Jump to content

Help! Scan HDD Virus!


Recommended Posts

hello friends, please help me! i have this very bad virus called scan hdd. thing is when

i start my computer the the desktop goes to a black background and my start menu

options disappear with all my desktop icons DISAPPEARED too :( ! then a silly program

opens like 80 times over and says Hard drive disc is full and then opens another program

which asks to continue repair or cancel and restart computer ! i tried running

malwarebytes in safe mode with updated definations with Full scan and it detected it then i ticked and

deleted it with the program but it is still there! please someone help. i can only access

this forum in safe mode as if i go in normal mode the damn thing will pop up .

It is called s.m.a.r.t HDD just checked :(

Link to post
Share on other sites

what happened is malwarebytes did find the program and deleted it and we restarted the computer

in normal mode and everything was loading normally but the software S.m.a.r.t Hdd virus popped up again :( ! we have

scanned another scan on malware bytes in safe mode but it cant find it. we have latest definitions updated

Link to post
Share on other sites

OK...see if you can do this.....

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL logfile created on: 15/06/2012 23:06:54 - Run 3

OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Games\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.29 Mb Total Physical Memory | 710.02 Mb Available Physical Memory | 69.39% Memory free

2.40 Gb Paging File | 2.25 Gb Available in Paging File | 93.46% Paging File free

Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 97.65 Gb Total Space | 0.23 Gb Free Space | 0.24% Space Free | Partition Type: NTFS

Drive D: | 135.22 Gb Total Space | 0.41 Gb Free Space | 0.30% Space Free | Partition Type: NTFS

Computer Name: NADEEM-E3A00451 | User Name: Games | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 23:00:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Games\Desktop\OTL.exe

PRC - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PRC - [2008/12/02 21:11:53 | 000,307,704 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\Mozilla.exe

PRC - [2008/04/14 01:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2010/09/14 23:59:45 | 001,016,280 | ---- | M] () -- D:\Program Files\Mozilla Firefox\js3250.dll

MOD - [2009/11/08 09:44:32 | 003,565,568 | ---- | M] () -- d:\Program Files\ffdshow\ffdshow.ax

MOD - [2009/11/08 09:44:32 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\ff_acm.acm

MOD - [2004/08/04 13:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)

SRV - [2011/03/16 01:19:26 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- D:\Program Files\Java\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/12/17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2009/05/21 22:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)

SRV - [2009/05/21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)

SRV - [2008/02/27 12:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\system32\lxdncoms.exe -- (lxdn_device)

SRV - [2008/02/27 12:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)

SRV - [2003/07/02 16:40:08 | 000,045,056 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Unknown] -- c:\windows\system32\drivers\TrueSight.sys -- (TrueSight)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tbhsd.sys -- (tbhsd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Games\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2012/02/07 15:38:23 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/02/07 15:38:22 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/02/07 15:25:23 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)

DRV - [2011/12/16 00:33:22 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120215.002\IDSXpx86.sys -- (IDSxpx86)

DRV - [2011/12/01 03:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2011/10/19 11:53:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120215.036\NAVEX15.SYS -- (NAVEX15)

DRV - [2011/10/19 11:53:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120215.036\NAVENG.SYS -- (NAVENG)

DRV - [2011/05/11 13:56:46 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2011/04/21 02:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\symtdi.sys -- (SYMTDI)

DRV - [2011/03/31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\srtsp.sys -- (SRTSP)

DRV - [2011/03/31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2011/03/15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\symefa.sys -- (SymEFA)

DRV - [2011/01/27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\symds.sys -- (SymDS)

DRV - [2011/01/27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\ironx86.sys -- (SymIRON)

DRV - [2009/11/22 16:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2009/09/23 13:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)

DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)

DRV - [2006/02/27 19:47:00 | 004,241,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/03/04 12:10:26 | 000,074,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)

DRV - [2004/10/08 02:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/08/03 23:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent)

DRV - [2004/06/22 11:31:00 | 000,068,222 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)

DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)

DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)

DRV - [2003/08/20 16:34:50 | 000,548,952 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)

DRV - [2003/07/16 11:30:26 | 000,221,736 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)

DRV - [2003/07/02 15:26:36 | 001,301,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)

DRV - [2003/07/02 15:24:36 | 000,086,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)

DRV - [2003/07/02 15:12:52 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)

DRV - [2003/07/02 14:57:10 | 000,167,384 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)

DRV - [1997/12/23 02:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-1958367476-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\S-1-5-21-1004336348-1958367476-682003330-1007\..\SearchScopes,DefaultScope = {210073B5-670D-4ABE-A7CB-83EDBC77BF35}

IE - HKU\S-1-5-21-1004336348-1958367476-682003330-1007\..\SearchScopes\{210073B5-670D-4ABE-A7CB-83EDBC77BF35}: "URL" = http://search.orbitdownloader.com/ie.php?q={searchTerms}&enc={inputEncoding}

IE - HKU\S-1-5-21-1004336348-1958367476-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-1958367476-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: D:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: D:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: D:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/10/03 01:03:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: D:\Program Files\Java\lib\deploy\jqs\ff [2011/03/16 01:19:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/05/26 17:50:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/04/26 19:10:46 | 000,000,000 | ---D | M]

[2009/12/05 19:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Games\Application Data\Mozilla\Extensions

[2012/05/29 01:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\o1ws54p3.default\extensions

[2012/04/25 20:36:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\o1ws54p3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2012/10/03 01:03:37 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN

[2011/03/16 01:19:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2009/12/28 19:10:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-1004336348-1958367476-682003330-1007\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [kFXTTkBoILS.exe] C:\Documents and Settings\All Users\Application Data\kFXTTkBoILS.exe ()

O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()

O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [speedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1004336348-1958367476-682003330-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1004336348-1958367476-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1004336348-1958367476-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1004336348-1958367476-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB (Reg Error: Key error.)

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540A00} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF8F841E-821B-4EC3-B25E-A8F0F3C6ACDF}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/19 03:33:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{900cf4ba-431a-11e0-9f62-0090d09466a3}\Shell\AutoRun\command - "" = C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O34 - HKLM BootExecute: (smrgdf D:\Program Files\iolo\System Mechanic 5)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 23:00:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Games\Desktop\OTL.exe

[2012/06/15 21:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Games\Desktop\RK_Quarantine

[2012/06/15 19:33:24 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Games\Desktop\spybotsd162.exe

[2012/06/15 19:01:30 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Games\Desktop\unhide2.exe

[2012/06/15 18:54:38 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Games\Desktop\tds.exe

[2012/06/15 18:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Games\Start Menu\Programs\Data Recovery

[2012/06/15 18:42:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Games\Recent

[2012/06/15 17:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero

[2012/06/15 17:46:10 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Games\Desktop\unhide.exe

[2012/06/14 03:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Games\Desktop\New Folder

[2012/06/12 16:53:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Games\Start Menu\Programs\WinRAR

[2012/06/06 22:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trader's Little Helper

[2012/06/06 21:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Medieval Software

[2012/05/30 16:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Games\Application Data\Audacity

[2012/05/29 00:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Games\Application Data\Free Download Manager

[2012/05/29 00:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Download Manager

[2012/05/29 00:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager

[2012/05/28 06:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\mkw Audio Compression Toolkit

[2012/05/28 05:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Games\WINDOWS

[2012/05/26 21:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Games\Local Settings\Application Data\factormystic.net

[2012/05/25 16:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC

[2012/05/25 16:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FLAC

[2012/05/25 16:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp

[2012/05/25 16:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp

[2012/05/25 16:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Games\Application Data\Winamp

[2012/05/25 13:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Games\Application Data\tixati

[2012/05/25 13:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Games\Start Menu\Programs\Tixati

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/15 23:04:34 | 000,013,748 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/06/15 23:03:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/06/15 23:00:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Games\Desktop\OTL.exe

[2012/06/15 22:57:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/06/15 21:35:46 | 001,521,152 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\RogueKiller.exe

[2012/06/15 19:33:58 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Games\Desktop\spybotsd162.exe

[2012/06/15 19:01:21 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Games\Desktop\unhide2.exe

[2012/06/15 18:54:42 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Games\Desktop\tds.exe

[2012/06/15 18:47:05 | 000,272,375 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2012/06/15 18:46:26 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LZPlGP1v3otVrz

[2012/06/15 18:44:39 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Games\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk

[2012/06/15 18:44:38 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\Data_Recovery.lnk

[2012/06/15 18:44:20 | 000,251,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LZPlGP1v3otVrz.exe

[2012/06/15 17:46:08 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Games\Desktop\unhide.exe

[2012/06/15 17:39:18 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\rkill.exe

[2012/06/15 16:00:54 | 000,345,088 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kFXTTkBoILS.exe

[2012/06/14 15:35:34 | 000,012,154 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\2A841AE8BC5C630B7564DFAD94B7EF1ED4D03AA4.torrent

[2012/06/14 07:50:35 | 1073,106,944 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2012/06/14 03:48:09 | 000,034,488 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\The_Cure_-_Disintegration(Darkside_RG).3649281.TPB.torrent

[2012/06/14 03:22:36 | 000,020,411 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\[isoHunt] 571664ED943BE8F95AA002CE8AED7D6D30D35B8E.torrent

[2012/06/14 03:20:27 | 000,082,339 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\[isoHunt] Michael Jackson - Off The Wall (1979) {Original} [FLAC] [Dingo_RG].torrent

[2012/06/14 03:19:05 | 000,021,265 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\[kat.ph]placebo.meds.vinyl.rip.24bit.96khz.2006.flac.tracks.lossless.torrent

[2012/06/14 02:53:11 | 000,020,741 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\Placebo - Sleeping With Ghosts ( Vinyl Rip 24bit_96khz ) FLAC [h33t].torrent

[2012/06/14 02:35:58 | 000,039,961 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\[kat.ph]michael.jackson.thriller.vinyl.1982.pbthal.flac.torrent

[2012/06/13 14:45:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012/06/12 16:33:34 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Games\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/06/11 19:47:48 | 000,173,755 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\updated.JPG

[2012/06/06 13:24:06 | 000,035,152 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\The Cure Barcelona 1st june open 2012 Flac.torrent

[2012/05/30 14:57:16 | 000,023,084 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\Placebo (w_Robert Smith) 2004-11-05 london.torrent

[2012/05/29 14:13:45 | 547,704,783 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\Morrissey.2012-04-21.Kanagawa.FLAC.by.T.U.B.E.zip

[2012/05/28 23:56:40 | 000,090,262 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\printerr.JPG

[2012/05/28 23:30:05 | 000,086,105 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\-.JPG

[2012/05/28 20:23:35 | 000,168,964 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\--.JPG

[2012/05/28 05:40:33 | 000,000,199 | ---- | M] () -- C:\WINDOWS\System32\test.aok

[2012/05/28 05:22:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Games\echo

[2012/05/28 05:04:45 | 000,003,411 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Shorten Codec.dat

[2012/05/28 05:04:24 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Shorten Codec.bmp

[2012/05/28 04:51:41 | 000,653,176 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[2012/05/28 01:15:49 | 000,315,045 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\6043121225_e3dbaaabc7_b.jpg

[2012/05/27 21:07:31 | 001,109,657 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\030_the_cure_royal_albert_hall_after_show.jpg

[2012/05/27 21:05:02 | 000,864,367 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\05_the_cure_royal_albert_hall_10_15_saturday_night.jpg

[2012/05/27 21:03:59 | 000,062,450 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\Cure Setlist Nottingham Royal Concert Hall 4-30-84.jpg

[2012/05/27 12:32:03 | 000,035,727 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\1987-07-13 Santa Barbara (SBD) (CD 0) (1980-1987).torrent

[2012/05/27 12:31:24 | 000,033,844 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\cure1990-08-11.aud.flacf.torrent

[2012/05/27 12:14:14 | 000,040,750 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\cure1991-01-19.fm.remaster.torrent

[2012/05/27 01:02:44 | 000,394,258 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\TheCurePinkpop2012.jpg

[2012/05/26 23:59:31 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2012/05/26 23:58:25 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2012/05/26 23:58:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2012/05/26 23:51:54 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Games\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/05/26 17:25:39 | 000,000,163 | ---- | M] () -- C:\WINDOWS\System32\temp_0000_20203.aok

[2012/05/26 12:14:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/05/25 17:11:32 | 004,450,176 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\NY 2011-11-26 (beatkilla) set 3 -03.mp3

[2012/05/25 16:57:52 | 004,321,920 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\NY 2011-11-26 (beatkilla) set 1 -01.mp3

[2012/05/25 16:23:21 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Games\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk

[2012/05/25 16:01:48 | 021,539,311 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\PASC183test.flac

[2012/05/25 12:11:35 | 000,401,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/05/25 12:11:34 | 000,062,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/05/20 14:07:34 | 000,036,843 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\The Cure 1987-07-13 - County Bowl, Santa Barbara -Sweet Torture liberated bootleg.torrent

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/15 21:35:49 | 001,521,152 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\RogueKiller.exe

[2012/06/15 19:06:50 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Games\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk

[2012/06/15 19:06:50 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Games\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/06/15 19:06:50 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk

[2012/06/15 19:06:50 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Games\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/06/15 19:06:50 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Games\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk

[2012/06/15 19:06:50 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk

[2012/06/15 19:06:50 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\Games\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk

[2012/06/15 19:06:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Games\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2012/06/15 19:06:49 | 000,002,317 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Excel Viewer 2003.lnk

[2012/06/15 19:06:49 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2012/06/15 19:06:49 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk

[2012/06/15 19:06:48 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\BearShare.lnk

[2012/06/15 18:44:38 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\Data_Recovery.lnk

[2012/06/15 18:44:32 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LZPlGP1v3otVrz

[2012/06/15 18:44:20 | 000,251,904 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LZPlGP1v3otVrz.exe

[2012/06/15 17:59:24 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk

[2012/06/15 17:39:21 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\rkill.exe

[2012/06/15 16:03:11 | 000,345,088 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kFXTTkBoILS.exe

[2012/06/15 14:08:28 | 000,002,159 | -HS- | C] () -- C:\Documents and Settings\Games\Desktop\AlbumArt_{D7DF355C-8F40-4EFE-AA64-0A9D6A0BB35C}_Small.jpg

[2012/06/14 15:35:33 | 000,012,154 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\2A841AE8BC5C630B7564DFAD94B7EF1ED4D03AA4.torrent

[2012/06/14 03:48:06 | 000,034,488 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\The_Cure_-_Disintegration(Darkside_RG).3649281.TPB.torrent

[2012/06/14 03:22:36 | 000,020,411 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\[isoHunt] 571664ED943BE8F95AA002CE8AED7D6D30D35B8E.torrent

[2012/06/14 03:20:26 | 000,082,339 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\[isoHunt] Michael Jackson - Off The Wall (1979) {Original} [FLAC] [Dingo_RG].torrent

[2012/06/14 03:19:04 | 000,021,265 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\[kat.ph]placebo.meds.vinyl.rip.24bit.96khz.2006.flac.tracks.lossless.torrent

[2012/06/14 02:53:10 | 000,020,741 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\Placebo - Sleeping With Ghosts ( Vinyl Rip 24bit_96khz ) FLAC [h33t].torrent

[2012/06/14 02:35:57 | 000,039,961 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\[kat.ph]michael.jackson.thriller.vinyl.1982.pbthal.flac.torrent

[2012/06/06 13:24:04 | 000,035,152 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\The Cure Barcelona 1st june open 2012 Flac.torrent

[2012/06/06 12:24:00 | 000,173,755 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\updated.JPG

[2012/05/30 14:57:16 | 000,023,084 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\Placebo (w_Robert Smith) 2004-11-05 london.torrent

[2012/05/29 13:54:17 | 547,704,783 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\Morrissey.2012-04-21.Kanagawa.FLAC.by.T.U.B.E.zip

[2012/05/28 23:56:40 | 000,090,262 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\printerr.JPG

[2012/05/28 22:01:26 | 000,086,105 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\-.JPG

[2012/05/28 12:15:41 | 000,168,964 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\--.JPG

[2012/05/28 06:51:27 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll

[2012/05/28 05:24:51 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll

[2012/05/28 05:22:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Games\echo

[2012/05/28 04:52:03 | 000,653,176 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[2012/05/28 04:52:03 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Shorten Codec.bmp

[2012/05/28 04:52:03 | 000,003,411 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Shorten Codec.dat

[2012/05/28 01:15:48 | 000,315,045 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\6043121225_e3dbaaabc7_b.jpg

[2012/05/27 21:07:30 | 001,109,657 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\030_the_cure_royal_albert_hall_after_show.jpg

[2012/05/27 21:05:01 | 000,864,367 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\05_the_cure_royal_albert_hall_10_15_saturday_night.jpg

[2012/05/27 21:03:58 | 000,062,450 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\Cure Setlist Nottingham Royal Concert Hall 4-30-84.jpg

[2012/05/27 12:32:03 | 000,035,727 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\1987-07-13 Santa Barbara (SBD) (CD 0) (1980-1987).torrent

[2012/05/27 12:31:23 | 000,033,844 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\cure1990-08-11.aud.flacf.torrent

[2012/05/27 12:14:13 | 000,040,750 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\cure1991-01-19.fm.remaster.torrent

[2012/05/27 01:02:43 | 000,394,258 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\TheCurePinkpop2012.jpg

[2012/05/26 23:49:44 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb

[2012/05/26 23:49:44 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb

[2012/05/25 17:09:44 | 004,450,176 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\NY 2011-11-26 (beatkilla) set 3 -03.mp3

[2012/05/25 16:56:14 | 004,321,920 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\NY 2011-11-26 (beatkilla) set 1 -01.mp3

[2012/05/25 16:00:21 | 021,539,311 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\PASC183test.flac

[2012/05/20 14:07:34 | 000,036,843 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\The Cure 1987-07-13 - County Bowl, Santa Barbara -Sweet Torture liberated bootleg.torrent

[2011/10/20 17:40:21 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2011/10/20 17:40:21 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2011/10/20 17:40:20 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2010/10/14 22:42:01 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Games\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/10/14 22:36:24 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

========== LOP Check ==========

[2009/12/19 00:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2008/06/15 13:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success

[2011/04/02 20:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emicsoft Studio

[2007/04/17 02:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2009/12/03 21:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 2600 Series

[2009/12/22 07:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2012/05/30 15:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek

[2007/04/17 05:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/12/05 19:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R

[2009/03/20 18:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010/04/05 20:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions

[2010/08/02 13:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/03/08 00:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2012/05/30 17:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Audacity

[2009/12/17 01:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\AVG9

[2012/06/08 21:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Azureus

[2012/04/04 01:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\eMule

[2010/12/08 00:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\FMZilla

[2012/06/14 18:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Free Download Manager

[2009/08/14 18:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\GameRanger

[2010/04/25 10:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\GrabPro

[2009/09/14 19:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\InterVideo

[2010/04/04 23:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\KDE

[2010/01/05 14:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Lexmark Productivity Studio

[2012/05/30 15:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Orbit

[2010/04/05 14:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\SharePod

[2009/12/27 02:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\SystemRequirementsLab

[2009/12/22 11:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Tific

[2012/06/15 14:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\tixati

[2010/04/05 19:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\WindSolutions

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C

Link to post
Share on other sites

Before we proceed further, please uninstall or disable any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

--------------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [kFXTTkBoILS.exe] C:\Documents and Settings\All Users\Application Data\kFXTTkBoILS.exe ()
    [2012/06/15 18:46:26 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LZPlGP1v3otVrz
    [2012/06/15 18:44:20 | 000,251,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LZPlGP1v3otVrz.exe
    [2012/06/15 16:00:54 | 000,345,088 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kFXTTkBoILS.exe
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kFXTTkBoILS.exe deleted successfully.

C:\Documents and Settings\All Users\Application Data\kFXTTkBoILS.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\LZPlGP1v3otVrz moved successfully.

C:\Documents and Settings\All Users\Application Data\LZPlGP1v3otVrz.exe moved successfully.

File C:\Documents and Settings\All Users\Application Data\kFXTTkBoILS.exe not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Family

User: Games

->Java cache emptied: 14824310 bytes

User: LocalService

User: Nadeem

User: NetworkService

Total Java Files Cleaned = 14.00 mb

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 3934 bytes

->FireFox cache emptied: 3238724 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

User: Family

User: Games

->Temp folder emptied: 1661234066 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 148051697 bytes

->Flash cache emptied: 188927 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

User: Nadeem

User: NetworkService

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 4285428 bytes

%systemroot%\System32 .tmp files removed: 4833280 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3253693 bytes

Session Manager Temp folder emptied: 34072940 bytes

Session Manager Tmp folder emptied: 256 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes

RecycleBin emptied: 981680 bytes

Total Files Cleaned = 1,774.00 mb

OTL by OldTimer - Version 3.2.49.0 log created on 06162012_141115

Link to post
Share on other sites

See if you can run ComboFix..........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

brother, the instruction you gave us on the OTL to copy and paste and then run as RUN FIX has cleaned and fixed our computer! Thank you Brother! please get the needed info and include it for the next malwarebytes defination update so it will catch it incase other people get infected by this. also our norton anti virus 2011 edition has expired and were thinking to buy the norton 2012 version will that be a good idea?

Link to post
Share on other sites

OK Great!!!

I would Update and run a Full Scan with MBAM.

Make sure that everything is checked, and click Remove Selected.

----------------------------------

also our norton anti virus 2011 edition has expired and were thinking to buy the norton 2012 version will that be a good idea?

NO, don't waste your money. Get Microsoft Security Essentials (FREE) and couple it with Malwarebytes Pro, it's only a one time fee of about $25.00. It's good for life...you never have to pay again. This is the combo I use and all the info is in My Preventive Maintenance below.

--------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.