Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Google Sued Over Misleading Location Tracking Setting

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Photo

microsoft.windows.explorer threat

Started by doctorwhite2001 , Mar 21 2010 12:33 PM

  • This topic is locked This topic is locked
15 replies to this topic

#1 doctorwhite2001

doctorwhite2001

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:02:27 AM

Posted 21 March 2010 - 12:33 PM

hello i have spent the last 2 months trying to sort my pc out.

the main problem is my mouse and keyboard are working off and on.

here is a list of things i have done so far.

clean install of windows xp

full virus scan with avast - nothing shows up
full scan with spybot search and destroy - Microsoft.Windows.Explorer: [SBI $F1AA2176] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-790525478-1604221776-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff
anti malware scan - nothing shows
my Hijackthis scan -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:43, on 21/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\PC Auto Shutdown\ShutdownService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Burkey Family\My Documents\Downloads\HiJackThis.exe
C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files\PC Auto Shutdown\AutoShutdown.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8920 bytes


Thx

Dan


BC AdBot (Login to Remove)

 

#2 doctorwhite2001

doctorwhite2001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:02:27 AM

Posted 21 March 2010 - 12:43 PM

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 14/02/2010 13:22:00
System Uptime: 21/03/2010 13:44:33 (4 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 59.072 GiB free.
E: is FIXED (NTFS) - 338 GiB total, 150.776 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
K: is FIXED (FAT32) - 149 GiB total, 14.139 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AREA-51 (remove only)
µTorrent
Audacity 1.2.6
avast! Free Antivirus
Azgard Defence
Belarc Advisor 8.1
Bonjour
Commandos 2: Men of Courage
DiscJuggler
GameSpy Arcade
Google Chrome
GRID
GTR 2 1.0.0.0
High Definition Audio Driver Package - KB888111
Highway Pursuit v1.1
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iTunes
Java Auto Updater
Java™ 6 Update 18
JMB36X Raid Configurer
K-Lite Codec Pack 5.7.0 (Basic)
Machinarium
Malwarebytes' Anti-Malware
Media Go
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
Mozilla Firefox (3.6)
MSVCRT
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
Open Video Converter version 3.3
OpenAL
PC Auto Shutdown 4.1
Pcsx2 0.9.6
Pinball Madness 2
PlayStation®Network Downloader
PlayStation®Store
Popcap Game Collection
Pro Evolution Soccer 2010
Pro Pinball - Timeshock!
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Registry Mechanic 9.0
rFactor (remove only)
Richard Burns Rally
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Skype Toolbars
Skype™ 4.2
SolarWolf 1.5
Sonic & SEGA All-Stars Racing
Sony Ericsson PC Suite 6.011.00
SpeedFan (remove only)
Spotify
Spybot - Search & Destroy
STCC - The Game
Tower Bloxx Deluxe
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

14/03/2010 11:50:57, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:27 AM

Posted 25 March 2010 - 02:09 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 doctorwhite2001

doctorwhite2001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:02:27 AM

Posted 28 March 2010 - 12:37 PM

ok i'm still getting the mouse and keyboard problems.

basicly sometime the mouse doesn't click and i have to click a few times for it to work. same with the keyboard if you hold a key down it will stop and start. i play a few games and these are unplayable with this problem.

here is the dds and gmer

DDS (Ver_10-03-17.01) - NTFSx86
Run by Burkey Family at 15:06:47.35 on 28/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3582.2956 [GMT 1:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\PC Auto Shutdown\ShutdownService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Burkey Family\My Documents\Downloads\dds (1).scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Google Update] "c:\documents and settings\burkey family\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [PC Auto Shutdown] "c:\program files\pc auto shutdown\AutoShutdown.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoLogoff = 00
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\burkey~1\applic~1\mozilla\firefox\profiles\woas4m9z.default\
FF - plugin: c:\documents and settings\burkey family\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-7 162640]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-7 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-2-15 90112]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\pc auto shutdown\ShutdownService.exe [2010-3-10 462440]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-3-7 583640]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-2-15 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-2-15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-2-15 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-2-15 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-2-15 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-2-15 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-2-15 109736]

=============== Created Last 30 ================

2010-03-28 02:49:35 0 d-----w- c:\docume~1\burkey~1\applic~1\Trillian
2010-03-27 13:52:48 73676 ----a-w- c:\windows\system32\EBPMON2.DLL
2010-03-27 13:52:48 61440 ----a-w- c:\windows\system32\ECBTEG.DLL
2010-03-27 13:52:48 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2010-03-27 13:52:48 182 ----a-w- c:\windows\system32\EBPPORT.DAT
2010-03-27 13:52:48 0 d-----w- c:\program files\EPSON
2010-03-27 13:52:39 0 d-----w- C:\epson
2010-03-27 13:50:09 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-03-27 13:50:09 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-24 16:52:35 0 d-----w- c:\docume~1\burkey~1\applic~1\Digital Distribution Networks Ltd
2010-03-24 16:52:23 0 d-----w- c:\program files\mflow
2010-03-24 08:44:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-23 11:45:42 0 d-----w- c:\docume~1\burkey~1\applic~1\Windows Search
2010-03-22 17:16:56 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-22 17:15:43 0 d-----w- c:\program files\Microsoft Security Essentials
2010-03-21 20:22:21 0 d-----w- c:\windows\pss
2010-03-21 17:10:26 0 d-----w- c:\program files\TrendMicro
2010-03-21 13:41:11 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-03-21 13:41:02 0 d-----w- c:\docume~1\burkey~1\applic~1\Windows Desktop Search
2010-03-21 13:40:47 0 d-----w- c:\program files\Windows Desktop Search
2010-03-21 13:40:46 0 d-----w- c:\windows\system32\GroupPolicy
2010-03-21 13:40:34 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-03-21 13:40:34 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-03-21 13:40:34 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-03-21 13:40:05 0 d-----w- c:\windows\system32\URTTEMP
2010-03-21 13:34:21 0 d-sh--w- c:\documents and settings\burkey family\IECompatCache
2010-03-21 12:42:29 0 ---ha-w- c:\windows\SwSys2.bmp
2010-03-21 12:42:29 0 ---ha-w- c:\windows\SwSys1.bmp
2010-03-21 12:38:35 0 d-----w- c:\program files\Midway Home Entertainment
2010-03-21 03:48:16 0 d-----w- c:\program files\Audacity
2010-03-19 23:22:34 0 d-----w- c:\docume~1\burkey~1\applic~1\Azgard
2010-03-19 23:20:31 0 d-----w- c:\program files\Alawar
2010-03-19 23:12:03 0 d-----w- c:\program files\booddanet
2010-03-19 21:04:53 0 d-sh--w- c:\windows\ftpcache
2010-03-18 20:09:03 0 d-----w- c:\program files\Popcap Game Collection
2010-03-17 11:38:47 0 d-----w- c:\program files\Commandos II
2010-03-15 14:42:59 0 d-----w- c:\program files\Pcsx2
2010-03-13 19:50:00 403856 ----a-w- c:\program files\un_Star Defender 4_26816.exe
2010-03-13 19:50:00 0 d-----w- c:\program files\Star Defender 4
2010-03-13 19:49:42 17408 ----a-w- C:\psapi.dll
2010-03-13 16:13:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Gamerizon
2010-03-13 16:12:32 0 d-----w- C:\games
2010-03-13 16:04:54 0 d-----w- c:\docume~1\burkey~1\applic~1\pokerth
2010-03-13 12:17:53 0 d-----w- c:\docume~1\burkey~1\applic~1\Malwarebytes
2010-03-13 12:17:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 12:17:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-13 12:17:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 12:17:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-10 10:53:35 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 00:56:28 0 d-----w- c:\program files\PC Auto Shutdown
2010-03-10 00:56:28 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Auto Shutdown
2010-03-07 21:58:08 0 d-----w- c:\docume~1\burkey~1\applic~1\Registry Mechanic
2010-03-07 21:55:08 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-03-07 21:55:08 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-03-07 21:55:07 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-03-07 21:55:07 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-03-07 21:55:06 0 d-----w- c:\program files\common files\PC Tools
2010-03-07 21:06:53 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-07 21:06:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-07 19:54:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-07 19:16:53 0 d-----w- c:\docume~1\alluse~1\applic~1\DigitalChocolate
2010-03-07 19:15:41 0 d-----w- c:\windows\Tower Bloxx Deluxe
2010-03-07 19:15:41 0 d-----w- c:\program files\Tower Bloxx Deluxe
2010-03-06 22:15:19 0 d-----w- c:\program files\VideoConverter
2010-03-05 17:54:52 0 d-----w- C:\adaptec
2010-03-05 17:09:10 0 d-----w- c:\program files\Padus
2010-03-05 10:09:07 0 d-----w- c:\program files\SEGA
2010-03-04 15:36:38 0 d-----w- c:\docume~1\burkey~1\applic~1\Ubisoft
2010-03-04 11:47:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Codemasters
2010-03-04 11:47:26 805400 ----a-r- c:\windows\system32\tmpB6.tmp
2010-03-04 11:47:26 805400 ----a-r- c:\windows\system32\tmpB5.tmp
2010-03-04 11:47:26 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-04 11:47:26 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-04 11:47:26 0 d-----w- c:\program files\OpenAL
2010-03-03 21:31:58 0 d-----w- c:\program files\AVG
2010-03-03 17:20:19 0 d-----w- c:\program files\common files\DirectX
2010-03-03 17:18:08 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-03 17:01:01 0 d-----w- c:\program files\SCi Games
2010-03-02 22:39:20 0 d-----w- c:\program files\SolarWolf
2010-03-02 15:41:48 0 d-----w- c:\program files\GameSpy Arcade
2010-03-02 15:41:08 614 ----a-w- c:\windows\eReg.dat
2010-03-02 15:37:42 0 d-----w- c:\windows\system32\NtmsData
2010-03-02 14:39:52 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2010-03-02 10:30:06 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2010-03-02 10:29:55 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-03-02 09:23:42 0 d-----w- c:\docume~1\burkey~1\applic~1\Spotify
2010-03-02 09:23:41 0 d-----w- c:\program files\Spotify
2010-03-01 22:18:28 0 d-----w- c:\program files\HighwayPursuit
2010-03-01 21:52:48 304 ----a-w- c:\windows\Rollemup.ini
2010-03-01 21:52:46 0 d-----w- c:\program files\Roll 'm Up
2010-03-01 17:12:35 0 d-----w- c:\program files\iPod
2010-03-01 17:12:33 0 d-----w- c:\program files\iTunes
2010-03-01 00:17:07 0 d-----w- C:\MicroProse
2010-03-01 00:16:43 0 d-----w- c:\documents and settings\burkey family\WINDOWS
2010-02-28 21:48:13 0 d-----w- c:\program files\Pro Pinball
2010-02-28 21:47:26 179 ----a-w- c:\windows\PowerReg.dat
2010-02-28 21:47:25 0 d-----w- c:\program files\Encore Software
2010-02-28 21:46:51 327168 ----a-w- c:\windows\IsUninst.exe
2010-02-28 21:30:19 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-02-28 21:30:19 0 d-----w- c:\program files\Belarc
2010-02-28 21:28:43 0 d-----w- c:\docume~1\burkey~1\applic~1\ElevatedDiagnostics
2010-02-28 21:26:54 0 d-----w- c:\program files\Microsoft ATS
2010-02-28 21:26:17 0 d-sh--w- c:\documents and settings\burkey family\PrivacIE
2010-02-28 21:05:43 0 d-----w- c:\windows\system32\Adobe
2010-02-28 20:44:51 0 d-----w- c:\program files\Ultimate Pinball
2010-02-28 20:39:08 189488 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-02-28 20:11:34 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-28 20:11:34 138056 ----a-w- c:\docume~1\burkey~1\applic~1\PnkBstrK.sys
2010-02-28 20:11:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-28 20:11:14 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-02-28 20:11:14 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-28 20:03:56 0 d-----w- c:\program files\EA Games
2010-02-28 17:33:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-02-28 17:33:32 0 d-----w- c:\windows\Mega Pinball
2010-02-28 17:33:32 0 d-----w- c:\program files\Mega Pinball
2010-02-28 17:01:19 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-28 17:00:50 0 d-----r- c:\program files\Skype
2010-02-27 23:10:52 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-02-27 23:10:52 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2010-02-27 23:10:52 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
2010-02-27 23:10:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-02-27 23:10:52 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-02-27 23:10:52 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-02-27 23:10:52 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
2010-02-27 23:10:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-02-27 23:10:52 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-02-27 23:10:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-02-27 03:00:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-27 03:00:12 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-02-26 17:15:19 0 d-----w- c:\docume~1\burkey~1\applic~1\AGameAWeek

==================== Find3M ====================

2010-03-13 19:50:08 6973 ----a-w- c:\program files\un_Star Defender 4_26816.txt
2010-02-17 23:03:43 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2010-02-17 23:03:43 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2010-02-15 20:09:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-15 20:09:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-02-15 19:35:46 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-14 23:45:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 13:18:39 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-04 10:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 10:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 10:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 10:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03:33 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03:33 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll

============= FINISH: 15:07:09.18 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-28 15:00:48
Windows 5.1.2600 Service Pack 3
Running: tvidpilc.exe; Driver: C:\DOCUME~1\BURKEY~1\LOCALS~1\Temp\uxtyrpow.sys


---- System - GMER 1.0.15 ----

SSDT spdk.sys ZwCreateKey [0xF74D70E0]
SSDT spdk.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spdk.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spdk.sys ZwOpenKey [0xF74D70C0]
SSDT spdk.sys ZwQueryKey [0xF74F6108]
SSDT spdk.sys ZwQueryValueKey [0xF74F5F88]
SSDT spdk.sys ZwSetValueKey [0xF74F619A]

INT 0x63 ? 8AF05BF8
INT 0x73 ? 8AF02BF8
INT 0x83 ? 8AF02BF8
INT 0x94 ? 8AF01BF8
INT 0xB4 ? 8AF01BF8

---- Kernel code sections - GMER 1.0.15 ----

? spdk.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B85808AC 5 Bytes JMP 8AF011D8
.text akqas1mx.SYS B83CE384 1 Byte [20]
.text akqas1mx.SYS B83CE384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text akqas1mx.SYS B83CE3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text akqas1mx.SYS B83CE3C4 3 Bytes [00, 00, 00]
.text akqas1mx.SYS B83CE3C9 1 Byte [00]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8AF052D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spdk.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spdk.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spdk.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spdk.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spdk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spdk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spdk.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8AF012D8
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlInitUnicodeString] 000000A5
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!swprintf] 000000E5
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeSetEvent] 000000F1
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000071
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000D8
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00000031
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmFreeMappingAddress] 00000015
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000004
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 000000C7
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmUnmapIoSpace] 00000023
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 000000C3
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IofCompleteRequest] 00000018
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 00000096
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IofCallDriver] 00000005
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0000009A
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000007
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000012
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoDetachDevice] 00000080
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeWaitForSingleObject] 000000E2
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeInitializeEvent] 000000EB
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeCancelTimer] 00000027
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000B2
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000075
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000009
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoQueueWorkItem] 00000083
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmMapIoSpace] 0000002C
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0000001A
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoReportDetectedDevice] 0000001B
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0000006E
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0000005A
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000000A0
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00000052
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 0000003B
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 000000D6
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!sprintf] 000000B3
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00000029
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!ObfDereferenceObject] 000000E3
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0000002F
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000084
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!ZwClose] 00000053
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 000000D1
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000000
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 000000ED
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000020
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoCreateDevice] 000000FC
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B1
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0000005B
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000006A
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!ZwOpenKey] 000000CB
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 000000BE
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoStartTimer] 00000039
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeInitializeTimer] 0000004A
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoInitializeTimer] 0000004C
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeInitializeDpc] 00000058
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeInitializeSpinLock] 000000CF
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoInitializeIrp] 000000D0
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!ZwCreateKey] 000000EF
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AA
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 000000FB
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!ZwSetValueKey] 00000043
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeInsertQueueDpc] 0000004D
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000033
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoStartPacket] 00000085
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000045
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000F9
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoFreeMdl] 00000002
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmUnlockPages] 0000007F
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 00000050
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 0000003C
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 0000009F
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000A8
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000051
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoStartNextPacket] 000000A3
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeBugCheckEx] 00000040
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeSetTimer] 00000092
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!_allmul] 0000009D
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000038
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!_except_handler3] 000000F5
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!PoSetPowerState] 000000BC
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000B6
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000DA
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000021
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!_aulldiv] 00000010
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!strstr] 000000FF
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!_strupr] 000000F3
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000D2
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CD
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!KeTickCount] 0000000C
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000013
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoDeleteDevice] 000000EC
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000005F
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000097
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoAllocateIrp] 00000044
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoAllocateMdl] 00000017
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000C4
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000A7
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000007E
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 0000003D
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000064
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoFreeIrp] 0000005D
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!IoFreeWorkItem] 00000019
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!RtlCompareMemory] 00000060
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!PoCallDriver] 00000081
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!memmove] 0000004F
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000DC
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\akqas1mx.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AF001F8
Device \FileSystem\Fastfat \FatCdrom 89BE31F8
Device \Driver\sptd \Device\388817662 spdk.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{E30B07D1-F4B9-451E-A801-8412DF24F151} 89DF61F8
Device \Driver\usbohci \Device\USBPDO-0 8ADBB330
Device \Driver\usbehci \Device\USBPDO-1 8AD9E1F8
Device \Driver\usbohci \Device\USBPDO-2 8ADBB330
Device \Driver\usbehci \Device\USBPDO-3 8AD9E1F8
Device \Driver\usbohci \Device\USBPDO-4 8ADBB330
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AF031F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AF031F8
Device \Driver\Cdrom \Device\CdRom0 8AD9C1F8
Device \Driver\Cdrom \Device\CdRom1 8AD9C1F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 8AD9C1F8
Device \Driver\Cdrom \Device\CdRom3 8AD9C1F8
Device \Driver\Cdrom \Device\CdRom4 8AD9C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89DF61F8
Device \Driver\NetBT \Device\NetbiosSmb 89DF61F8
Device \Driver\PCI_PNP6412 \Device\0000004d spdk.sys
Device \Driver\PCI_PNP6412 \Device\0000004d spdk.sys
Device \Driver\usbohci \Device\USBFDO-0 8ADBB330
Device \Driver\usbehci \Device\USBFDO-1 8AD9E1F8
Device \Driver\nvata \Device\0000006d 8AF021F8
Device \Driver\nvata \Device\NvAta0 8AF021F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89DF01F8
Device \Driver\usbohci \Device\USBFDO-2 8ADBB330
Device \Driver\nvata \Device\NvAta1 8AF021F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89DF01F8
Device \Driver\nvata \Device\0000006f 8AF021F8
Device \Driver\usbohci \Device\USBFDO-3 8ADBB330
Device \Driver\usbehci \Device\USBFDO-4 8AD9E1F8
Device \Driver\Ftdisk \Device\FtControl 8AF031F8
Device \Driver\akqas1mx \Device\Scsi\akqas1mx1Port5Path0Target2Lun0 8AE111F8
Device \Driver\akqas1mx \Device\Scsi\akqas1mx1Port5Path0Target0Lun0 8AE111F8
Device \Driver\akqas1mx \Device\Scsi\akqas1mx1 8AE111F8
Device \Driver\akqas1mx \Device\Scsi\akqas1mx1Port5Path0Target1Lun0 8AE111F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8AE8E1F8
Device \Driver\akqas1mx \Device\Scsi\akqas1mx1Port5Path0Target3Lun0 8AE111F8
Device \FileSystem\Fastfat \Fat 89BE31F8
Device \FileSystem\Cdfs \Cdfs 89DD21F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x51 0xD4 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x32 0x69 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1D 0x23 0xCF 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6D 0x37 0xC1 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x13 0x02 0x02 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE1 0x1A 0x69 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x51 0xD4 0x27 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x32 0x69 0xFC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1D 0x23 0xCF 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEC 0x5C 0x7C 0xA6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x13 0x02 0x02 0x99 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE1 0x1A 0x69 0xD1 ...

---- EOF - GMER 1.0.15 ----


#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:27 AM

Posted 29 March 2010 - 11:39 AM

Hello, doctorwhite2001
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 doctorwhite2001

doctorwhite2001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:02:27 AM

Posted 29 March 2010 - 03:50 PM

ComboFix 10-03-28.03 - Burkey Family 29/03/2010 21:44:50.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3582.3002 [GMT 1:00]
Running from: c:\documents and settings\Burkey Family\Desktop\schrauber.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
E:\install.exe

----- BITS: Possible infected sites -----

hxxp://o35s.podbean.com
.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-29 12:37 . 2010-03-29 12:37 -------- d-----w- c:\documents and settings\Burkey Family\Local Settings\Application Data\Redlynx
2010-03-29 12:36 . 2010-03-29 12:44 -------- d-----w- c:\program files\Trials 2 Second Edition
2010-03-28 11:13 . 2010-03-28 11:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-03-28 02:49 . 2010-03-28 02:56 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Trillian
2010-03-28 02:49 . 2010-03-29 20:02 -------- d-----w- c:\program files\Trillian
2010-03-27 13:52 . 2010-03-27 13:53 -------- d-----w- c:\program files\EPSON
2010-03-27 13:52 . 2002-10-08 02:34 73676 ----a-w- c:\windows\system32\EBPMON2.DLL
2010-03-27 13:52 . 2002-07-31 02:25 61440 ----a-w- c:\windows\system32\ECBTEG.DLL
2010-03-27 13:52 . 2001-09-04 02:04 182 ----a-w- c:\windows\system32\EBPPORT.DAT
2010-03-27 13:52 . 2000-06-07 01:01 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2010-03-27 13:52 . 2010-03-27 13:52 -------- d-----w- C:\epson
2010-03-27 13:50 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-03-27 13:50 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-24 16:52 . 2010-03-24 16:52 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Digital Distribution Networks Ltd
2010-03-24 16:52 . 2010-03-24 16:57 -------- d-----w- c:\program files\mflow
2010-03-24 08:44 . 2010-03-24 08:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-23 11:45 . 2010-03-23 11:45 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Windows Search
2010-03-22 17:16 . 2010-02-24 10:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-22 17:15 . 2010-03-22 17:15 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-21 20:34 . 2010-03-22 17:16 -------- d-----w- c:\documents and settings\Burkey Family\Local Settings\Application Data\ApplicationHistory
2010-03-21 17:10 . 2010-03-21 17:10 388096 ----a-r- c:\documents and settings\Burkey Family\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-21 17:10 . 2010-03-21 17:10 -------- d-----w- c:\program files\TrendMicro
2010-03-21 13:46 . 2010-03-21 13:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-03-21 13:46 . 2010-03-21 13:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-21 13:41 . 2008-07-08 08:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-03-21 13:41 . 2010-03-21 13:41 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Windows Desktop Search
2010-03-21 13:40 . 2010-03-21 20:34 -------- d-----w- c:\program files\Windows Desktop Search
2010-03-21 13:40 . 2010-03-21 13:40 -------- d-----w- c:\windows\system32\GroupPolicy
2010-03-21 13:40 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-03-21 13:40 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-03-21 13:40 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-03-21 13:40 . 2010-03-21 13:40 -------- d-----w- c:\windows\system32\URTTEMP
2010-03-21 13:34 . 2010-03-21 13:34 -------- d-sh--w- c:\documents and settings\Burkey Family\IECompatCache
2010-03-21 12:42 . 2010-03-21 12:42 -------- d-----w- c:\documents and settings\Burkey Family\Local Settings\Application Data\DFH
2010-03-21 12:38 . 2010-03-21 12:38 -------- d-----w- c:\program files\Midway Home Entertainment
2010-03-21 03:48 . 2010-03-21 03:48 -------- d-----w- c:\program files\Audacity
2010-03-19 23:22 . 2010-03-19 23:55 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Azgard
2010-03-19 23:20 . 2010-03-19 23:20 -------- d-----w- c:\program files\Alawar
2010-03-19 23:12 . 2010-03-19 23:12 -------- d-----w- c:\program files\booddanet
2010-03-19 21:04 . 2010-03-19 21:04 -------- d-sh--w- c:\windows\ftpcache
2010-03-18 20:09 . 2010-03-18 20:09 -------- d-----w- c:\program files\Popcap Game Collection
2010-03-17 11:38 . 2010-03-29 20:15 -------- d-----w- c:\program files\Commandos II
2010-03-16 18:46 . 2010-03-24 12:56 -------- d-----w- c:\documents and settings\Burkey Family\Local Settings\Application Data\Temp
2010-03-16 18:46 . 2010-03-16 18:46 -------- d-----w- c:\documents and settings\Burkey Family\Local Settings\Application Data\Google
2010-03-15 14:43 . 2010-03-15 14:43 12862 ----a-r- c:\documents and settings\Burkey Family\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2010-03-15 14:42 . 2010-03-15 14:42 -------- d-----w- c:\program files\Pcsx2
2010-03-13 19:50 . 2010-03-13 21:05 -------- d-----w- c:\program files\Star Defender 4
2010-03-13 19:50 . 2007-05-26 09:26 403856 ----a-w- c:\program files\un_Star Defender 4_26816.exe
2010-03-13 19:49 . 2010-03-13 19:49 17408 ----a-w- C:\psapi.dll
2010-03-13 16:13 . 2010-03-13 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Gamerizon
2010-03-13 16:12 . 2010-03-13 16:12 -------- d-----w- C:\games
2010-03-13 16:04 . 2010-03-13 16:04 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\pokerth
2010-03-13 12:17 . 2010-03-13 12:17 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Malwarebytes
2010-03-13 12:17 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 12:17 . 2010-03-13 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 12:17 . 2010-03-13 12:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 12:17 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 10:53 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 00:56 . 2010-03-10 00:56 -------- d-----w- c:\program files\PC Auto Shutdown
2010-03-10 00:56 . 2010-03-10 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Auto Shutdown
2010-03-07 21:58 . 2010-03-14 11:43 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Registry Mechanic
2010-03-07 21:55 . 2010-03-29 20:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-07 21:55 . 2010-03-07 21:55 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-07 21:06 . 2010-03-22 17:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-07 21:06 . 2010-03-22 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-07 19:54 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-07 19:54 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-07 19:54 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-07 19:54 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-07 19:54 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-07 19:54 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-07 19:54 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-07 19:54 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-07 19:54 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-07 19:54 . 2010-03-07 19:54 -------- d-----w- c:\program files\Alwil Software
2010-03-07 19:54 . 2010-03-07 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-07 19:16 . 2010-03-07 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\DigitalChocolate
2010-03-07 19:15 . 2010-03-07 19:15 -------- d-----w- c:\program files\Tower Bloxx Deluxe
2010-03-07 19:15 . 2010-03-07 19:15 -------- d-----w- c:\windows\Tower Bloxx Deluxe
2010-03-06 22:15 . 2010-03-06 22:15 -------- d-----w- c:\program files\VideoConverter
2010-03-05 17:54 . 2010-03-05 17:54 -------- d-----w- C:\adaptec
2010-03-05 17:09 . 2010-03-05 17:09 -------- d-----w- c:\program files\Padus
2010-03-05 12:22 . 2010-03-07 19:50 0 ----a-w- c:\documents and settings\Burkey Family\Local Settings\Application Data\prvlcl.dat
2010-03-05 10:09 . 2010-03-05 10:09 -------- d-----w- c:\program files\SEGA
2010-03-04 15:36 . 2010-03-04 15:36 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Ubisoft
2010-03-04 15:36 . 2010-03-04 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-03-04 11:47 . 2010-03-04 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2010-03-04 11:47 . 2010-03-29 12:36 -------- d-----w- c:\program files\OpenAL
2010-03-04 11:47 . 2010-03-04 11:47 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-04 11:47 . 2010-03-04 11:47 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-03 21:31 . 2010-03-03 21:31 -------- d-----w- c:\program files\AVG
2010-03-03 17:20 . 2010-03-03 17:20 -------- d-----w- c:\program files\Common Files\DirectX
2010-03-03 17:18 . 2010-03-03 17:18 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-03 17:01 . 2010-03-03 17:01 -------- d-----w- c:\program files\SCi Games
2010-03-02 22:39 . 2010-03-02 22:39 -------- d-----w- c:\program files\SolarWolf
2010-03-02 15:41 . 2010-03-02 15:41 -------- d-----w- c:\program files\GameSpy Arcade
2010-03-02 15:41 . 2010-03-02 15:41 614 ----a-w- c:\windows\eReg.dat
2010-03-02 15:37 . 2010-03-02 15:42 -------- d-----w- c:\windows\system32\NtmsData
2010-03-02 14:39 . 2008-04-13 18:46 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-03-02 10:30 . 2004-08-03 22:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2010-03-02 10:29 . 2001-08-17 14:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-03-02 09:23 . 2010-03-21 03:26 -------- d-----w- c:\documents and settings\Burkey Family\Local Settings\Application Data\Spotify
2010-03-02 09:23 . 2010-03-21 02:53 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Spotify
2010-03-02 09:23 . 2010-03-02 09:23 -------- d-----w- c:\program files\Spotify
2010-03-01 22:18 . 2010-03-01 22:24 -------- d-----w- c:\program files\HighwayPursuit
2010-03-01 21:52 . 2010-03-01 21:52 -------- d-----w- c:\program files\Roll 'm Up
2010-03-01 19:36 . 2010-03-01 19:36 -------- d-----w- c:\documents and settings\Burkey Family\Local Settings\Application Data\Padus
2010-03-01 17:12 . 2010-03-01 17:12 -------- d-----w- c:\program files\iPod
2010-03-01 17:12 . 2010-03-01 17:12 -------- d-----w- c:\program files\iTunes
2010-03-01 00:17 . 2010-03-01 00:17 -------- d-----w- C:\MicroProse
2010-03-01 00:16 . 2010-03-01 00:16 -------- d-----w- c:\documents and settings\Burkey Family\WINDOWS
2010-02-28 21:48 . 2010-02-28 21:48 -------- d-----w- c:\program files\Pro Pinball
2010-02-28 21:47 . 2010-02-28 21:47 179 ----a-w- c:\windows\PowerReg.dat
2010-02-28 21:47 . 2010-02-28 21:47 -------- d-----w- c:\program files\Encore Software
2010-02-28 21:46 . 1998-10-02 19:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-02-28 21:30 . 2010-02-28 21:30 -------- d-----w- c:\program files\Belarc
2010-02-28 21:30 . 2008-02-27 12:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-02-28 21:28 . 2010-02-28 21:28 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\ElevatedDiagnostics
2010-02-28 21:26 . 2010-02-28 21:26 -------- d-----w- c:\program files\Microsoft ATS
2010-02-28 21:26 . 2010-02-28 21:26 -------- d-sh--w- c:\documents and settings\Burkey Family\PrivacIE
2010-02-28 21:05 . 2010-02-28 21:05 -------- d-----w- c:\windows\system32\Adobe
2010-02-28 20:44 . 2010-02-28 20:55 -------- d-----w- c:\program files\Ultimate Pinball
2010-02-28 20:38 . 2010-02-28 20:38 -------- d-----w- c:\documents and settings\Burkey Family\Local Settings\Application Data\PunkBuster
2010-02-28 20:11 . 2010-02-28 20:39 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-28 20:11 . 2010-02-28 20:11 138056 ----a-w- c:\documents and settings\Burkey Family\Application Data\PnkBstrK.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 20:15 . 2010-02-14 13:54 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-29 14:32 . 2010-02-15 11:09 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\uTorrent
2010-03-25 21:48 . 2010-02-15 19:38 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-19 21:29 . 2010-02-14 21:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 19:50 . 2010-03-13 19:50 6973 ----a-w- c:\program files\un_Star Defender 4_26816.txt
2010-03-09 16:09 . 2010-02-15 11:10 -------- d-----w- c:\program files\uTorrent
2010-03-02 10:27 . 2010-02-19 18:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-01 17:12 . 2010-02-14 23:47 -------- d-----w- c:\program files\Common Files\Apple
2010-02-27 03:00 . 2010-02-27 03:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-26 17:15 . 2010-02-26 17:15 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\AGameAWeek
2010-02-20 09:24 . 2010-02-14 22:15 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\IObit
2010-02-20 09:17 . 2010-02-20 09:15 -------- d-----w- c:\program files\SpeedFan
2010-02-19 00:23 . 2010-02-18 13:33 -------- d-----w- c:\program files\rFactor
2010-02-18 13:17 . 2010-02-14 21:56 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-17 23:03 . 2010-02-17 23:03 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2010-02-17 23:03 . 2004-08-04 10:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2010-02-17 20:34 . 2010-02-17 20:34 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-16 21:00 . 2010-02-14 23:54 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Apple Computer
2010-02-16 21:00 . 2010-02-14 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-16 13:00 . 2010-02-14 23:33 13688 ----a-w- c:\documents and settings\Burkey Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 12:07 . 2010-02-16 12:07 -------- d-----w- c:\program files\MSBuild
2010-02-16 12:07 . 2010-02-16 12:07 -------- d-----w- c:\program files\Reference Assemblies
2010-02-16 12:04 . 2010-02-14 23:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-15 20:15 . 2010-02-15 20:15 -------- d-----w- c:\program files\Codemasters
2010-02-15 20:10 . 2010-02-15 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-15 20:09 . 2010-02-15 20:09 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-15 20:09 . 2010-02-15 20:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-02-15 20:09 . 2010-02-15 20:09 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-02-15 20:07 . 2010-02-15 20:07 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-15 20:06 . 2010-02-15 20:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-15 20:06 . 2010-03-28 11:12 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-15 20:06 . 2010-02-15 20:06 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-15 20:06 . 2010-02-15 20:06 15849560 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\selfextractor_air_1.5.3.exe
2010-02-15 20:06 . 2010-02-15 20:06 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-15 19:50 . 2010-02-15 19:50 -------- d-----w- c:\program files\KONAMI
2010-02-15 19:50 . 2010-02-15 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-02-15 19:35 . 2010-02-15 19:29 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-15 19:33 . 2010-02-15 19:33 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\DAEMON Tools
2010-02-15 18:41 . 2010-02-15 18:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-15 11:27 . 2010-02-15 11:27 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-14 23:56 . 2010-02-14 23:45 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Sony
2010-02-14 23:56 . 2010-02-14 23:56 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-02-14 23:56 . 2010-02-14 23:56 -------- d-----w- c:\program files\Sony
2010-02-14 23:56 . 2010-02-14 23:56 10134 ----a-r- c:\documents and settings\Burkey Family\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-02-14 23:56 . 2010-02-14 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-02-14 23:54 . 2010-02-14 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-14 23:53 . 2010-02-14 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-14 23:53 . 2010-02-14 23:53 -------- d-----w- c:\program files\Bonjour
2010-02-14 23:48 . 2010-02-14 23:48 23510720 ----a-w- c:\documents and settings\Burkey Family\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe
2010-02-14 23:48 . 2010-02-14 23:45 -------- d-----w- c:\documents and settings\Burkey Family\Application Data\Sony Setup
2010-02-14 23:47 . 2010-02-14 23:47 -------- d-----w- c:\program files\QuickTime
2010-02-14 23:47 . 2010-02-14 23:47 -------- d-----w- c:\program files\Apple Software Update
2010-02-14 23:46 . 2010-02-14 23:46 32494896 ----a-w- c:\documents and settings\Burkey Family\Application Data\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
2010-02-14 23:45 . 2010-02-14 23:45 -------- d-----w- c:\program files\Sony Setup
2010-02-14 23:45 . 2010-02-14 23:45 -------- d-----w- c:\program files\Common Files\Java
2010-02-14 23:45 . 2010-02-14 23:45 61440 ----a-w- c:\documents and settings\Burkey Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5cf82a8e-n\decora-sse.dll
2010-02-14 23:45 . 2010-02-14 23:45 503808 ----a-w- c:\documents and settings\Burkey Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43d0dee6-n\msvcp71.dll
2010-02-14 23:45 . 2010-02-14 23:45 499712 ----a-w- c:\documents and settings\Burkey Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43d0dee6-n\jmc.dll
2010-02-14 23:45 . 2010-02-14 23:45 348160 ----a-w- c:\documents and settings\Burkey Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43d0dee6-n\msvcr71.dll
2010-02-14 23:45 . 2010-02-14 23:45 12800 ----a-w- c:\documents and settings\Burkey Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5cf82a8e-n\decora-d3d.dll
2010-02-14 23:45 . 2010-02-14 23:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 23:45 . 2010-02-14 23:45 -------- d-----w- c:\program files\Java
2010-02-14 23:40 . 2010-02-14 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-02-14 23:39 . 2010-02-14 23:39 -------- d-----w- c:\program files\Sony Ericsson
2010-02-14 23:39 . 2010-02-14 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-02-14 23:34 . 2010-02-14 23:34 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-14 23:05 . 2010-02-14 13:20 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-14 22:15 . 2010-02-14 22:15 -------- d-----w- c:\program files\IObit
2010-02-14 22:13 . 2010-02-14 22:13 0 ----a-w- c:\windows\nsreg.dat
2010-01-12 04:03 . 2010-02-14 22:03 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2010-02-14 22:03 2283526 ----a-w- c:\windows\system32\nvdata.bin
2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

------- Sigcheck -------

[-] 2010-02-17 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2010-02-17 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Google Update"="c:\documents and settings\Burkey Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-16 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"PC Auto Shutdown"="c:\program files\PC Auto Shutdown\AutoShutdown.exe" [2009-12-14 1387520]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoLogoff"= 00

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/03/2010 20:54 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/03/2010 20:54 19024]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [10/03/2010 01:56 462440]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [07/03/2010 22:55 583640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/02/2010 20:29 717296]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [15/02/2010 00:39 90112]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [15/02/2010 00:39 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [15/02/2010 00:39 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [15/02/2010 00:39 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [15/02/2010 00:39 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [15/02/2010 00:39 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [15/02/2010 00:39 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [15/02/2010 00:39 109736]
.
Contents of the 'Scheduled Tasks' folder

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1604221776-725345543-1004Core.job
- c:\documents and settings\Burkey Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-16 18:46]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1604221776-725345543-1004UA.job
- c:\documents and settings\Burkey Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-16 18:46]

2010-03-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 18:02]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Burkey Family\Application Data\Mozilla\Firefox\Profiles\woas4m9z.default\
FF - plugin: c:\documents and settings\Burkey Family\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-STCC - The Game_1.1.1.10_is1 - d:\games\STCC - The Game\Uninstall\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 21:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-29 21:47:57
ComboFix-quarantined-files.txt 2010-03-29 20:47

Pre-Run: 64,804,147,200 bytes free
Post-Run: 64,830,955,520 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7E394279EC3154FDCCE526A598389E9C

#7 doctorwhite2001

doctorwhite2001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:02:27 AM

Posted 29 March 2010 - 03:54 PM

still doing it though

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:27 AM

Posted 31 March 2010 - 12:08 PM

Hi,
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 doctorwhite2001

doctorwhite2001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:02:27 AM

Posted 31 March 2010 - 03:56 PM

OTL logfile created on: 31/03/2010 21:50:01 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Burkey Family\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 62.68 Gb Free Space | 48.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 337.77 Gb Total Space | 161.23 Gb Free Space | 47.73% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 325.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: BURKEYFAMILY
Current User Name: Burkey Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/31 21:48:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Burkey Family\My Documents\Downloads\OTL.exe
PRC - [2010/03/28 04:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/03/09 12:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/21 06:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/14 21:12:10 | 001,387,520 | ---- | M] (GoldSolution Software, Inc.) -- C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/09 19:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/11/20 11:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/11/04 10:42:46 | 016,982,272 | ---- | M] (Sony Creative Software Inc.) -- c:\Program Files\Sony\Media Go\MediaGo.exe
PRC - [2009/11/04 10:42:32 | 000,017,664 | ---- | M] (Sony Creative Software Inc.) -- c:\Program Files\Sony\Media Go\ErrorReportLauncher.exe
PRC - [2009/10/14 16:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/09/30 18:57:20 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/01/19 23:37:44 | 000,462,440 | ---- | M] (GoldSolution Software, Inc.) -- C:\Program Files\PC Auto Shutdown\ShutdownService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/01 10:39:48 | 000,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe


========== Modules (SafeList) ==========

MOD - [2010/03/31 21:48:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Burkey Family\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/14 16:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/01/19 23:37:44 | 000,462,440 | ---- | M] (GoldSolution Software, Inc.) [Auto | Running] -- C:\Program Files\PC Auto Shutdown\ShutdownService.exe -- (PCAutoShutdown_Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 51 0F 71 FB C8 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/15 00:47:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/20 17:01:57 | 000,000,000 | ---D | M]

[2010/02/14 23:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Mozilla\Extensions
[2010/03/30 19:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Mozilla\Firefox\Profiles\woas4m9z.default\extensions
[2010/02/17 18:16:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Burkey Family\Application Data\Mozilla\Firefox\Profiles\woas4m9z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/15 12:07:48 | 000,001,011 | ---- | M] () -- C:\Documents and Settings\Burkey Family\Application Data\Mozilla\Firefox\Profiles\woas4m9z.default\searchplugins\torrentz-search.xml
[2010/02/25 18:03:21 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\Burkey Family\Application Data\Mozilla\Firefox\Profiles\woas4m9z.default\searchplugins\youtube-video-search.xml
[2010/03/30 19:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/28 18:00:57 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PC Auto Shutdown] C:\Program Files\PC Auto Shutdown\AutoShutdown.exe (GoldSolution Software, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/14 14:20:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/06/05 05:02:06 | 000,017,408 | R--- | M] () - H:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1999/05/14 02:44:40 | 000,000,055 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a7a32c42-1a69-11df-9956-001bfcf4e87d}\Shell - "" = AutoRun
O33 - MountPoints2\{a7a32c42-1a69-11df-9956-001bfcf4e87d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7a32c42-1a69-11df-9956-001bfcf4e87d}\Shell\AutoRun\command - "" = H:\encore\setup.exe -- [1998/10/02 20:04:32 | 000,071,680 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/14 14:04:31 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/31 14:13:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/30 21:02:28 | 000,000,000 | ---D | C] -- C:\schrauber13552s
[2010/03/29 21:41:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/29 21:41:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/29 21:41:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/29 21:41:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/29 21:41:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/29 21:40:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/29 21:39:40 | 000,000,000 | ---D | C] -- C:\schrauber
[2010/03/29 21:38:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/29 13:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burkey Family\My Documents\Trials 2
[2010/03/29 13:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burkey Family\Local Settings\Application Data\Redlynx
[2010/03/29 13:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trials 2 Second Edition
[2010/03/28 03:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burkey Family\Application Data\Trillian
[2010/03/28 03:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian
[2010/03/28 03:44:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/27 14:52:48 | 000,073,676 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EBPMON2.DLL
[2010/03/27 14:52:48 | 000,061,440 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ECBTEG.DLL
[2010/03/27 14:52:48 | 000,034,304 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EBPCHP.DLL
[2010/03/27 14:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010/03/27 14:52:39 | 000,000,000 | ---D | C] -- C:\epson
[2010/03/24 17:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burkey Family\Application Data\Digital Distribution Networks Ltd
[2010/03/24 17:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\mflow
[2010/03/23 12:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burkey Family\Application Data\Windows Search
[2010/03/22 18:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/03/21 21:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burkey Family\Local Settings\Application Data\ApplicationHistory
[2010/03/21 21:22:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/03/21 18:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/21 14:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/03/21 14:46:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/21 14:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burkey Family\Application Data\Windows Desktop Search
[2010/03/21 14:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/03/21 14:40:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/03/21 14:40:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/03/21 14:34:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Burkey Family\IECompatCache
[2010/03/21 13:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burkey Family\Local Settings\Application Data\DFH
[2010/03/21 13:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Softwrap
[2010/03/21 13:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Fonts
[2010/03/21 13:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Config
[2010/03/21 13:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Midway Home Entertainment
[2010/03/21 04:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/03/20 19:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burkey Family\My Documents\Activision
[2010/03/20 00:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burkey Family\Application Data\Azgard
[2010/03/20 00:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar
[2010/03/20 00:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\booddanet
[2010/03/19 22:04:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/03/18 21:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Popcap Game Collection
[2010/03/13 20:50:00 | 000,403,856 | ---- | C] (Pantaray Research LTD.) -- C:\Program Files\un_Star Defender 4_26816.exe
[2010/03/07 21:52:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/07 21:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/07 21:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/31 20:56:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1604221776-725345543-1004UA.job
[2010/03/31 19:56:28 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Burkey Family\Desktop\Google Chrome.lnk
[2010/03/31 14:56:00 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1604221776-725345543-1004Core.job
[2010/03/31 09:37:40 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/31 09:33:13 | 000,000,437 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/03/31 09:32:48 | 000,272,412 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/31 09:32:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/31 09:32:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/31 09:31:21 | 003,407,872 | ---- | M] () -- C:\Documents and Settings\Burkey Family\NTUSER.DAT
[2010/03/31 09:31:15 | 006,448,186 | -H-- | M] () -- C:\Documents and Settings\Burkey Family\Local Settings\Application Data\IconCache.db
[2010/03/30 21:21:38 | 000,002,601 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2010/03/30 21:19:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/30 21:10:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/30 21:04:28 | 003,906,159 | R--- | M] () -- C:\Documents and Settings\Burkey Family\Desktop\schrauber.exe
[2010/03/29 21:42:04 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/29 21:18:53 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Burkey Family\Desktop\HiJackThis.lnk
[2010/03/29 21:01:59 | 000,005,533 | ---- | M] () -- C:\Documents and Settings\Burkey Family\My Documents\Document.rtf
[2010/03/28 15:04:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Burkey Family\ntuser.ini
[2010/03/28 15:04:03 | 000,000,539 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/28 15:04:03 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/28 03:49:35 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Burkey Family\Desktop\Trillian.lnk
[2010/03/28 03:18:35 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Burkey Family\Desktop\DeskDungeons_0051.lnk
[2010/03/28 02:29:58 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 02:29:58 | 000,462,036 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 02:29:58 | 000,078,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/27 19:25:29 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Burkey Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/24 09:44:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/22 18:15:44 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/22 01:22:54 | 000,002,372 | ---- | M] () -- C:\Documents and Settings\Burkey Family\Desktop\Grooveshark - Listen to Free Music Online - Internet Radio - Fre.lnk
[2010/03/22 00:10:38 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/21 14:41:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/21 13:42:29 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp
[2010/03/21 13:42:29 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp
[2010/03/21 04:48:16 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Burkey Family\Desktop\Audacity.lnk
[2010/03/20 19:18:32 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Burkey Family\Desktop\Gun.lnk
[2010/03/20 00:22:22 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Burkey Family\Desktop\azgardefence.lnk
[2010/03/19 22:17:30 | 000,015,360 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/03/18 21:09:30 | 000,001,937 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peggle Nights Deluxe.lnk
[2010/03/18 21:09:26 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peggle Deluxe.lnk
[2010/03/18 21:09:22 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Chuzzle Deluxe.lnk
[2010/03/18 21:09:17 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Twist.lnk
[2010/03/18 21:09:10 | 000,001,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/29 21:42:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/29 21:42:00 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/29 21:41:29 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/29 21:41:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/29 21:41:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/29 21:41:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/29 21:41:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/29 21:35:46 | 003,906,159 | R--- | C] () -- C:\Documents and Settings\Burkey Family\Desktop\schrauber.exe
[2010/03/28 03:49:35 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Burkey Family\Desktop\Trillian.lnk
[2010/03/28 03:18:37 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Burkey Family\Desktop\DeskDungeons_0051.lnk
[2010/03/27 14:52:48 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2010/03/24 09:44:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/22 18:20:52 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/22 18:15:43 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/22 01:22:54 | 000,002,372 | ---- | C] () -- C:\Documents and Settings\Burkey Family\Desktop\Grooveshark - Listen to Free Music Online - Internet Radio - Fre.lnk
[2010/03/21 18:10:26 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Burkey Family\Desktop\HiJackThis.lnk
[2010/03/21 14:41:11 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/03/21 14:13:54 | 000,005,533 | ---- | C] () -- C:\Documents and Settings\Burkey Family\My Documents\Document.rtf
[2010/03/21 13:42:29 | 000,002,601 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2010/03/21 13:42:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp
[2010/03/21 13:42:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp
[2010/03/21 04:48:16 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Burkey Family\Desktop\Audacity.lnk
[2010/03/20 19:18:32 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Burkey Family\Desktop\Gun.lnk
[2010/03/20 16:45:15 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Burkey Family\Desktop\Shortcut to UltimateNR.lnk
[2010/03/20 00:22:22 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Burkey Family\Desktop\azgardefence.lnk
[2010/03/19 22:17:30 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/03/18 21:09:30 | 000,001,937 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Peggle Nights Deluxe.lnk
[2010/03/18 21:09:26 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Peggle Deluxe.lnk
[2010/03/18 21:09:22 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Chuzzle Deluxe.lnk
[2010/03/18 21:09:17 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Twist.lnk
[2010/03/18 21:09:10 | 000,001,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2010/03/13 20:50:00 | 000,006,973 | ---- | C] () -- C:\Program Files\un_Star Defender 4_26816.txt
[2010/03/05 13:22:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Burkey Family\Local Settings\Application Data\prvlcl.dat
[2010/03/03 18:18:08 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/03/01 22:52:48 | 000,000,304 | ---- | C] () -- C:\WINDOWS\Rollemup.ini
[2010/02/28 22:30:19 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/02/28 21:11:34 | 000,139,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/02/28 21:11:34 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Burkey Family\Application Data\PnkBstrK.sys
[2010/02/19 19:13:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/15 22:23:19 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Burkey Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/15 20:29:57 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/15 14:58:27 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 14:54:13 | 000,000,907 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2010/02/14 14:54:13 | 000,000,263 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2010/02/14 14:53:53 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/02/14 14:53:52 | 000,013,174 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/02/14 14:53:40 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/03/07 20:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/15 00:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/03/04 12:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2010/03/07 20:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalChocolate
[2010/03/13 17:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/02/15 20:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2010/03/10 01:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Auto Shutdown
[2010/03/29 21:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/04 16:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/02/15 00:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/26 18:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\AGameAWeek
[2010/03/20 00:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Azgard
[2010/02/15 20:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\DAEMON Tools
[2010/03/24 17:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Digital Distribution Networks Ltd
[2010/02/28 22:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\ElevatedDiagnostics
[2010/02/20 10:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\IObit
[2010/03/13 17:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\pokerth
[2010/03/14 12:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Registry Mechanic
[2010/02/15 00:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Sony
[2010/02/15 00:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Sony Setup
[2010/03/21 03:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Spotify
[2010/03/28 03:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Trillian
[2010/03/04 16:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Ubisoft
[2010/03/29 15:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\uTorrent
[2010/03/21 14:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Windows Desktop Search
[2010/03/23 12:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Burkey Family\Application Data\Windows Search
[2010/03/31 09:37:40 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/02/15 00:02:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/02/15 00:02:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/02/15 00:02:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/02/15 00:02:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 11:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 11:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/04 11:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 17:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/04/24 18:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/03/17 01:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 11:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >


OTL Extras logfile created on: 31/03/2010 21:50:01 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Burkey Family\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 62.68 Gb Free Space | 48.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 337.77 Gb Total Space | 161.23 Gb Free Space | 47.73% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 325.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: BURKEYFAMILY
Current User Name: Burkey Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69EA986B-B172-4FAA-B54D-853BD3A2B264}" = Popcap Game Collection
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92C7D009-A464-4948-A980-7A3E28CB2F49}" = Richard Burns Rally
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B1371574-4B13-4D3E-8F47-48C698732B00}" = Sonic & SEGA All-Stars Racing
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C538E5-524C-4253-AA74-0EEEF34990EA}" = DiscJuggler
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1" = GTR 2 1.0.0.0
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"Azgard Defence" = Azgard Defence
"Belarc Advisor" = Belarc Advisor 8.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Printer and Utilities" = EPSON Printer Software
"GameSpy Arcade" = GameSpy Arcade
"Highway Pursuit_is1" = Highway Pursuit v1.1
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Basic)
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Open Video Converter_is1" = Open Video Converter version 3.3
"OpenAL" = OpenAL
"PC Auto Shutdown_is1" = PC Auto Shutdown 4.1
"Pinball Madness 2" = Pinball Madness 2
"Pro Pinball - Timeshock!" = Pro Pinball - Timeshock!
"PunkBusterSvc" = PunkBuster Services
"Registry Mechanic_is1" = Registry Mechanic 9.0
"rFactor" = rFactor (remove only)
"SolarWolf" = SolarWolf 1.5
"SpeedFan" = SpeedFan (remove only)
"Spotify" = Spotify
"Tower Bloxx Deluxe1.0" = Tower Bloxx Deluxe
"Trillian" = Trillian
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/03/2010 07:26:29 | Computer Name = BURKEYFAMILY | Source = ESENT | ID = 455
Description = wuaueng.dll (1108) SUS20ClientDataStore: Error -1811 (0xfffff8ed)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 05/03/2010 10:15:53 | Computer Name = BURKEYFAMILY | Source = Application Error | ID = 1000
Description = Faulting application cdj.exe, version 4.60.0.1214, faulting module
cdj.exe, version 4.60.0.1214, fault address 0x0000a0b5.

Error - 05/03/2010 10:16:21 | Computer Name = BURKEYFAMILY | Source = Application Error | ID = 1000
Description = Faulting application cdj.exe, version 4.60.0.1214, faulting module
cdj.exe, version 4.60.0.1214, fault address 0x0000a0b5.

Error - 05/03/2010 17:27:54 | Computer Name = BURKEYFAMILY | Source = Application Error | ID = 1000
Description = Faulting application cdj.exe, version 4.60.0.1214, faulting module
cdj.exe, version 4.60.0.1214, fault address 0x0000a0b5.

Error - 10/03/2010 06:56:41 | Computer Name = BURKEYFAMILY | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.4.26, faulting module
teatimer.exe, version 1.6.4.26, fault address 0x0006e60e.

[ System Events ]
Error - 30/03/2010 16:04:18 | Computer Name = BURKEYFAMILY | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 30/03/2010 16:04:21 | Computer Name = BURKEYFAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 30/03/2010 16:04:21 | Computer Name = BURKEYFAMILY | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 30/03/2010 16:05:54 | Computer Name = BURKEYFAMILY | Source = Service Control Manager | ID = 7034
Description = The Sony Ericsson OMSI download service service terminated unexpectedly.
It has done this 1 time(s).

Error - 30/03/2010 16:19:54 | Computer Name = BURKEYFAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 30/03/2010 16:19:54 | Computer Name = BURKEYFAMILY | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 31/03/2010 04:16:27 | Computer Name = BURKEYFAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 31/03/2010 04:16:27 | Computer Name = BURKEYFAMILY | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 31/03/2010 04:33:13 | Computer Name = BURKEYFAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 31/03/2010 04:33:13 | Computer Name = BURKEYFAMILY | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058


< End of report >

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:27 AM

Posted 02 April 2010 - 11:56 AM

Hi,

Please uninstall PC Auto Shutdown through Add/Remove Programs. Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 doctorwhite2001

doctorwhite2001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:02:27 AM

Posted 05 April 2010 - 09:32 AM

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/04/2010 15:31:19
mbam-log-2010-04-05 (15-31-19).txt

Scan type: Quick scan
Objects scanned: 106792
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 doctorwhite2001

doctorwhite2001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:02:27 AM

Posted 05 April 2010 - 09:43 AM

it hasn't done it for a while now! microsoft sercurity essenials popped up a few days ago with TrojanClicker:ASX/Wimad.gen!H twice which it removed nothing since.

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:27 AM

Posted 06 April 2010 - 01:25 PM

And the onlinescan? smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 doctorwhite2001

doctorwhite2001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:02:27 AM

Posted 06 April 2010 - 07:09 PM

nothing on that one either! hope thats it thanks for you help.

Dan

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:27 AM

Posted 08 April 2010 - 01:18 PM

Good.

Please post back with a fresh OTL logfile and tell me how your system is running.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·