/18 15:39:38 | 000,242,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) Airlink101 USB XR Adapter Driver (RT73)
DRV - [2005/06/17 13:48:46 | 000,019,968 | ---- | M] (WikiTek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - [2005/04/12 01:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005/01/10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/12/23 17:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004/08/03 23:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 16:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/09/22 19:37:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 00:47:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 00:47:19 | 000,000,000 | ---D | M]

[2008/09/14 07:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Extensions
[2011/05/15 01:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions
[2011/04/30 08:43:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/05/14 13:31:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/28 08:31:48 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/15 01:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 22:01:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/02 19:11:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/28 12:56:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/09 20:19:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/08/11 19:54:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/08/17 00:36:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/05/07 16:00:37 | 000,000,826 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [amBX Daemon] C:\Program Files\amBX\Control Panel\amBXDaemon.exe (Koninklijke Philips N.V.)
O4 - HKLM..\Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe (amBX UK Ltd.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\amBX Effects.lnk = C:\Program Files\amBX\Effects\amBX Event Manager.exe (amBX)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\amBX Illuminate.lnk = C:\Program Files\amBX\Illuminate\Illuminate.exe (Philips)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 60xu9 = C:\WINDOWS\TEMP\qtfcyyp.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Coffee Bean.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Coffee Bean.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/02 19:27:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/15 03:40:36 | 000,000,028 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{f50d1341-7ee5-11e0-b52b-000ea67fd033}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- [2004/08/04 01:56:58 | 000,072,704 | -H-- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 13:31:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/09 00:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/05/09 00:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads
[2011/05/07 21:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\My Music
[2011/05/07 21:50:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\My Pictures
[2011/05/07 18:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\blurg
[2011/05/07 16:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Malwarebytes
[2011/05/07 16:23:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/07 16:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/07 16:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/07 16:23:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/07 16:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/07 14:48:59 | 000,000,000 | ---D | C] -- C:\MTU
[2011/05/07 14:46:10 | 000,545,280 | ---- | C] (Igor Pavlov) -- C:\WINDOWS\System32\7za.exe
[2011/05/07 13:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\karaocrime
[2011/05/07 13:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2011/05/07 03:31:08 | 000,032,768 | ---- | C] (Frog ASPI / Millenod) -- C:\WINDOWS\System32\FrogASPI.DLL
[2011/05/07 03:31:06 | 000,086,016 | ---- | C] (NexiTech, Inc.) -- C:\WINDOWS\System32\WNASPINT.DLL
[2011/05/07 03:09:00 | 000,000,000 | ---D | C] -- C:\cdrgui
[2011/05/07 02:42:38 | 000,000,000 | ---D | C] -- C:\cdrecord
[2011/05/06 19:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/05/06 18:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\MP3+G Toolz .NET 4
[2011/05/06 18:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Doblon
[2002/04/10 02:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[58 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[23 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/15 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/05/15 04:39:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\MBR.dat
[2011/05/15 04:26:12 | 000,205,967 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/15 04:25:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/05/15 03:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/05/15 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/05/15 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/05/15 00:42:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/05/14 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/05/14 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/05/14 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/05/14 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/05/14 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/05/14 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/05/14 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/05/14 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/05/13 07:24:41 | 000,953,019 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\test.wmv
[2011/05/13 07:18:07 | 000,087,360 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\gmer.wmv
[2011/05/13 07:08:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ùÓ
[2011/05/13 06:59:59 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/05/13 05:59:59 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/05/12 21:31:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 00:58:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/10 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/05/09 19:12:54 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/05/09 00:47:23 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/09 00:47:23 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/07 17:48:00 | 000,211,968 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 17:43:47 | 000,001,534 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/05/07 16:23:24 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 16:00:37 | 000,000,826 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/07 14:48:59 | 000,000,033 | ---- | M] () -- C:\WINDOWS\Microstudio-Demo.INI
[2011/05/07 13:47:16 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\ax_files.xml
[2011/05/07 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/05/07 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/05/07 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/05/07 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/05/07 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/05/07 02:21:08 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2011/05/06 18:57:11 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\Shortcut to MP3GToolz.exe.lnk
[2011/04/30 23:05:06 | 000,002,252 | ---- | M] () -- C:\WINDOWS\FORGE32.INI
[2011/04/30 14:11:13 | 000,007,680 | ---- | M] () -- C:\WINDOWS\~INSX462.EXE
[2011/04/30 14:11:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\~INSX362.EXE
[2011/04/15 13:29:03 | 000,004,919 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[58 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[23 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/15 04:39:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\MBR.dat
[2011/05/13 07:24:37 | 000,953,019 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\test.wmv
[2011/05/13 07:18:06 | 000,087,360 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\gmer.wmv
[2011/05/13 07:08:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ùÓ
[2011/05/07 16:23:24 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 14:48:59 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Microstudio-Demo.INI
[2011/05/07 13:47:16 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\ax_files.xml
[2011/05/06 18:57:11 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\Shortcut to MP3GToolz.exe.lnk
[2011/04/30 14:09:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\~INSX462.EXE
[2011/04/30 14:09:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\~INSX362.EXE
[2011/04/27 00:11:39 | 117,700,594 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\50YearsOfMadLibs.pdf
[2011/04/14 23:55:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/07 20:38:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/04 09:30:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/06/12 11:04:58 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/05/02 09:10:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/23 17:40:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/12/06 05:24:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/02 23:46:06 | 000,747,486 | ---- | C] () -- C:\WINDOWS\System32\iconv-1.3.dll
[2009/12/02 23:46:06 | 000,413,808 | ---- | C] () -- C:\WINDOWS\System32\imlib-tiff.dll
[2009/12/02 23:46:06 | 000,145,041 | ---- | C] () -- C:\WINDOWS\System32\imlib-png.dll
[2009/12/02 23:46:06 | 000,134,266 | ---- | C] () -- C:\WINDOWS\System32\gdk_imlib.dll
[2009/12/02 23:46:06 | 000,132,569 | ---- | C] () -- C:\WINDOWS\System32\imlib-jpeg.dll
[2009/12/02 23:46:06 | 000,028,405 | ---- | C] () -- C:\WINDOWS\System32\gnu-intl.dll
[2009/09/13 17:57:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Local Settings\Application Data\housecall.guid.cache
[2009/05/16 16:40:16 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/04/26 01:19:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2009/03/06 20:47:37 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\PnkBstrK.sys
[2008/12/04 00:16:55 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2008/10/12 03:03:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2008/09/14 07:32:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/03/19 19:13:55 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2008/02/16 20:56:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ANTSWLIB.INI
[2008/02/03 20:07:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/01/31 15:53:38 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2008/01/31 15:53:38 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2008/01/12 12:13:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/01/08 02:33:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/01/08 02:33:03 | 000,534,016 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/01/08 02:33:03 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/01/08 02:33:03 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/01/08 02:33:03 | 000,097,792 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/01/08 02:33:03 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/01/08 02:07:47 | 003,889,728 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2008/01/08 02:07:47 | 001,143,989 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2008/01/08 02:07:47 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.exe
[2008/01/08 02:07:33 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\buyurl0501.dat
[2008/01/05 04:40:45 | 000,002,252 | ---- | C] () -- C:\WINDOWS\FORGE32.INI
[2007/12/19 23:04:44 | 000,000,461 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2007/11/12 21:44:39 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/11/12 21:42:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/08/27 19:33:26 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/27 19:33:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/26 11:33:47 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/08/26 09:03:21 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2007/08/26 01:45:48 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/08/26 01:45:48 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/08/26 01:19:11 | 000,211,968 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/26 00:48:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/26 00:42:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/08/25 17:32:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/25 17:30:31 | 000,136,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/29 00:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2005/12/10 02:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 02:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/02 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/04 02:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 12:48:44 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_000015_.tmp.dll
[2004/07/17 12:48:44 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_000014_.tmp.dll
[2003/10/01 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,502,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,087,784 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1998/06/14 04:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

========== LOP Check ==========

[2009/06/16 17:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/02/22 22:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGS Demo Game
[2009/11/05 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\amBX_Events
[2008/02/15 20:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2008/12/04 00:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Philips
[2009/09/10 00:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/01/05 03:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2010/07/16 09:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/12 23:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/07/16 20:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/26 23:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\.BitTornado
[2010/11/01 02:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\.minecraft
[2008/02/15 00:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\.mudmagic
[2009/06/16 17:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\acccore
[2007/12/15 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Aim
[2009/11/05 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\amBX_Events
[2011/03/25 18:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\FileZilla
[2009/03/15 14:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\id Software
[2008/12/12 03:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\InfraRecorder
[2010/01/03 02:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\LucasArts
[2008/01/31 04:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mount&Blade
[2010/02/07 15:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\rockbox.org
[2009/01/09 03:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\ScummVM
[2010/06/12 10:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\SystemRequirementsLab
[2009/04/29 07:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2008/05/13 00:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Ulead Systems
[2009/02/07 07:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\uqm
[2010/11/27 16:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\uqmmod
[2007/12/17 00:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Viewpoint
[2011/05/15 00:42:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/05/07 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/05/07 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/05/07 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/05/07 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/05/07 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/05/14 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/05/14 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/05/14 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/05/15 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/05/14 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/05/14 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/05/14 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/05/14 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/05/14 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/05/15 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/05/15 03:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/05/15 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/05/15 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/05/13 05:59:59 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/05/13 06:59:59 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/05/10 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 37376 bytes -> C:\WINDOWS\System32\ùÓ:†´Ë0¸ÚyV€xKaâH¦aâ€9ü†

< End of report >

Attached Files

gmerr.txt 87.81KB 127 downloads

#2
angriestmonster

Posted 15 May 2011 - 06:21 AM

Member

Topic Starter
Member
10 posts

whoops, the aswMBR log didn't attach. here it is.

Attached Files

aswMBR.txt 1.25KB 93 downloads

Edited by angriestmonster, 15 May 2011 - 06:22 AM.

#3
Essexboy

Posted 15 May 2011 - 07:13 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi I can see a few things that need working on - so lets get at it

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - [2011/05/15 04:26:21 | 000,068,608 | ---- | M] () -- C:\WINDOWS\temp\qtfcyyp.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 60xu9 = C:\WINDOWS\TEMP\qtfcyyp.exe ()
[2011/05/13 07:08:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ùÓ
[2011/04/30 14:09:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\~INSX462.EXE
[2011/04/30 14:09:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\~INSX362.EXE
@Alternate Data Stream - 37376 bytes -> C:\WINDOWS\System32\ùÓ:†´Ë0¸ÚyV€xKaâH¦aâ€9ü†

:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\At*.job

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#4
angriestmonster

Posted 15 May 2011 - 07:55 AM

Member

Topic Starter
Member
10 posts

OTL log:

OTL logfile created on: 5/15/2011 6:44:57 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 642.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 11.10 Gb Free Space | 11.37% Space Free | Partition Type: NTFS
Drive D: | 14.13 Gb Total Space | 0.96 Gb Free Space | 6.80% Space Free | Partition Type: NTFS
Drive F: | 968.25 Mb Total Space | 827.91 Mb Free Space | 85.51% Space Free | Partition Type: FAT

Computer Name: IH8U | User Name: JERKFACE MCMONSTER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 06:43:45 | 000,068,608 | ---- | M] () -- C:\WINDOWS\temp\qtfcyyp.exe
PRC - [2011/05/07 18:14:00 | 000,608,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads\OTL.exe
PRC - [2011/01/21 14:25:32 | 000,013,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
PRC - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/05/26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/27 12:29:36 | 000,167,936 | ---- | M] (amBX UK Ltd.) -- C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
PRC - [2009/10/14 16:43:08 | 000,640,512 | -HS- | M] (amBX) -- C:\Program Files\amBX\System\amBX_Service.exe
PRC - [2009/09/04 13:16:54 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/09/30 12:47:30 | 000,075,264 | ---- | M] (amBX) -- C:\Program Files\amBX\Effects\amBX Event Manager.exe
PRC - [2008/06/09 14:51:48 | 000,568,320 | ---- | M] (Philips) -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe
PRC - [2008/06/09 14:51:48 | 000,038,400 | ---- | M] () -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe
PRC - [2008/03/06 07:28:04 | 002,559,833 | ---- | M] (Philips) -- C:\Program Files\amBX\Illuminate\Illuminate.exe
PRC - [2007/12/10 16:55:26 | 000,352,256 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Philips\SPC230NC\Monitor.exe
PRC - [2007/06/13 04:26:03 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,053,248 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/04/27 14:59:24 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/02/15 16:10:16 | 000,086,016 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2004/12/13 04:34:32 | 000,077,824 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/12/02 18:23:34 | 000,131,072 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

========== Modules (SafeList) ==========

MOD - [2011/05/07 18:14:00 | 000,608,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads\OTL.exe
MOD - [2009/10/27 12:29:14 | 000,057,344 | ---- | M] (amBX UK Ltd.) -- C:\Program Files\amBX\Gaming FXGen\win32\LoadLibInterceptor.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [1999/03/29 08:34:06 | 000,110,595 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Msscript1.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/11/24 15:37:36 | 004,263,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/02/19 20:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/14 16:43:08 | 000,640,512 | -HS- | M] (amBX) [Auto | Running] -- C:\Program Files\amBX\System\amBX_Service.exe -- (amBX Service)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/09/06 16:47:36 | 000,611,664 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/06/09 14:51:48 | 000,568,320 | ---- | M] (Philips) [On_Demand | Running] -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe -- (Philips amBX USB HAL)
SRV - [2008/06/09 14:51:48 | 000,038,400 | ---- | M] () [Auto | Running] -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe -- (Philips HAL Starter)
SRV - [2007/01/04 14:38:08 | 000,053,248 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/27 14:59:24 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004/12/13 04:34:32 | 000,077,824 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/05/07 13:35:14 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/06/09 14:52:04 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/12/31 17:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/09/26 15:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/06/15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/05/23 14:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/18 15:39:38 | 000,242,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) Airlink101 USB XR Adapter Driver (RT73)
DRV - [2005/06/17 13:48:46 | 000,019,968 | ---- | M] (WikiTek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - [2005/04/12 01:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005/01/10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/12/23 17:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004/08/03 23:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 16:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/09/22 19:37:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 00:47:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 00:47:19 | 000,000,000 | ---D | M]

[2008/09/14 07:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Extensions
[2011/05/15 01:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions
[2011/04/30 08:43:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/05/14 13:31:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/28 08:31:48 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/15 01:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 22:01:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/02 19:11:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/28 12:56:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/09 20:19:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/08/11 19:54:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/08/17 00:36:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/05/15 06:39:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [amBX Daemon] C:\Program Files\amBX\Control Panel\amBXDaemon.exe (Koninklijke Philips N.V.)
O4 - HKLM..\Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe (amBX UK Ltd.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\amBX Effects.lnk = C:\Program Files\amBX\Effects\amBX Event Manager.exe (amBX)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\amBX Illuminate.lnk = C:\Program Files\amBX\Illuminate\Illuminate.exe (Philips)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 60xu9 = C:\WINDOWS\TEMP\qtfcyyp.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Coffee Bean.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Coffee Bean.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/02 19:27:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/15 03:40:36 | 000,000,028 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 06:39:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/14 13:31:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/09 00:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/05/09 00:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads
[2011/05/07 21:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\My Music
[2011/05/07 21:50:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\My Pictures
[2011/05/07 18:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\blurg
[2011/05/07 16:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Malwarebytes
[2011/05/07 16:23:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/07 16:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/07 16:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/07 16:23:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/07 16:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/07 14:48:59 | 000,000,000 | ---D | C] -- C:\MTU
[2011/05/07 14:46:10 | 000,545,280 | ---- | C] (Igor Pavlov) -- C:\WINDOWS\System32\7za.exe
[2011/05/07 13:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\karaocrime
[2011/05/07 13:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2011/05/07 03:31:08 | 000,032,768 | ---- | C] (Frog ASPI / Millenod) -- C:\WINDOWS\System32\FrogASPI.DLL
[2011/05/07 03:31:06 | 000,086,016 | ---- | C] (NexiTech, Inc.) -- C:\WINDOWS\System32\WNASPINT.DLL
[2011/05/07 03:09:00 | 000,000,000 | ---D | C] -- C:\cdrgui
[2011/05/07 02:42:38 | 000,000,000 | ---D | C] -- C:\cdrecord
[2011/05/06 19:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/05/06 18:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\MP3+G Toolz .NET 4
[2011/05/06 18:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Doblon
[2002/04/10 02:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/15 06:48:06 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/15 06:43:50 | 000,205,967 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/15 06:43:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 04:39:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\MBR.dat
[2011/05/13 07:24:41 | 000,953,019 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\test.wmv
[2011/05/13 07:18:07 | 000,087,360 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\gmer.wmv
[2011/05/12 21:31:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 00:58:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/09 19:12:54 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/05/09 00:47:23 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/09 00:47:23 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/07 17:48:00 | 000,211,968 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 17:43:47 | 000,001,534 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/05/07 16:23:24 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 14:48:59 | 000,000,033 | ---- | M] () -- C:\WINDOWS\Microstudio-Demo.INI
[2011/05/07 13:47:16 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\ax_files.xml
[2011/05/07 02:21:08 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2011/05/06 18:57:11 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\Shortcut to MP3GToolz.exe.lnk
[2011/04/30 23:05:06 | 000,002,252 | ---- | M] () -- C:\WINDOWS\FORGE32.INI
[2011/04/15 13:29:03 | 000,004,919 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies

========== Files Created - No Company Name ==========

[2011/05/15 04:39:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\MBR.dat
[2011/05/13 07:24:37 | 000,953,019 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\test.wmv
[2011/05/13 07:18:06 | 000,087,360 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\gmer.wmv
[2011/05/07 16:23:24 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 14:48:59 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Microstudio-Demo.INI
[2011/05/07 13:47:16 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\ax_files.xml
[2011/05/06 18:57:11 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\Shortcut to MP3GToolz.exe.lnk
[2011/04/27 00:11:39 | 117,700,594 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\50YearsOfMadLibs.pdf
[2011/04/14 23:55:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/07 20:38:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/04 09:30:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/06/12 11:04:58 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/05/02 09:10:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/23 17:40:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/12/06 05:24:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/02 23:46:06 | 000,747,486 | ---- | C] () -- C:\WINDOWS\System32\iconv-1.3.dll
[2009/12/02 23:46:06 | 000,413,808 | ---- | C] () -- C:\WINDOWS\System32\imlib-tiff.dll
[2009/12/02 23:46:06 | 000,145,041 | ---- | C] () -- C:\WINDOWS\System32\imlib-png.dll
[2009/12/02 23:46:06 | 000,134,266 | ---- | C] () -- C:\WINDOWS\System32\gdk_imlib.dll
[2009/12/02 23:46:06 | 000,132,569 | ---- | C] () -- C:\WINDOWS\System32\imlib-jpeg.dll
[2009/12/02 23:46:06 | 000,028,405 | ---- | C] () -- C:\WINDOWS\System32\gnu-intl.dll
[2009/09/13 17:57:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Local Settings\Application Data\housecall.guid.cache
[2009/05/16 16:40:16 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/04/26 01:19:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2009/03/06 20:47:37 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\PnkBstrK.sys
[2008/12/04 00:16:55 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2008/10/12 03:03:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2008/09/14 07:32:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/03/19 19:13:55 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2008/02/16 20:56:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ANTSWLIB.INI
[2008/02/03 20:07:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/01/31 15:53:38 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2008/01/31 15:53:38 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2008/01/12 12:13:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/01/08 02:33:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/01/08 02:33:03 | 000,534,016 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/01/08 02:33:03 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/01/08 02:33:03 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/01/08 02:33:03 | 000,097,792 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/01/08 02:33:03 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/01/08 02:07:47 | 003,889,728 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2008/01/08 02:07:47 | 001,143,989 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2008/01/08 02:07:47 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.exe
[2008/01/08 02:07:33 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\buyurl0501.dat
[2008/01/05 04:40:45 | 000,002,252 | ---- | C] () -- C:\WINDOWS\FORGE32.INI
[2007/12/19 23:04:44 | 000,000,461 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2007/11/12 21:44:39 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/11/12 21:42:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/08/27 19:33:26 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/27 19:33:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/26 11:33:47 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/08/26 09:03:21 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2007/08/26 01:45:48 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/08/26 01:45:48 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/08/26 01:19:11 | 000,211,968 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/26 00:48:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/26 00:42:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/08/25 17:32:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/25 17:30:31 | 000,136,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/29 00:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2005/12/10 02:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 02:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/02 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/04 02:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 12:48:44 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_000015_.tmp.dll
[2004/07/17 12:48:44 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_000014_.tmp.dll
[2003/10/01 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,502,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,087,784 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1998/06/14 04:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

========== LOP Check ==========

[2009/06/16 17:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/02/22 22:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGS Demo Game
[2009/11/05 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\amBX_Events
[2008/02/15 20:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2008/12/04 00:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Philips
[2009/09/10 00:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/01/05 03:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2010/07/16 09:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/12 23:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/07/16 20:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/26 23:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\.BitTornado
[2010/11/01 02:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\.minecraft
[2008/02/15 00:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\.mudmagic
[2009/06/16 17:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\acccore
[2007/12/15 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Aim
[2009/11/05 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\amBX_Events
[2011/03/25 18:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\FileZilla
[2009/03/15 14:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\id Software
[2008/12/12 03:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\InfraRecorder
[2010/01/03 02:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\LucasArts
[2008/01/31 04:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mount&Blade
[2010/02/07 15:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\rockbox.org
[2009/01/09 03:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\ScummVM
[2010/06/12 10:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\SystemRequirementsLab
[2009/04/29 07:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2008/05/13 00:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Ulead Systems
[2009/02/07 07:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\uqm
[2010/11/27 16:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\uqmmod
[2007/12/17 00:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Viewpoint

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

#5
angriestmonster

Posted 15 May 2011 - 08:02 AM

Member

Topic Starter
Member
10 posts

TDSS log (note that it blocked me from accessing kaspersky's website completely; downloaded it from softpedia instead.)

2011/05/15 06:50:42.0562 2088 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/15 06:50:44.0562 2088 ================================================================================
2011/05/15 06:50:44.0562 2088 SystemInfo:
2011/05/15 06:50:44.0562 2088
2011/05/15 06:50:44.0562 2088 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/15 06:50:44.0562 2088 Product type: Workstation
2011/05/15 06:50:44.0562 2088 ComputerName: IH8U
2011/05/15 06:50:44.0562 2088 UserName: JERKFACE MCMONSTER
2011/05/15 06:50:44.0562 2088 Windows directory: C:\WINDOWS
2011/05/15 06:50:44.0562 2088 System windows directory: C:\WINDOWS
2011/05/15 06:50:44.0562 2088 Processor architecture: Intel x86
2011/05/15 06:50:44.0562 2088 Number of processors: 1
2011/05/15 06:50:44.0562 2088 Page size: 0x1000
2011/05/15 06:50:44.0562 2088 Boot type: Normal boot
2011/05/15 06:50:44.0562 2088 ================================================================================
2011/05/15 06:50:44.0890 2088 Initialize success
2011/05/15 06:51:42.0656 3296 ================================================================================
2011/05/15 06:51:42.0656 3296 Scan started
2011/05/15 06:51:42.0656 3296 Mode: Manual;
2011/05/15 06:51:42.0656 3296 ================================================================================
2011/05/15 06:51:43.0218 3296 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/05/15 06:51:43.0406 3296 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/15 06:51:43.0484 3296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/15 06:51:43.0640 3296 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/15 06:51:43.0703 3296 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
2011/05/15 06:51:43.0968 3296 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/05/15 06:51:44.0078 3296 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/15 06:51:44.0343 3296 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/15 06:51:44.0406 3296 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/15 06:51:44.0531 3296 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/15 06:51:44.0640 3296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/15 06:51:44.0718 3296 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/05/15 06:51:44.0781 3296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/15 06:51:44.0890 3296 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/15 06:51:44.0984 3296 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/05/15 06:51:45.0062 3296 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/15 06:51:45.0156 3296 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/15 06:51:45.0250 3296 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/15 06:51:45.0343 3296 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/05/15 06:51:45.0421 3296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/15 06:51:45.0500 3296 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/15 06:51:45.0640 3296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/15 06:51:45.0734 3296 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/15 06:51:45.0812 3296 Cdrom (9d5495b4f238b732b593f27c922deb50) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/15 06:51:46.0062 3296 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/05/15 06:51:46.0250 3296 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/15 06:51:46.0562 3296 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/15 06:51:46.0656 3296 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/15 06:51:46.0734 3296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/15 06:51:46.0796 3296 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/15 06:51:46.0890 3296 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/15 06:51:46.0968 3296 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/05/15 06:51:47.0015 3296 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
2011/05/15 06:51:47.0093 3296 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/15 06:51:47.0187 3296 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/15 06:51:47.0250 3296 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/15 06:51:47.0312 3296 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/15 06:51:47.0406 3296 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/15 06:51:47.0453 3296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/15 06:51:47.0500 3296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/15 06:51:47.0562 3296 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/05/15 06:51:47.0625 3296 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/15 06:51:47.0687 3296 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/15 06:51:47.0812 3296 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/15 06:51:47.0890 3296 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/15 06:51:47.0984 3296 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/15 06:51:48.0078 3296 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/15 06:51:48.0265 3296 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/15 06:51:48.0343 3296 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/15 06:51:48.0531 3296 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/15 06:51:48.0656 3296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/15 06:51:48.0718 3296 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/15 06:51:48.0828 3296 IpNat (d58ecd3b3969a670e68588f1640920b6) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/15 06:51:48.0890 3296 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/15 06:51:48.0968 3296 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/15 06:51:49.0031 3296 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/15 06:51:49.0234 3296 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/15 06:51:49.0328 3296 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/15 06:51:49.0406 3296 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/15 06:51:49.0468 3296 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/15 06:51:49.0640 3296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/15 06:51:49.0718 3296 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/15 06:51:49.0765 3296 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/15 06:51:49.0812 3296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/15 06:51:49.0859 3296 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/15 06:51:49.0984 3296 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/15 06:51:50.0093 3296 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/15 06:51:50.0250 3296 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/05/15 06:51:50.0296 3296 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/15 06:51:50.0375 3296 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/15 06:51:50.0453 3296 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/15 06:51:50.0515 3296 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/15 06:51:50.0625 3296 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/15 06:51:50.0703 3296 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/15 06:51:50.0765 3296 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/05/15 06:51:50.0843 3296 Mup (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/15 06:51:50.0953 3296 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/15 06:51:51.0046 3296 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/15 06:51:51.0109 3296 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/15 06:51:51.0250 3296 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/15 06:51:51.0328 3296 Ndisuio (5146c3d286e66c72328f6ce6e4d983a8) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/15 06:51:51.0421 3296 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/15 06:51:51.0484 3296 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/15 06:51:51.0531 3296 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/15 06:51:51.0593 3296 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/15 06:51:51.0718 3296 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/15 06:51:51.0812 3296 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/05/15 06:51:51.0875 3296 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/15 06:51:51.0968 3296 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/15 06:51:52.0062 3296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/15 06:51:52.0500 3296 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/15 06:51:52.0906 3296 NVENET (fbe448efa5484a256528e1d02b959bbc) C:\WINDOWS\system32\DRIVERS\NVENET.sys
2011/05/15 06:51:53.0000 3296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/15 06:51:53.0062 3296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/15 06:51:53.0187 3296 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/15 06:51:53.0265 3296 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/05/15 06:51:53.0359 3296 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
2011/05/15 06:51:53.0484 3296 PAEAFLT.sys (301e92ce7fb606f94f124a76d8145622) C:\WINDOWS\system32\DRIVERS\PAEAFLT.sys
2011/05/15 06:51:53.0562 3296 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/15 06:51:53.0625 3296 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/15 06:51:53.0687 3296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/15 06:51:53.0750 3296 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/15 06:51:53.0875 3296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/15 06:51:53.0953 3296 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/15 06:51:54.0343 3296 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/15 06:51:54.0406 3296 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/15 06:51:54.0453 3296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/15 06:51:54.0531 3296 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/15 06:51:54.0828 3296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/15 06:51:54.0890 3296 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/15 06:51:54.0953 3296 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/15 06:51:55.0000 3296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/15 06:51:55.0093 3296 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/15 06:51:55.0140 3296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/15 06:51:55.0234 3296 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/15 06:51:55.0312 3296 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/15 06:51:55.0390 3296 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/15 06:51:55.0468 3296 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/15 06:51:55.0578 3296 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/05/15 06:51:55.0671 3296 RT73 (705df018e8497a50a87a24c7241c9a01) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/05/15 06:51:55.0781 3296 RTL8192su (b29eeb1ea7971bd83069eb2e2258d224) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
2011/05/15 06:51:55.0906 3296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/15 06:51:56.0000 3296 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/15 06:51:56.0046 3296 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/15 06:51:56.0140 3296 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/15 06:51:56.0281 3296 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/15 06:51:56.0468 3296 SPC230NC (2265d43d44cf9695c050e3b58f05295b) C:\WINDOWS\system32\DRIVERS\SPC230NC.SYS
2011/05/15 06:51:56.0562 3296 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/15 06:51:56.0640 3296 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/15 06:51:56.0640 3296 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/05/15 06:51:56.0656 3296 sptd - detected LockedFile.Multi.Generic (1)
2011/05/15 06:51:56.0750 3296 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/15 06:51:56.0859 3296 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/15 06:51:56.0953 3296 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/15 06:51:57.0046 3296 StreamSurge (21017e14e92b65f157ae30be7badaf5e) C:\WINDOWS\system32\DRIVERS\ss.sys
2011/05/15 06:51:57.0109 3296 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/15 06:51:57.0187 3296 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/15 06:51:57.0421 3296 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/15 06:51:57.0515 3296 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/15 06:51:57.0609 3296 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/15 06:51:57.0687 3296 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/15 06:51:57.0765 3296 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/15 06:51:57.0921 3296 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/15 06:51:58.0000 3296 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
2011/05/15 06:51:58.0156 3296 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/15 06:51:58.0296 3296 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/15 06:51:58.0390 3296 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/05/15 06:51:58.0484 3296 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/15 06:51:58.0562 3296 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/05/15 06:51:58.0656 3296 usbehci (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/15 06:51:58.0718 3296 usbhub (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/15 06:51:58.0781 3296 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/05/15 06:51:58.0843 3296 usbohci (555b2b2108c5085cc203202fec702d08) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/15 06:51:58.0906 3296 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/15 06:51:58.0968 3296 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/15 06:51:59.0062 3296 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/15 06:51:59.0140 3296 VClone (1a131c2ca1b99542f9b0dd0c901f6587) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/05/15 06:51:59.0234 3296 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/15 06:51:59.0328 3296 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/15 06:51:59.0421 3296 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/05/15 06:51:59.0515 3296 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/15 06:51:59.0593 3296 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/15 06:51:59.0734 3296 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/15 06:51:59.0890 3296 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/05/15 06:52:00.0000 3296 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/05/15 06:52:00.0109 3296 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/15 06:52:00.0218 3296 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/15 06:52:00.0312 3296 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/15 06:52:00.0390 3296 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/15 06:52:00.0484 3296 zumbus (9b2c9d322e3fbb1814d7c17a980c1286) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2011/05/15 06:52:00.0968 3296 ================================================================================
2011/05/15 06:52:00.0968 3296 Scan finished
2011/05/15 06:52:00.0968 3296 ================================================================================
2011/05/15 06:52:01.0046 3288 Detected object count: 1
2011/05/15 06:52:21.0500 3288 LockedFile.Multi.Generic(sptd) - User select action: Skip

#6
Essexboy

Posted 15 May 2011 - 08:49 AM

GeekU Moderator

Retired Staff
69,964 posts

I think we have a double MBR infection here

To clear this I will need to use Combofix to install the recovery console and remove sptd from your system

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - [2011/05/07 13:35:14 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Aim6] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 60xu9 = C:\WINDOWS\TEMP\qtfcyyp.exe ()

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

FINALLY

Could you re-run an aswMBR scan please

#7
angriestmonster

Posted 15 May 2011 - 09:41 AM

Member

Topic Starter
Member
10 posts

Unfortunately, ComboFix errors out (and then DELETES ITSELF!) with this message:

!! ALERT !! It is NOT SAFE to continue!

The contents of the ComboFix package has been compromised.
Please download a fresh copy from:

http://www.bleepingc...to-use-combofix

Note: You may be infected with a file patching virus 'Virut'

here's the OTL

OTL logfile created on: 5/15/2011 8:17:37 AM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 644.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 11.09 Gb Free Space | 11.36% Space Free | Partition Type: NTFS
Drive D: | 14.13 Gb Total Space | 0.96 Gb Free Space | 6.80% Space Free | Partition Type: NTFS
Drive F: | 968.25 Mb Total Space | 827.91 Mb Free Space | 85.51% Space Free | Partition Type: FAT

Computer Name: IH8U | User Name: JERKFACE MCMONSTER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 08:13:00 | 000,068,608 | ---- | M] () -- C:\WINDOWS\temp\qtfcyyp.exe
PRC - [2011/05/07 18:14:00 | 000,608,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads\OTL.exe
PRC - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/05/26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/27 12:29:36 | 000,167,936 | ---- | M] (amBX UK Ltd.) -- C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
PRC - [2009/10/14 16:43:08 | 000,640,512 | -HS- | M] (amBX) -- C:\Program Files\amBX\System\amBX_Service.exe
PRC - [2009/09/04 13:16:54 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/09/30 12:47:30 | 000,075,264 | ---- | M] (amBX) -- C:\Program Files\amBX\Effects\amBX Event Manager.exe
PRC - [2008/06/09 14:51:48 | 000,568,320 | ---- | M] (Philips) -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe
PRC - [2008/06/09 14:51:48 | 000,038,400 | ---- | M] () -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe
PRC - [2008/03/06 07:28:04 | 002,559,833 | ---- | M] (Philips) -- C:\Program Files\amBX\Illuminate\Illuminate.exe
PRC - [2007/12/10 16:55:26 | 000,352,256 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Philips\SPC230NC\Monitor.exe
PRC - [2007/06/13 04:26:03 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,053,248 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/04/27 14:59:24 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/02/15 16:10:16 | 000,086,016 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2004/12/13 04:34:32 | 000,077,824 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/12/02 18:23:34 | 000,131,072 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

========== Modules (SafeList) ==========

MOD - [2011/05/07 18:14:00 | 000,608,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads\OTL.exe
MOD - [2009/10/27 12:29:14 | 000,057,344 | ---- | M] (amBX UK Ltd.) -- C:\Program Files\amBX\Gaming FXGen\win32\LoadLibInterceptor.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [1999/03/29 08:34:06 | 000,110,595 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Msscript1.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/11/24 15:37:36 | 004,263,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/02/19 20:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/14 16:43:08 | 000,640,512 | -HS- | M] (amBX) [Auto | Running] -- C:\Program Files\amBX\System\amBX_Service.exe -- (amBX Service)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/09/06 16:47:36 | 000,611,664 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/06/09 14:51:48 | 000,568,320 | ---- | M] (Philips) [On_Demand | Running] -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe -- (Philips amBX USB HAL)
SRV - [2008/06/09 14:51:48 | 000,038,400 | ---- | M] () [Auto | Running] -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe -- (Philips HAL Starter)
SRV - [2007/01/04 14:38:08 | 000,053,248 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/27 14:59:24 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004/12/13 04:34:32 | 000,077,824 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/06/09 14:52:04 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/12/31 17:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/09/26 15:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/06/15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/05/23 14:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/18 15:39:38 | 000,242,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) Airlink101 USB XR Adapter Driver (RT73)
DRV - [2005/06/17 13:48:46 | 000,019,968 | ---- | M] (WikiTek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - [2005/04/12 01:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005/01/10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/12/23 17:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004/08/03 23:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 16:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/09/22 19:37:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 00:47:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 00:47:19 | 000,000,000 | ---D | M]

[2008/09/14 07:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Extensions
[2011/05/15 01:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions
[2011/04/30 08:43:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/05/14 13:31:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/28 08:31:48 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mozilla\Firefox\Profiles\bdaqqwil.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/15 01:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 22:01:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/02 19:11:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/28 12:56:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/09 20:19:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/08/11 19:54:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/08/17 00:36:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/05/15 08:17:17 | 000,000,052 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: ㈱⸷⸰⸰‱†††潬慣桬獯൴㨊ㄺ†††氠捯污潨瑳਍਍
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [amBX Daemon] C:\Program Files\amBX\Control Panel\amBXDaemon.exe (Koninklijke Philips N.V.)
O4 - HKLM..\Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe (amBX UK Ltd.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\amBX Effects.lnk = C:\Program Files\amBX\Effects\amBX Event Manager.exe (amBX)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\amBX Illuminate.lnk = C:\Program Files\amBX\Illuminate\Illuminate.exe (Philips)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 60xu9 = C:\WINDOWS\TEMP\qtfcyyp.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Coffee Bean.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Coffee Bean.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/02 19:27:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/15 03:40:36 | 000,000,028 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 06:50:37 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\TDSSKiller.exe
[2011/05/15 06:39:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/14 13:31:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/09 00:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/05/09 00:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\Downloads
[2011/05/07 21:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\My Music
[2011/05/07 21:50:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\My Pictures
[2011/05/07 18:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\blurg
[2011/05/07 16:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Malwarebytes
[2011/05/07 16:23:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/07 16:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/07 16:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/07 16:23:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/07 16:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/07 14:48:59 | 000,000,000 | ---D | C] -- C:\MTU
[2011/05/07 14:46:10 | 000,545,280 | ---- | C] (Igor Pavlov) -- C:\WINDOWS\System32\7za.exe
[2011/05/07 13:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\karaocrime
[2011/05/07 13:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2011/05/07 03:31:08 | 000,032,768 | ---- | C] (Frog ASPI / Millenod) -- C:\WINDOWS\System32\FrogASPI.DLL
[2011/05/07 03:31:06 | 000,086,016 | ---- | C] (NexiTech, Inc.) -- C:\WINDOWS\System32\WNASPINT.DLL
[2011/05/07 03:09:00 | 000,000,000 | ---D | C] -- C:\cdrgui
[2011/05/07 02:42:38 | 000,000,000 | ---D | C] -- C:\cdrecord
[2011/05/06 19:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/05/06 18:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\MP3+G Toolz .NET 4
[2011/05/06 18:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Doblon
[2002/04/10 02:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/15 08:17:17 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/15 08:13:00 | 000,205,967 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/15 08:12:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 08:08:40 | 004,348,448 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\ComboFix.exe
[2011/05/15 04:39:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\MBR.dat
[2011/05/13 13:21:00 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\TDSSKiller.exe
[2011/05/13 07:24:41 | 000,953,019 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\test.wmv
[2011/05/13 07:18:07 | 000,087,360 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\gmer.wmv
[2011/05/12 21:31:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 00:58:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/09 19:12:54 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/05/09 00:47:23 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/09 00:47:23 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/07 17:48:00 | 000,211,968 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 17:43:47 | 000,001,534 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/05/07 16:23:24 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 14:48:59 | 000,000,033 | ---- | M] () -- C:\WINDOWS\Microstudio-Demo.INI
[2011/05/07 13:47:16 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\ax_files.xml
[2011/05/07 02:21:08 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2011/05/06 18:57:11 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\Shortcut to MP3GToolz.exe.lnk
[2011/04/30 23:05:06 | 000,002,252 | ---- | M] () -- C:\WINDOWS\FORGE32.INI
[2011/04/15 13:29:03 | 000,004,919 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies

========== Files Created - No Company Name ==========

[2011/05/15 08:08:28 | 004,348,448 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\ComboFix.exe
[2011/05/15 04:39:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\MBR.dat
[2011/05/13 07:24:37 | 000,953,019 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\test.wmv
[2011/05/13 07:18:06 | 000,087,360 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\gmer.wmv
[2011/05/07 16:23:24 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 14:48:59 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Microstudio-Demo.INI
[2011/05/07 13:47:16 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\My Documents\ax_files.xml
[2011/05/06 18:57:11 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\Shortcut to MP3GToolz.exe.lnk
[2011/04/27 00:11:39 | 117,700,594 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Desktop\50YearsOfMadLibs.pdf
[2011/04/14 23:55:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/07 20:38:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/04 09:30:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/06/12 11:04:58 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/05/02 09:10:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/23 17:40:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/12/06 05:24:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/02 23:46:06 | 000,747,486 | ---- | C] () -- C:\WINDOWS\System32\iconv-1.3.dll
[2009/12/02 23:46:06 | 000,413,808 | ---- | C] () -- C:\WINDOWS\System32\imlib-tiff.dll
[2009/12/02 23:46:06 | 000,145,041 | ---- | C] () -- C:\WINDOWS\System32\imlib-png.dll
[2009/12/02 23:46:06 | 000,134,266 | ---- | C] () -- C:\WINDOWS\System32\gdk_imlib.dll
[2009/12/02 23:46:06 | 000,132,569 | ---- | C] () -- C:\WINDOWS\System32\imlib-jpeg.dll
[2009/12/02 23:46:06 | 000,028,405 | ---- | C] () -- C:\WINDOWS\System32\gnu-intl.dll
[2009/09/13 17:57:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Local Settings\Application Data\housecall.guid.cache
[2009/05/16 16:40:16 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/04/26 01:19:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2009/03/06 20:47:37 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\PnkBstrK.sys
[2008/12/04 00:16:55 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2008/10/12 03:03:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2008/09/14 07:32:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/03/19 19:13:55 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2008/02/16 20:56:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ANTSWLIB.INI
[2008/02/03 20:07:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/01/31 15:53:38 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2008/01/31 15:53:38 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2008/01/12 12:13:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/01/08 02:33:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/01/08 02:33:03 | 000,534,016 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/01/08 02:33:03 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/01/08 02:33:03 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/01/08 02:33:03 | 000,097,792 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/01/08 02:33:03 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/01/08 02:07:47 | 003,889,728 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2008/01/08 02:07:47 | 001,143,989 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2008/01/08 02:07:47 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.exe
[2008/01/08 02:07:33 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\buyurl0501.dat
[2008/01/05 04:40:45 | 000,002,252 | ---- | C] () -- C:\WINDOWS\FORGE32.INI
[2007/12/19 23:04:44 | 000,000,461 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2007/11/12 21:44:39 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/11/12 21:42:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/08/27 19:33:26 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/27 19:33:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/26 11:33:47 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/08/26 09:03:21 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2007/08/26 01:45:48 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/08/26 01:45:48 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/08/26 01:19:11 | 000,211,968 | ---- | C] () -- C:\Documents and Settings\JERKFACE MCMONSTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/26 00:48:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/26 00:42:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/08/25 17:32:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/25 17:30:31 | 000,136,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/29 00:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2005/12/10 02:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 02:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/02 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/04 02:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 12:48:44 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_000015_.tmp.dll
[2004/07/17 12:48:44 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_000014_.tmp.dll
[2003/10/01 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,502,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,087,784 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1998/06/14 04:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

========== LOP Check ==========

[2009/06/16 17:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/02/22 22:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGS Demo Game
[2009/11/05 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\amBX_Events
[2008/02/15 20:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2008/12/04 00:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Philips
[2009/09/10 00:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/01/05 03:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2010/07/16 09:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/12 23:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/07/16 20:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/26 23:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\.BitTornado
[2010/11/01 02:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\.minecraft
[2008/02/15 00:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\.mudmagic
[2009/06/16 17:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\acccore
[2007/12/15 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Aim
[2009/11/05 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\amBX_Events
[2011/03/25 18:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\FileZilla
[2009/03/15 14:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\id Software
[2008/12/12 03:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\InfraRecorder
[2010/01/03 02:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\LucasArts
[2008/01/31 04:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Mount&Blade
[2010/02/07 15:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\rockbox.org
[2009/01/09 03:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\ScummVM
[2010/06/12 10:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\SystemRequirementsLab
[2009/04/29 07:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2008/05/13 00:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Ulead Systems
[2009/02/07 07:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\uqm
[2010/11/27 16:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\uqmmod
[2007/12/17 00:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JERKFACE MCMONSTER\Application Data\Viewpoint

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

and here's the aswMBR

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-05-15 08:32:29
-----------------------------
08:32:29.062 OS Version: Windows 5.1.2600 Service Pack 2
08:32:29.062 Number of processors: 1 586 0xA00
08:32:29.062 ComputerName: IH8U UserName:
08:32:36.984 Initialize success
08:32:50.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:32:50.125 Disk 0 Vendor: WDC_WD1200JB-00EVA0 15.05R15 Size: 114473MB BusType: 3
08:32:52.140 Disk 0 MBR read successfully
08:32:52.140 Disk 0 MBR scan
08:32:54.140 Disk 0 scanning sectors +234420480
08:32:54.156 Disk 0 scanning C:\WINDOWS\system32\drivers
08:33:02.000 Service scanning
08:33:04.359 Disk 0 trace - called modules:
08:33:04.375 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:33:04.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5fab8]
08:33:04.375 3 CLASSPNP.SYS[f769005b] -> nt!IofCallDriver -> \Device\0000006c[0x86f60e98]
08:33:04.375 5 ACPI.sys[f75e6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f2dd98]
08:33:04.375 Scan finished successfully

#8
Essexboy

Posted 15 May 2011 - 09:48 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets check that out - If virut is present then you would be advised to start backing up your documents, music and photos only

Download Dr Web from here Fill in the small form and download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

#9
angriestmonster

Posted 15 May 2011 - 10:06 AM

Member

Topic Starter
Member
10 posts

do you have a mirror? it's blocking access to that site.

edit: nvm cnet had it.

Edited by angriestmonster, 15 May 2011 - 10:07 AM.

#10
angriestmonster

Posted 15 May 2011 - 10:24 AM

Member

Topic Starter
Member
10 posts

okay, the cnet version was over a year old and all other links i can find redirect to blocked websites. i may have to resort to downloading it on another computer.

#11
Essexboy

Posted 15 May 2011 - 10:37 AM

GeekU Moderator

Retired Staff
69,964 posts

You can run this from a CD as a live disc if you wish - thereby working outside of windows

Download FreeISOBurner to desktop
Download Dr.Web Live CD to desktop

Insert blank CD into CD burner
Start FreeISOBurner
Click Open button and load Dr.Web LiveCD ISO file
Select burn speed 16x or less
Press Burn button
Having made the bootable CD set your system to boot from CD (Instructions)
Once Dr.Web starts select Dr.Web LiveCD (Default)
Press Scanner button on the top
Press Custom scan on the left side
Check all disks on the right side
Now press Begin the scan button to start scanner
After the scan select all infected files and press Cure button
Select Tools then Journal
Click Export button and save report as drweb.txt to hda1 folder

Restart your system and post C:\drweb.txt log here for me.

#12
angriestmonster

Posted 16 May 2011 - 07:19 AM

Member

Topic Starter
Member
10 posts

sounds like that's what i'm going to have to do- I ran a full scan in safe mode and tried to run combofix again and it still gives the same message. I'll get back to you as soon as i've finished another full scan (probably tomorrow)

#13
Essexboy

Posted 16 May 2011 - 11:01 AM

GeekU Moderator

Retired Staff
69,964 posts

Thanks for the update - and I hope that combofix was wrong

#14
angriestmonster

Posted 16 May 2011 - 08:53 PM

Member

Topic Starter
Member
10 posts

Oh I should have made it clear- Dr. Web found 2000+ Virut-infected .EXEs when i scanned in safe mode. Is there no turning back once it's Virut?

Also, the LiveCD won't run. It gives me "cannot find boot device" and "/bin/sh: can't access tty: job control turned off" and kicks me to what I'm guessing is a Linux command prompt (I'm not super familiar with Linux.) I don't suppose there are any workarounds?

#15
Essexboy

Posted 17 May 2011 - 10:55 AM

GeekU Moderator

Retired Staff
69,964 posts

Dr. Web found 2000+ Virut-infected .EXEs when i scanned in safe mode. Is there no turning back once it's Virut?

I am afraid not - if you require any assistance in reformating and reinstalling please let me know

Well, I'm afraid I have bad news for you.

You have been infected with a polymorphic file infector named Virut. This infection will spread to every executable file in your computer, and unfortunately the only cure for it is to Reformat and Reinstall.

Right now, the best thing you can do is to backup, preferably to CD, all your important data, documents, pictures, movies, and songs.

DO NOT backup any applications or installers and DO NOT backup any files with the following extensions:

.exe
.scr
.htm
.html
.xml
.zip
.rar
.doc
.jpg
.pdf

For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

To find out more information about how you may have got infected in the first place, you can read this article.

I am sorry I cannot give any better news.