alexinc

Yes, thank you, MrC. What exactly is the file that I am missing and do I need it?

Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.23.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Administrator :: ALEXXX-12E93458 [administrator] 5/23/2012 18:01:56 mbam-log-2012-05-23 (18-01-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204719 Time elapsed: 1 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

https://www.virustotal.com/file/ecc0da9dffdc7ae260304239c50ab91b17860e964eceec6871fca23933d6a248/analysis/1337818712/

http://virusscan.jotti.org/en/scanresult/9d3533f8834c192db03b56b1569264728c41994a

I have hidden files enabled and it isn't showing up: I will try but I don't know too many people still using Windows. Is there another way to grab the file(s)?

There was no tcpip.sys to upload for the free scan. I do not have an XP cd...

SystemLook 30.07.11 by jpshortstuff Log created at 09:29 on 23/05/2012 by Administrator Administrator - Elevation successful ========== Filefind ========== Searching for "tcpip.sys" C:\WINDOWS\system32\drivers\tcpip.sys --a--c- 361600 bytes [00:36 03/03/2009] [00:36 03/03/2009] A29E1209F925A0E9B330E11DA5FC7BAB Searching for "vbscript.dll" No files found. -= EOF =-

Combofix.txt: --------------- ComboFix 12-05-22.02 - Administrator 05/22/2012 17:02:09.5.2 - x86 Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt . FILE :: "c:\windows\system32\02000000c27ec2a91406C.manifest" "c:\windows\system32\02000000c27ec2a91406O.manifest" "c:\windows\system32\02000000c27ec2a91406P.manifest" "c:\windows\system32\02000000c27ec2a91406S.manifest" "c:\windows\system32\odpdx3232.exe" c:\windows\system32\vbscript.dll is missing . . ((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 ))))))))))))))))))))))))))))))) . . 2012-05-18 23:54 . 2010-11-09 21:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-05-18 23:54 . 2010-11-09 21:56 27984 ----a-w- c:\windows\system32\sbbd.exe 2012-05-18 23:53 . 2012-05-19 02:29 -------- d-----w- C:\VIPRERESCUE 2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\wbem\snmp 2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\xircom 2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\oobe 2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\srchasst 2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\msagent 2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\program files\microsoft frontpage 2012-05-14 23:57 . 2012-05-14 23:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-14 23:17 . 2012-05-14 23:22 -------- d-----w- c:\windows\SxsCaPendDel 2012-05-14 23:14 . 2012-05-14 23:14 -------- d-----w- c:\windows\system32\syncdb 2012-04-29 23:41 . 2012-04-29 23:41 -------- d-----w- c:\program files\Common Files\Java 2012-04-29 23:40 . 2012-04-29 23:40 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-29 23:40 . 2012-04-29 23:40 476960 ----a-w- c:\windows\system32\npdeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-29 23:40 . 2010-08-02 04:07 472864 -c--a-w- c:\windows\system32\deployJava1.dll 2012-04-04 22:56 . 2010-02-08 23:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys 2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys 2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys 2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys 2012-03-26 21:24 . 2012-03-30 21:47 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-03-03 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2012-05-16_22.38.27 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-18 23:21 . 2012-05-18 23:21 16384 c:\windows\Temp\Perflib_Perfdata_730.dat + 2001-08-23 13:00 . 2012-05-18 23:25 58170 c:\windows\system32\perfc009.dat - 2001-08-23 13:00 . 2012-05-16 22:29 58170 c:\windows\system32\perfc009.dat + 2001-08-23 13:00 . 2012-05-18 23:25 392690 c:\windows\system32\perfh009.dat - 2001-08-23 13:00 . 2012-05-16 22:29 392690 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2008-04-14 99840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=ma_cmidn.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . --- Other Services/Drivers In Memory --- . *NewlyCreated* - AWLYIAOC *NewlyCreated* - SBRE *Deregistered* - awlyiaoc *Deregistered* - SBRE . Contents of the 'Scheduled Tasks' folder . 2012-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1425521274-1177238915-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:52] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1425521274-1177238915-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://gmail.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-22 17:06 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(892) c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll . - - - - - - - > 'explorer.exe'(3296) c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . Completion time: 2012-05-22 17:07:00 ComboFix-quarantined-files.txt 2012-05-23 00:06 ComboFix2.txt 2012-05-18 23:23 ComboFix3.txt 2012-05-18 22:34 ComboFix4.txt 2012-05-16 22:40 . Pre-Run: 34,490,691,584 bytes free Post-Run: 34,481,127,424 bytes free . - - End Of File - - 26131B4A2DF119DD3C02389A91D5D9D9 MBAM.txt: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.22.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Administrator :: ALEXXX-12E93458 [administrator] 5/22/2012 17:08:31 mbam-log-2012-05-22 (17-08-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 203105 Time elapsed: 1 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Ignore post #36 & #37, I don't know where those are from.

GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-21 14:26:09 Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD740GD-00FLC0 rev.33.08F33 Running: ie9w8jqn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlyiaoc.sys ---- System - GMER 1.0.15 ---- SSDT spjk.sys ZwCreateKey [0xF74E40E0] SSDT spjk.sys ZwEnumerateKey [0xF74FCDA4] SSDT spjk.sys ZwEnumerateValueKey [0xF74FD132] SSDT spjk.sys ZwOpenKey [0xF74E40C0] SSDT spjk.sys ZwQueryKey [0xF74FD20A] SSDT spjk.sys ZwQueryValueKey [0xF74FD08A] SSDT spjk.sys ZwSetValueKey [0xF74FD29C] INT 0x62 ? 89BA0BF8 INT 0x63 ? 89BA3BF8 INT 0x73 ? 89A39BF8 INT 0x82 ? 89BA0BF8 INT 0x84 ? 89A39BF8 INT 0x94 ? 89A39BF8 INT 0xA4 ? 89BA0BF8 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89C101F8 Device \FileSystem\Fastfat \FatCdrom 891A01F8 Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys Device \Driver\usbuhci \Device\USBPDO-0 89A401F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C121F8 Device \Driver\dmio \Device\DmControl\DmConfig 89C121F8 Device \Driver\dmio \Device\DmControl\DmPnP 89C121F8 Device \Driver\dmio \Device\DmControl\DmInfo 89C121F8 Device \Driver\usbuhci \Device\USBPDO-1 89A401F8 Device \Driver\usbuhci \Device\USBPDO-2 89A401F8 Device \Driver\usbuhci \Device\USBPDO-3 89A401F8 Device \Driver\usbehci \Device\USBPDO-4 89A3C1F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA11F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA11F8 Device \Driver\Cdrom \Device\CdRom0 899B91F8 Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBT_Tcpip_{FE9C3D2F-3043-4C23-A592-1D6D3FE86BA3} 894201F8 Device \Driver\Cdrom \Device\CdRom1 899B91F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 894201F8 Device \Driver\NetBT \Device\NetbiosSmb 894201F8 Device \Driver\sptd \Device\3878850960 spjk.sys Device \Driver\usbuhci \Device\USBFDO-0 89A401F8 Device \Driver\usbuhci \Device\USBFDO-1 89A401F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894241F8 Device \Driver\usbuhci \Device\USBFDO-2 89A401F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 894241F8 Device \Driver\usbuhci \Device\USBFDO-3 89A401F8 Device \Driver\usbehci \Device\USBFDO-4 89A3C1F8 Device \Driver\Ftdisk \Device\FtControl 89BA11F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{6DF6B719-B140-40B1-BA68-29991289C2F8} 894201F8 Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1 899B51F8 Device \Driver\mv614x \Device\Scsi\mv614x1 89C111F8 Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1Port5Path0Target0Lun0 899B51F8 Device \FileSystem\Fastfat \Fat 891A01F8 Device \FileSystem\Cdfs \Cdfs 893B91F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ... ---- EOF - GMER 1.0.15 ---- Gmer.txt

<p> </p> <div>GMER 1.0.15.15641 - http://www.gmer.net</div> <div>Rootkit scan 2012-05-21 14:26:09</div> <div>Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD740GD-00FLC0 rev.33.08F33</div> <div>Running: ie9w8jqn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlyiaoc.sys</div> <div> </div> <div> </div> <div>---- System - GMER 1.0.15 ----</div> <div> </div> <div>SSDT spjk.sys ZwCreateKey [0xF74E40E0]</div> <div>SSDT spjk.sys ZwEnumerateKey [0xF74FCDA4]</div> <div>SSDT spjk.sys ZwEnumerateValueKey [0xF74FD132]</div> <div>SSDT spjk.sys ZwOpenKey [0xF74E40C0]</div> <div>SSDT spjk.sys ZwQueryKey [0xF74FD20A]</div> <div>SSDT spjk.sys ZwQueryValueKey [0xF74FD08A]</div> <div>SSDT spjk.sys ZwSetValueKey [0xF74FD29C]</div> <div> </div> <div>INT 0x62 ? 89BA0BF8</div> <div>INT 0x63 ? 89BA3BF8</div> <div>INT 0x73 ? 89A39BF8</div> <div>INT 0x82 ? 89BA0BF8</div> <div>INT 0x84 ? 89A39BF8</div> <div>INT 0x94 ? 89A39BF8</div> <div>INT 0xA4 ? 89BA0BF8</div> <div> </div> <div>---- Devices - GMER 1.0.15 ----</div> <div> </div> <div>Device \FileSystem\Ntfs \Ntfs 89C101F8</div> <div>Device \FileSystem\Fastfat \FatCdrom 891A01F8</div> <div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div> <div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div> <div>Device \Driver\usbuhci \Device\USBPDO-0 89A401F8</div> <div>Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C121F8</div> <div>Device \Driver\dmio \Device\DmControl\DmConfig 89C121F8</div> <div>Device \Driver\dmio \Device\DmControl\DmPnP 89C121F8</div> <div>Device \Driver\dmio \Device\DmControl\DmInfo 89C121F8</div> <div>Device \Driver\usbuhci \Device\USBPDO-1 89A401F8</div> <div>Device \Driver\usbuhci \Device\USBPDO-2 89A401F8</div> <div>Device \Driver\usbuhci \Device\USBPDO-3 89A401F8</div> <div>Device \Driver\usbehci \Device\USBPDO-4 89A3C1F8</div> <div>Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA11F8</div> <div>Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA11F8</div> <div>Device \Driver\Cdrom \Device\CdRom0 899B91F8</div> <div>Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\NetBT \Device\NetBT_Tcpip_{FE9C3D2F-3043-4C23-A592-1D6D3FE86BA3} 894201F8</div> <div>Device \Driver\Cdrom \Device\CdRom1 899B91F8</div> <div>Device \Driver\NetBT \Device\NetBt_Wins_Export 894201F8</div> <div>Device \Driver\NetBT \Device\NetbiosSmb 894201F8</div> <div>Device \Driver\sptd \Device\3878850960 spjk.sys</div> <div>Device \Driver\usbuhci \Device\USBFDO-0 89A401F8</div> <div>Device \Driver\usbuhci \Device\USBFDO-1 89A401F8</div> <div>Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894241F8</div> <div>Device \Driver\usbuhci \Device\USBFDO-2 89A401F8</div> <div>Device \FileSystem\MRxSmb \Device\LanmanRedirector 894241F8</div> <div>Device \Driver\usbuhci \Device\USBFDO-3 89A401F8</div> <div>Device \Driver\usbehci \Device\USBFDO-4 89A3C1F8</div> <div>Device \Driver\Ftdisk \Device\FtControl 89BA11F8</div> <div>Device \Driver\NetBT \Device\NetBT_Tcpip_{6DF6B719-B140-40B1-BA68-29991289C2F8} 894201F8</div> <div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1 899B51F8</div> <div>Device \Driver\mv614x \Device\Scsi\mv614x1 89C111F8</div> <div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1Port5Path0Target0Lun0 899B51F8</div> <div>Device \FileSystem\Fastfat \Fat 891A01F8</div> <div>Device \FileSystem\Cdfs \Cdfs 893B91F8</div> <div> </div> <div>---- Registry - GMER 1.0.15 ----</div> <div> </div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC </div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 </div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 </div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 </div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) </div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) </div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) </div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) </div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div> <div> </div> <div>---- EOF - GMER 1.0.15 ----</div> <div> </div>

<p><span style="font-size:18px;"><strong>Gmer.txt:</strong></span></p> <p>-----------------------------------------------------</p> <p>GMER 1.0.15.15641 - http://www.gmer.net</p> <div>Rootkit scan 2012-05-21 14:26:09</div> <div>Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD740GD-00FLC0 rev.33.08F33</div> <div>Running: ie9w8jqn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlyiaoc.sys</div> <div> </div> <div> </div> <div>---- System - GMER 1.0.15 ----</div> <div> </div> <div>SSDT spjk.sys ZwCreateKey [0xF74E40E0]</div> <div>SSDT spjk.sys ZwEnumerateKey [0xF74FCDA4]</div> <div>SSDT spjk.sys ZwEnumerateValueKey [0xF74FD132]</div> <div>SSDT spjk.sys ZwOpenKey [0xF74E40C0]</div> <div>SSDT spjk.sys ZwQueryKey [0xF74FD20A]</div> <div>SSDT spjk.sys ZwQueryValueKey [0xF74FD08A]</div> <div>SSDT spjk.sys ZwSetValueKey [0xF74FD29C]</div> <div> </div> <div>INT 0x62 ? 89BA0BF8</div> <div>INT 0x63 ? 89BA3BF8</div> <div>INT 0x73 ? 89A39BF8</div> <div>INT 0x82 ? 89BA0BF8</div> <div>INT 0x84 ? 89A39BF8</div> <div>INT 0x94 ? 89A39BF8</div> <div>INT 0xA4 ? 89BA0BF8</div> <div> </div> <div>---- Devices - GMER 1.0.15 ----</div> <div> </div> <div>Device \FileSystem\Ntfs \Ntfs 89C101F8</div> <div>Device \FileSystem\Fastfat \FatCdrom 891A01F8</div> <div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div> <div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div> <div>Device \Driver\usbuhci \Device\USBPDO-0 89A401F8</div> <div>Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C121F8</div> <div>Device \Driver\dmio \Device\DmControl\DmConfig 89C121F8</div> <div>Device \Driver\dmio \Device\DmControl\DmPnP 89C121F8</div> <div>Device \Driver\dmio \Device\DmControl\DmInfo 89C121F8</div> <div>Device \Driver\usbuhci \Device\USBPDO-1 89A401F8</div> <div>Device \Driver\usbuhci \Device\USBPDO-2 89A401F8</div> <div>Device \Driver\usbuhci \Device\USBPDO-3 89A401F8</div> <div>Device \Driver\usbehci \Device\USBPDO-4 89A3C1F8</div> <div>Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA11F8</div> <div>Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA11F8</div> <div>Device \Driver\Cdrom \Device\CdRom0 899B91F8</div> <div>Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div> <div>Device \Driver\NetBT \Device\NetBT_Tcpip_{FE9C3D2F-3043-4C23-A592-1D6D3FE86BA3} 894201F8</div> <div>Device \Driver\Cdrom \Device\CdRom1 899B91F8</div> <div>Device \Driver\NetBT \Device\NetBt_Wins_Export 894201F8</div> <div>Device \Driver\NetBT \Device\NetbiosSmb 894201F8</div> <div>Device \Driver\sptd \Device\3878850960 spjk.sys</div> <div>Device \Driver\usbuhci \Device\USBFDO-0 89A401F8</div> <div>Device \Driver\usbuhci \Device\USBFDO-1 89A401F8</div> <div>Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894241F8</div> <div>Device \Driver\usbuhci \Device\USBFDO-2 89A401F8</div> <div>Device \FileSystem\MRxSmb \Device\LanmanRedirector 894241F8</div> <div>Device \Driver\usbuhci \Device\USBFDO-3 89A401F8</div> <div>Device \Driver\usbehci \Device\USBFDO-4 89A3C1F8</div> <div>Device \Driver\Ftdisk \Device\FtControl 89BA11F8</div> <div>Device \Driver\NetBT \Device\NetBT_Tcpip_{6DF6B719-B140-40B1-BA68-29991289C2F8} 894201F8</div> <div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1 899B51F8</div> <div>Device \Driver\mv614x \Device\Scsi\mv614x1 89C111F8</div> <div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1Port5Path0Target0Lun0 899B51F8</div> <div>Device \FileSystem\Fastfat \Fat 891A01F8</div> <div>Device \FileSystem\Cdfs \Cdfs 893B91F8</div> <div> </div> <div>---- Registry - GMER 1.0.15 ----</div> <div> </div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC </div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 </div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 </div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 </div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div> <div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) </div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) </div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) </div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) </div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div> <div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div> <div> </div> <div>---- EOF - GMER 1.0.15 ----</div> <div> </div>

Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.21.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Administrator :: ALEXXX-12E93458 [administrator] 5/21/2012 12:41:21 mbam-log-2012-05-21 (12-41-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202985 Time elapsed: 1 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\WINDOWS\system32\02000000c27ec2a91406C.manifest (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\02000000c27ec2a91406O.manifest (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\02000000c27ec2a91406P.manifest (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\02000000c27ec2a91406S.manifest (Malware.Trace) -> Quarantined and deleted successfully. (end)

D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric hard Devine Kit 2 Samples\DevinePlong2.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric hard Devine Kit 2 Samples\DevinePlong5.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric hard Devine Kit 2 Samples\DevineRuck.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric hard Devine Kit 2 Samples\Devinesnit.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric hard Devine Kit 2 Samples\metal 20.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric hard Devine Kit 2.kt2:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\40_wingbit1.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\45_bollydrum3.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\46_birdslice_hi.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\50_zither_hit.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\55_wings_procnoise.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\58_zitherstrumcut.nov:AFP_RESOURCE D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\63_trumpetnomore.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\67_bowlamp.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\71_erp_02.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\77_pianopedal_01.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\80_waterwind_01.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\crash_01.wav:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\crash_04.wav D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit Samples\tom_h.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit. kt2:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman05.nov D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman10.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman14.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman21.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman27.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman28.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman31.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman36.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman37.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman38.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman41.nov D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman45.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman55.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman58.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman60.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman61.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman66.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit Samples\sgerman72.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw ars Disco Kit Samples\base.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw ars Disco Kit Samples\fm11.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw ars Disco Kit Samples\fm3.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw ars Disco Kit Samples\fm6.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw ars Disco Kit Samples\gr6.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw ars Disco Kit Samples\ic_zap.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw ars Disco Kit Samples\noi4.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw ars Disco Kit Samples\spr1.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw ars Disco Kit Samples\spr15.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw ars Disco Kit Samples\sto_bd.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw ars Disco Kit Samples\tik_sn.nov:AFP_RESOURCE D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\chirp 3.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\clap st 3.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\clap verb 1.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\clap verb 3.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\hat 1.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\hat 4.wav:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\kick 10.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\kick 7.wav:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\rim 2.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\snap st 4.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\snare 7.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel efon Tel Aviv Kit Samples\TTA 2.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi pHop Kit Samples:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi pHop Kit Samples\aquashaker.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi pHop Kit Samples\chorus_beat.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi pHop Kit Samples\cr_congah.wav:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi pHop Kit Samples\electrorimshot.wav:AFP_RESOURCE D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi pHop Kit Samples\mouth4.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi pHop Kit Samples\nordlead6.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi pHop Kit Samples\quankick.nov:AFP_RESOURCE D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi pHop Kit Samples\stock2.nov D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi pHop Kit Samples\typewriter- A2.nov:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi pHop Kit Samples\typewriter_b1.wav:AFP_AFPINFO D:\Sample Libraries\Battery 3 Library\Template Kits\GM2 Template.kt3:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Default\Impulses\EP Room.wav:AFP_AFPI NFO D:\Sample Libraries\Elektrik Piano Library\ElektrikPiano_Lib_part1.nks:AFP_AFPIN FO D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5 D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1\MK 1 - Martin is Con Queso.nki:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Medium)\MK 1 - Essential (Medium).nki:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Medium)\MK 1 - Reverb (M).nki:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Small)\MK 1 - Delay (S).nki:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Small)\MK 1 - XFX Mars Rumors (S).nki:AFP_RESOURCE D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\2 - MK2\MK 2 - Phaser .nki D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\2 - MK2 (Medium)\MK 2 - Flanger (M).nki:AFP_RESOURCE D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\2 - MK2 (Small)\MK 2 - Chorus (S).nki:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200 D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200\A200 - Mello w.nki D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200 (Medium)\A20 0 - Delay and Comp (M).nki D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200 (Small)\A200 - ADSR Envelope (S).nki:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200 (Small)\A200 - XFX Underworld (S).nki:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7\E7 - Funky Mam a!.nki:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7 (Medium)\E7 - Chorus (M).nki:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7 (Small):AFP_AF PINFO D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7 (Small)\E7 - D ubsichord (S).nki:AFP_RESOURCE D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\5 - Authentic Instrum ents D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\5 - Authentic Instrum ents\MK 1 - Authentic Amp.nki:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Performances 1.5\2 - MK2 FX Basics.nk b:AFP_AFPINFO D:\Sample Libraries\Elektrik Piano Library\Performances 1.5\4 Instruments (Small ).nkb:AFP_RESOURCE Scanning registry... HKEY_USERS\S-1-5-19_Classes\ HKEY_LOCAL_MACHINE\Software\Classes\OWS.PptUI\ HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98} \ HKEY_LOCAL_MACHINE\Software\Classes\Interface\{00000564-0000-0010-8000-00AA006D2 EA4}\ HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3EBEAA5B-5166-4FEC-8625-56F078646 3D4}\ HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B66A7A1B-8FC6-448C-A2EB-3C5595747 8A1}\ HKEY_USERS\.DEFAULT\software\microsoft\windows\currentversion\policies\shell\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\efs\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\Enum\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelin e\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ Scan completed. Scan time: 02:34:52 Rootkits: 4740 scanned, 0 found Processes: 37 scanned, 1 found Modules: 1810 scanned, 0 found Folders: 16226 scanned, 0 found Files: 209126 scanned, 37 found Registry: 23719 scanned, 0 found Total: 255658 scanned, 38 found 38 threat traces were detected. Starting clean. [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\alexincorpora te.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\atomsk4.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\chewyandgummy .html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\clutch1616.ht ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\gweed11.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\ihypergg.html , ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\jin149.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\kikkoboyie.ht ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\lemonsong1.ht ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\llinhh.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\meaculpa893.h tml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\ngayth0.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\qtcooki.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\remedybix.htm l, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\stopscurvynow .html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\wizardjon1.ht ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\My Assignments\blackdaveonsummer.htm, ID: 41110 72, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\My Assignments\chewandgummy.htm, ID: 4111072, N ame: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\My Assignments\chewy2.htm, ID: 4111072, Name: T rojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\My Assignments\chewy3.htm, ID: 4111072, Name: T rojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\My Assignments\chewy4.htm, ID: 4111072, Name: T rojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\My Assignments\diamondyang.com\index.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\My Assignments\katesoo.htm, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\My Assignments\qtcookisummer2.htm, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\My Assignments\remedy.htm, ID: 4111072, Name: T rojan-Clicker.HTML.IFrame (v) [CLEANING] Item: D:\My Documents\My Assignments\remedy2.htm, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v) Quarantine {9E4B3814-AFD7-4615-BD04-4DB3A442A09D} completed. [CLEANING] Item: C:\Documents and Settings\Administrator\Application Data\E67E.0 B8, ID: 4742528, Name: Backdoor.Win32.Cycbot.cfg (v) Quarantine {C3F9AAAC-AF73-4210-AB17-8CB996222DB6} completed. Quarantine {D7518AC2-8914-49A8-86AB-3471CAC9F367} completed. [CLEANING] Item: C:\Qoobox\Quarantine\C\WINDOWS\system32\atipdlxx32.dll.vir, ID: 4150696, Name: Trojan.Win32.Generic!BT Quarantine {12043099-F6BB-4F83-8024-99F1B3E8F944} completed. Quarantine {2CBA0543-4AF5-4483-9045-8A69A6E9AAF2} completed. [CLEANING] Item: C:\temp\atudiodevil\keygen.exe, ID: 4150696, Name: Trojan.Win32 .Generic!BT Quarantine {DFCA85B2-185D-453C-83FF-8D45D44C98EB} completed. Quarantine {0BD4A3EA-157D-4343-9D61-08C6F48979FC} completed. [CLEANING] Item: D:\My Documents\Downloads\Antares Autotune\Auto-Tune_evo_VST_PC _v6.09.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT Quarantine {F92BB632-CF2E-408D-AD61-80A977CC4AA8} completed. Clean completed. Clean time: 00:01:06 8 threats were cleaned.

Thanks, I'll run it and report back Monday.