Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No idea what I got....BUT IT's BADDD


  • This topic is locked This topic is locked
29 replies to this topic

#1 rtonini

rtonini

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indianapolis, IN
  • Local time:10:45 AM

Posted 01 February 2010 - 08:59 AM

Hi!

I really hope you guys can help me with this one...

I have a Pentium IV 2.8 GHz, 1 GB

I have (2) hard drives installed in the computer that are seperated into (5) partitions.

I own and run a recording studio and have noticed the programs running extremely slow. I can't add nearly as many plug-ins as I could before and the actual operating system is running very unstable. The computer is NOT ever hooked up to the internet so I think it may have come from either another jump drive or a software that may have been installed. (2) of my main partitions are no longer accessible. (My studio recording hard drive! sad.gif ) I have compiled all of the reports on my system so I hope you guys can help me! Thank you so much for what you guys do!

P.S. - Please let me know if you need any more information from me...

Rob


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:17 AM, on 1/27/2010
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Sonic Foundry\CD Architect 5.0\CDArch50.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Windows_rejoice2007_91 - Unknown owner - C:\Program Files\system16.exe (file missing)

--
End of file - 2313 bytes

_____________________________________________________________________________________________________________

DDS (Ver_09-12-01.01) - FAT32x86
Run by Home at 15:26:20.01 on Sun 01/31/2010
Internet Explorer: 6.0.2900.3264
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.520 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmplayer.exe
L:\Software\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-18 64288]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-12-18 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-12-18 59664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-24 149864]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-24 149864]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-4-25 11776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1184912]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-4-25 33792]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2008-4-25 109056]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2008-4-25 15488]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-4-25 15232]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVENG.SYS [2009-12-15 81232]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVEX15.SYS [2009-12-15 865904]
R3 SMC55T;SMC EZ Card 10/100 (SMC1255TX-PF);c:\windows\system32\drivers\SMC55T51.sys [2008-5-5 39040]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-12-18 33552]
S2 Windows_rejoice2007_91;Windows_rejoice2007_91;c:\program files\system16.exe --> c:\program files\system16.exe [?]
S3 CGY013;CW-K85 Device;c:\windows\system32\drivers\CGY013.sys [2008-11-20 24093]
S3 cxwibu;Team H2O WIBU Driver;c:\program files\wibukey\h2o\cxwibu.sys [2008-4-25 7040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-13 38224]
S4 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S4 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2009-9-4 99248]
S4 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-12-15 1245064]

=============== Created Last 30 ================

2010-01-08 06:11:57 0 d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-01-08 06:11:37 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2010-01-08 06:10:45 0 d-----w- c:\program files\Drum Machine

==================== Find3M ====================

2009-12-15 20:52:14 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-15 20:52:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-15 20:52:14 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-15 20:52:14 10652 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-03 22:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2002-07-05 09:32:32 38912 ----a-r- c:\windows\inf\SMC55T50.sys
2002-07-05 09:31:46 39040 ----a-r- c:\windows\inf\SMC55T51.sys

============= FINISH: 15:28:21.60 ===============

____________________________________________________________________________________________________________


ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2010/02/01 02:17
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: PCI_PNP4494
Image Path: \Driver\PCI_PNP4494
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF338A000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spip.sys
Image Path: spip.sys
Address: 0xF7416000 Size: 1036288 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\all users\application data\symantec\srtsp\srtetmp\561283af.tmp
Status: Allocation size mismatch (API: 113229824, Raw: 0)

Path: d:\system volume information\_restore{5e018b9f-eeca-49b9-8b87-957d428636b1}\rp448\change.log.3
Status: Allocation size mismatch (API: 16384, Raw: 4096)

Path: e:\system volume information\_restore{5e018b9f-eeca-49b9-8b87-957d428636b1}\rp448\change.log.3
Status: Allocation size mismatch (API: 16384, Raw: 4096)

Path: e:\system volume information\_restore{5e018b9f-eeca-49b9-8b87-957d428636b1}\rp448\change.log.4
Status: Allocation size mismatch (API: 16384, Raw: 4096)

Path: F:\
Status: Locked to the Windows API!

Path: \\?\F:\*
Status: Could not enumerate files with the Windows API (0x000003ed)!


Path: F:\Mastering
Status: Invisible to the Windows API!

Path: F:\86dacb376956ffeebe021fbf22fcd6
Status: Invisible to the Windows API!

Path: F:\ACCAPELA
Status: Invisible to the Windows API!

Path: F:\Artwork
Status: Invisible to the Windows API!

Path: F:\AutoRun.inf
Status: Invisible to the Windows API!

Path: F:\Black & Whites
Status: Invisible to the Windows API!

Path: F:\closer.npr
Status: Invisible to the Windows API!

Path: F:\Digidesign Databases
Status: Invisible to the Windows API!

Path: F:\DJ Juice The Juiceman.mp3
Status: Invisible to the Windows API!

Path: F:\iam on yo my space.mp3
Status: Invisible to the Windows API!

Path: F:\iam on yo my space.npr
Status: Invisible to the Windows API!

Path: F:\Love Song Remixxx.sfk
Status: Invisible to the Windows API!

Path: F:\Love Song Remixxx.wav
Status: Invisible to the Windows API!

Path: F:\Music Contracts
Status: Invisible to the Windows API!

Path: F:\Nuendo
Status: Invisible to the Windows API!

Path: F:\Pics
Status: Invisible to the Windows API!

Path: F:\Pro Tools
Status: Invisible to the Windows API!

Path: F:\Reason Beats
Status: Invisible to the Windows API!

Path: F:\Records
Status: Invisible to the Windows API!

Path: F:\RECYCLER
Status: Invisible to the Windows API!

Path: F:\Shortcut to Sounds (G).lnk
Status: Invisible to the Windows API!

Path: F:\System Volume Information
Status: Invisible to the Windows API!

Path: F:\system16.exe
Status: Invisible to the Windows API!

Path: F:\Vision bpm 120.sfk
Status: Invisible to the Windows API!

Path: F:\Vision bpm 120.wav
Status: Invisible to the Windows API!

Path: \\?\F:\Mastering\*
Status: Could not enumerate files with the Windows API (0x000003ed)!


Path: F:\Mastering\Dj Juice - Best U Never Heard
Status: Invisible to the Windows API!

Path: \\?\F:\86dacb376956ffeebe021fbf22fcd6\*
Status: Could not enumerate files with the Windows API (0x000003ed)!


Path: F:\86dacb376956ffeebe021fbf22fcd6\mrt.exe
Status: Invisible to the Windows API!

Path: F:\86dacb376956ffeebe021fbf22fcd6\mrtstub.exe
Status: Invisible to the Windows API!

Path: \\?\F:\ACCAPELA\*
Status: Could not enumerate files with the Windows API (0x000003ed)!


Path: F:\ACCAPELA\Audio
Status: Invisible to the Windows API!

Path: F:\ACCAPELA\bens awesome guitar riffs 2.npr
Status: Invisible to the Windows API!

Path: F:\ACCAPELA\bens awesome guitar riffs SCRAPS .npr
Status: Invisible to the Windows API!

Path: F:\ACCAPELA\bens awesome guitar riffs.npr
Status: Invisible to the Windows API!

Path: F:\ACCAPELA\bens awesome guitar Vocxals.npr
Status: Invisible to the Windows API!

Path: F:\ACCAPELA\garage.npr
Status: Invisible to the Windows API!

Path: F:\ACCAPELA\Images
Status: Invisible to the Windows API!

Path: F:\ACCAPELA\MARIO.npr
Status: Invisible to the Windows API!

Path: F:\ACCAPELA\mikes hooks
Status: Invisible to the Windows API!

Path: F:\ACCAPELA\nas.npr
Status: Invisible to the Windows API!

Path: F:\ACCAPELA\piano
Status: Invisible to the Windows API!

Path: \\?\F:\Artwork\*
Status: Could not enumerate files with the Windows API (0x000003ed)!


Path: F:\Artwork\Thumbs.db
Status: Invisible to the Windows API!

Path: F:\Artwork\Wavelength 1 TEXT.ai
Status: Invisible to the Windows API!

Path: F:\Artwork\Wavelength-1-TEXT.jpg
Status: Invisible to the Windows API!

Path: \\?\F:\Black & Whites\*
Status: Could not enumerate files with the Windows API (0x000003ed)!


Path: F:\Black & Whites\.DS_Store
Status: Invisible to the Windows API!

Path: F:\Black & Whites\._DSCN0670.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\._DSCN0674.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\._DSCN0683.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\._DSCN0691.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\._DSCN0697.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\._DSCN0699.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\._DSCN0702.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\._DSCN0705.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\._DSCN0708.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\._DSCN0713.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\black @ white.psd
Status: Invisible to the Windows API!

Path: F:\Black & Whites\DSCN0670.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\DSCN0674.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\DSCN0683.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\DSCN0691.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\DSCN0697.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\DSCN0699.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\DSCN0702.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\DSCN0705.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\DSCN0708.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\DSCN0713.JPG
Status: Invisible to the Windows API!

Path: F:\Black & Whites\Thumbs.db
Status: Invisible to the Windows API!

Path: \\?\F:\Digidesign Databases\*
Status: Could not enumerate files with the Windows API (0x000003ed)!


Path: F:\Digidesign Databases\volume.ddb
Status: Invisible to the Windows API!

Path: F:\Digidesign Databases\WaveCache.wfm
Status: Invisible to the Windows API!

Path: \\?\F:\Music Contracts\*
Status: Could not enumerate files with the Windows API (0x000003ed)!


Path: F:\Music Contracts\AGENCY BOOKING AGREEMENT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\AGREEMENT OF FOREIGN AGENCY.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\AGREEMENT OF LIMITED PARTNERSHIP.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\AGREEMENT OF OBLIGATION TO PAY.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\ARTIST - MANAGEMENT CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\ARTIST - MASTER PRODUCER CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\ARTIST PRODUCER CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\ARTIST RECORDING CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\ARTISTS' MANAGEMENT CONTRACT III.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\ARTISTS' MANAGEMENT CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\BOOKING CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\BROAD RIGHTS LICENSE.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\BROADCAST RECORDING CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\BROADCAST RELEASE.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\CO-PUBLISHING CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\COMMERCIAL MUSIC CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\COMPOSER'S CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\CONCERT PERFORMANCE CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\COPYRIGHT ASSIGNMENT - PUBLISHER TO PUBLISHER.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\COPYRIGHT ASSIGNMENT - SHORT FORM.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\COPYRIGHT ASSIGNMENT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\COPYRIGHT ASSIGNMENT- PUBLISHER TO SONGWRITER.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\COPYRIGHT ASSIGNMENT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\COPYRIGHT LICENSE.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\Desktop.ini
Status: Invisible to the Windows API!

Path: F:\Music Contracts\DISTRIBUTION CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\EMPLOYMENT CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\EVENT SPONSORSHIP CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\EVENT SPONSORSHIP CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\EXCLUSIVE AGENT - MUSICIAN CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\EXCLUSIVE SONGWRITER'S CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\FILM SYNCHRONIZATION CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\FOREIGN AGENCY CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\GENERAL PARTNERSHIP CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\INDEPENDENT CONTRACTOR CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\INTERNATIONAL MARKETING CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\INTERNATIONAL MARKETING CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\ARTIST TECH RIDER.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\COPYRIGHT LICENSE AND CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\EXCLUSIVE SONGWRITER CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PERSONAL MANAGEMENT CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\Producer-Artist-Agreement-4.pdf
Status: Invisible to the Windows API!

Path: F:\Music Contracts\JOINT VENTURE CONTRACT - Publisher, Rec Co., Distributor.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\JOINT VENTURE CONTRACT - Publsiher, Producer, Rec Co..doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\MASTER RECORDING LICENSE.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\MASTER TRACK LICENSE.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\MASTER USE RCORDING LICENSE.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\MECHANICAL LICENSE I.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\MECHANICAL LICENSE II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\MECHANICAL RIGHTS LICENSE.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\MERCHANDISE LICENSE CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\MERCHANDISE LICENSING CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PARENTAL CONSENT FORM.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PARTNERSHIP CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PAYMENT OBLIGATION CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PERFORMANCE CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PERSONAL MANAGEMENT CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PERSONAL MANAGEMENT CONTRACT III.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PHOTOGRAPHER CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PRODUCER ROYALTIES CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PRODUCER TALENT CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\Producer-Artist-Agreement-1.pdf
Status: Invisible to the Windows API!

Path: F:\Music Contracts\Producer-Artist-Agreement-2.pdf
Status: Invisible to the Windows API!

Path: F:\Music Contracts\Producer-Artist-Agreement-3.pdf
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PRODUCER-COMPOSER CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PRODUCER-MANAGER CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\Producer-RecordCompany-Agreement-1.pdf
Status: Invisible to the Windows API!

Path: F:\Music Contracts\Producer-RecordCompany-Agreement-2.pdf
Status: Invisible to the Windows API!

Path: F:\Music Contracts\Producer-RecordCompany-Agreement-3.pdf
Status: Invisible to the Windows API!

Path: F:\Music Contracts\Producer-RecordCompany-Agreement-4.pdf
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PRODUCERS ASSISTANT CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PRODUCTION CONTRACT I.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PRODUCTION CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PRODUCTION-DISTRIBUTION-PROMOTION CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PROMOTIONAL CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PUBLICITY CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PUBLISHER - ROYALTY SHARING CONTRACT I.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PUBLISHER - ROYALTY SHARING CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PUBLISHER-RECORD COMPANY CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\PUBLISHING CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\RECEIPT FOR MASTERS CONTRACT I.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\RECEIPT FOR MASTERS CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\RECORD CO-DISTRIBUTER POLICY STATEMENT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\RECORD COMPANY PRODUCER CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\RECORDING COMPANY CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\RECORDING COMPANY CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\RECORDING CONTRACT III.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\RECORDING CONTRACT IV.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\RECORDING CONTRACT-ARTIST.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\RECORDING MANUFACTURING CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\ROYALTY AGREEMENT CONTRACT I.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\ROYALTY AGREEMENT CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\ROYALTY AGREEMENT CONTRACT III.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\ROYALTY PAYMENT SCHEDULE.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\SALE OF PROPERTY CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\SINGLE SONG OPTION CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\SONGWRITERS CONTRACT I.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\SONGWRITERS CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\SONGWRITERS CONTRACT III.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\SOUND AND LIGHT CONTRACTING AGREEMENT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\STUDIO CHARGES & TIME CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\SUB-PUBLISHING CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\T.V.-MOVIE-FILM SYNCHRONIZATION LICENSE.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\TALENT - RECORD COMPANY CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\TALENT RELEASE CONTRACT I.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\TALENT RELEASE CONTRACT II.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\TECHNICAL ADVISOR and CONSULTANT CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\UNION BOOKING CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\VIDEO RELEASE CONTRACT.doc
Status: Invisible to the Windows API!

Path: F:\Music Contracts\VOCALIST CONTRACT.doc
Status: Invisible to the Windows API!

Path: \\?\F:\Nuendo\*
Status: Could not enumerate files with the Windows API (0x000003ed)!


Path: F:\Nuendo\ B Demo Beat
Status: Invisible to the Windows API!

Path: F:\Nuendo\085 Scat Beats _c33f7f7f.wav
Status: Invisible to the Windows API!

Path: F:\Nuendo\100% Hoe
Status: Invisible to the Windows API!

Path: F:\Nuendo\101 Scatter_c33f7f7f.wav
Status: Invisible to the Windows API!

Path: F:\Nuendo\138 .138bpm
Status: Invisible to the Windows API!

Path: F:\Nuendo\19 rob do this bleep hawiin stailion DJ hawiian prek.npr
Status: Invisible to the Windows API!

Path: F:\Nuendo\2 Step
Status: Invisible to the Windows API!

Path: F:\Nuendo\44
Status: Invisible to the Windows API!

Path: F:\Nuendo\80's
Status: Invisible to the Windows API!

Path: F:\Nuendo\A Little Mo' Time.sfk
Status: Invisible to the Windows API!

Path: F:\Nuendo\A Little Mo' Time.wav
Status: Invisible to the Windows API!

Path: F:\Nuendo\Phase 1
Status: Invisible to the Windows API!

Path: F:\Nuendo\Phone
Status: Invisible to the Windows API!

Path: F:\Nuendo\PM
Status: Invisible to the Windows API!

Path: F:\Nuendo\Power Step
Status: Invisible to the Windows API!

Path: F:\Nuendo\PowerDrums
Status: Invisible to the Windows API!

Path: F:\Nuendo\PPT
Status: Invisible to the Windows API!

Path: F:\Nuendo\Pr
Status: Invisible to the Windows API!

Path: F:\Nuendo\Pull On Gravity 100
Status: Invisible to the Windows API!

Path: F:\Nuendo\Put Me in the Mix 85
Status: Invisible to the Windows API!

Path: F:\Nuendo\race.wav
Status: Invisible to the Windows API!

Path: F:\Nuendo\Radio
Status: Invisible to the Windows API!

Path: F:\Nuendo\Radio Intros
Status: Invisible to the Windows API!

Path: F:\Nuendo\Radio Killa
Status: Invisible to the Windows API!

Path: F:\Nuendo\Rainin
Status: Invisible to the Windows API!

Path: F:\Nuendo\Best Around
Status: Invisible to the Windows API!

Path: F:\Nuendo\Blast Off!
Status: Invisible to the Windows API!

Path: F:\Nuendo\Blondie
Status: Invisible to the Windows API!

Path: F:\Nuendo\Bloop
Status: Invisible to the Windows API!

Path: F:\Nuendo\Blow My Mind 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\Blue
Status: Invisible to the Windows API!

Path: F:\Nuendo\Bobby Bland
Status: Invisible to the Windows API!

Path: F:\Nuendo\Bohannon - Goin' For Another One
Status: Invisible to the Windows API!

Path: F:\Nuendo\Bonkers 100
Status: Invisible to the Windows API!

Path: F:\Nuendo\Boo
Status: Invisible to the Windows API!

Path: F:\Nuendo\Boobie
Status: Invisible to the Windows API!

Path: F:\Nuendo\Boom
Status: Invisible to the Windows API!

Path: F:\Nuendo\Bootsy
Status: Invisible to the Windows API!

Path: F:\Nuendo\Bouncer
Status: Invisible to the Windows API!

Path: F:\Nuendo\Brace for Inpact 150
Status: Invisible to the Windows API!

Path: F:\Nuendo\Brain Mixdown
Status: Invisible to the Windows API!

Path: F:\Nuendo\Bright Lights 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\Brotha
Status: Invisible to the Windows API!

Path: F:\Nuendo\Bryson
Status: Invisible to the Windows API!

Path: F:\Nuendo\Bullets
Status: Invisible to the Windows API!

Path: F:\Nuendo\Bullbleep
Status: Invisible to the Windows API!

Path: F:\Nuendo\Burn the Block Down 138
Status: Invisible to the Windows API!

Path: F:\Nuendo\Call Me
Status: Invisible to the Windows API!

Path: F:\Nuendo\Cosmic Space 130
Status: Invisible to the Windows API!

Path: F:\Nuendo\Crack
Status: Invisible to the Windows API!

Path: F:\Nuendo\Crazy
Status: Invisible to the Windows API!

Path: F:\Nuendo\Crunk
Status: Invisible to the Windows API!

Path: F:\Nuendo\Crunked
Status: Invisible to the Windows API!

Path: F:\Nuendo\Crzy Synths
Status: Invisible to the Windows API!

Path: F:\Nuendo\Custom
Status: Invisible to the Windows API!

Path: F:\Nuendo\D
Status: Invisible to the Windows API!

Path: F:\Nuendo\DADA
Status: Invisible to the Windows API!

Path: F:\Nuendo\Dancebleep 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\Dancing Through the Night 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\Danger 130
Status: Invisible to the Windows API!

Path: F:\Nuendo\Dare
Status: Invisible to the Windows API!

Path: F:\Nuendo\Dashin
Status: Invisible to the Windows API!

Path: F:\Nuendo\Daydream 130
Status: Invisible to the Windows API!

Path: F:\Nuendo\Daydreamin
Status: Invisible to the Windows API!

Path: F:\Nuendo\Death to Hollywood
Status: Invisible to the Windows API!

Path: F:\Nuendo\Depressed Today 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\Digidesign Databases
Status: Invisible to the Windows API!

Path: F:\Nuendo\Digital Revolution 130
Status: Invisible to the Windows API!

Path: F:\Nuendo\Dizzy
Status: Invisible to the Windows API!

Path: F:\Nuendo\Do Ya bleep
Status: Invisible to the Windows API!

Path: F:\Nuendo\Don matta
Status: Invisible to the Windows API!

Path: F:\Nuendo\Fernguly
Status: Invisible to the Windows API!

Path: F:\Nuendo\finer things
Status: Invisible to the Windows API!

Path: F:\Nuendo\Fire
Status: Invisible to the Windows API!

Path: F:\Nuendo\Fire Intro 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\Fly Away 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\FLY STAR 90
Status: Invisible to the Windows API!

Path: F:\Nuendo\Fo Real 156 handclappz
Status: Invisible to the Windows API!

Path: F:\Nuendo\Freaks 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\Freestyle
Status: Invisible to the Windows API!

Path: F:\Nuendo\Freestyles
Status: Invisible to the Windows API!

Path: F:\Nuendo\bleepIN cRAZY 140
Status: Invisible to the Windows API!

Path: F:\Nuendo\Funkadelic
Status: Invisible to the Windows API!

Path: F:\Nuendo\Funked Up
Status: Invisible to the Windows API!

Path: F:\Nuendo\G3
Status: Invisible to the Windows API!

Path: F:\Nuendo\Gangsta
Status: Invisible to the Windows API!

Path: F:\Nuendo\Gangsta REMIX
Status: Invisible to the Windows API!

Path: F:\Nuendo\Girls
Status: Invisible to the Windows API!

Path: F:\Nuendo\Go
Status: Invisible to the Windows API!

Path: F:\Nuendo\Good Mornin 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\Hollywood
Status: Invisible to the Windows API!

Path: F:\Nuendo\Hollywood 125
Status: Invisible to the Windows API!

Path: F:\Nuendo\Hollywood Interlude
Status: Invisible to the Windows API!

Path: F:\Nuendo\Hood
Status: Invisible to the Windows API!

Path: F:\Nuendo\Hott
Status: Invisible to the Windows API!

Path: F:\Nuendo\Hottnezz
Status: Invisible to the Windows API!

Path: F:\Nuendo\HP
Status: Invisible to the Windows API!

Path: F:\Nuendo\HUMMER
Status: Invisible to the Windows API!

Path: F:\Nuendo\Hurry the bleep up
Status: Invisible to the Windows API!

Path: F:\Nuendo\Hype
Status: Invisible to the Windows API!

Path: F:\Nuendo\I Just Wanna Party
Status: Invisible to the Windows API!

Path: F:\Nuendo\I Know 165
Status: Invisible to the Windows API!

Path: F:\Nuendo\I Need Her 90
Status: Invisible to the Windows API!

Path: F:\Nuendo\I Think Im Gon Crazy 132
Status: Invisible to the Windows API!

Path: F:\Nuendo\I Want You
Status: Invisible to the Windows API!

Path: F:\Nuendo\Ian
Status: Invisible to the Windows API!

Path: F:\Nuendo\Im Not Sorry
Status: Invisible to the Windows API!

Path: F:\Nuendo\Im Real Gringo
Status: Invisible to the Windows API!

Path: F:\Nuendo\Aaron Neville
Status: Invisible to the Windows API!

Path: F:\Nuendo\Ay
Status: Invisible to the Windows API!

Path: F:\Nuendo\Bellz
Status: Invisible to the Windows API!

Path: F:\Nuendo\Cordell
Status: Invisible to the Windows API!

Path: F:\Nuendo\Double
Status: Invisible to the Windows API!

Path: F:\Nuendo\Feels Good
Status: Invisible to the Windows API!

Path: F:\Nuendo\Goofy Ass Slots
Status: Invisible to the Windows API!

Path: F:\Nuendo\Jay
Status: Invisible to the Windows API!

Path: F:\Nuendo\Jungle
Status: Invisible to the Windows API!

Path: F:\Nuendo\Mix
Status: Invisible to the Windows API!

Path: F:\Nuendo\NIN 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\Peezy
Status: Invisible to the Windows API!

Path: F:\Nuendo\Randalls Sermons
Status: Invisible to the Windows API!

Path: F:\Nuendo\Sam
Status: Invisible to the Windows API!

Path: F:\Nuendo\Stars Will Stop
Status: Invisible to the Windows API!

Path: F:\Nuendo\T
Status: Invisible to the Windows API!

Path: F:\Nuendo\Trumps Up
Status: Invisible to the Windows API!

Path: F:\Nuendo\War
Status: Invisible to the Windows API!

Path: F:\Nuendo\JIC.jge
Status: Invisible to the Windows API!

Path: F:\Nuendo\Jigg On 105
Status: Invisible to the Windows API!

Path: F:\Nuendo\Johnnie Taylor
Status: Invisible to the Windows API!

Path: F:\Nuendo\Johnnie Taylor - 01 - Where There's Smoke There's Fire.mp3
Status: Invisible to the Windows API!

Path: F:\Nuendo\Johnnie Taylor - 01 - Where There's Smoke There's Fire.mp3.sfk
Status: Invisible to the Windows API!

Path: F:\Nuendo\Johnnie Taylor - 09 - You're Good For Me.mp3
Status: Invisible to the Windows API!

Path: F:\Nuendo\Johnnie Taylor - 09 - You're Good For Me.mp3.sfk
Status: Invisible to the Windows API!

Path: F:\Nuendo\JPeters
Status: Invisible to the Windows API!

Path: F:\Nuendo\Juice
Status: Invisible to the Windows API!

Path: F:\Nuendo\Juicy
Status: Invisible to the Windows API!

Path: F:\Nuendo\Mixtape1
Status: Invisible to the Windows API!

Path: F:\Nuendo\Mmm
Status: Invisible to the Windows API!

Path: F:\Nuendo\Mobsta
Status: Invisible to the Windows API!

Path: F:\Nuendo\Moby 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\More then just a feelin 160
Status: Invisible to the Windows API!

Path: F:\Nuendo\Motion Sick 90
Status: Invisible to the Windows API!

Path: F:\Nuendo\Movie Piece
Status: Invisible to the Windows API!

Path: F:\Nuendo\Mr. Black President 133
Status: Invisible to the Windows API!

Path: F:\Nuendo\My World
Status: Invisible to the Windows API!

Path: F:\Nuendo\Nasty Thang BPM 150
Status: Invisible to the Windows API!

Path: F:\Nuendo\Nepted
Status: Invisible to the Windows API!

Path: F:\Nuendo\new
Status: Invisible to the Windows API!

Path: F:\Nuendo\New Age
Status: Invisible to the Windows API!

Path: F:\Nuendo\New Bellz
Status: Invisible to the Windows API!

Path: F:\Nuendo\New Folder
Status: Invisible to the Windows API!

Path: F:\Nuendo\New Folder (2)
Status: Invisible to the Windows API!

Path: F:\Nuendo\New new
Status: Invisible to the Windows API!

Path: F:\Nuendo\NewBeat
Status: Invisible to the Windows API!

Path: F:\Nuendo\Newby
Status: Invisible to the Windows API!

Path: F:\Nuendo\Newly Samp
Status: Invisible to the Windows API!

Path: F:\Nuendo\Samp
Status: Invisible to the Windows API!

Path: F:\Nuendo\Sampled
Status: Invisible to the Windows API!

Path: F:\Nuendo\Sampled Joint Smoker
Status: Invisible to the Windows API!

Path: F:\Nuendo\Samples
Status: Invisible to the Windows API!

Path: F:\Nuendo\Saty Focused
Status: Invisible to the Windows API!

Path: F:\Nuendo\Shaana
Status: Invisible to the Windows API!

Path: F:\Nuendo\bleep Son
Status: Invisible to the Windows API!

Path: F:\Nuendo\shootin star, 120
Status: Invisible to the Windows API!

Path: F:\Nuendo\Show Intro
Status: Invisible to SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x82de4c18

#: 041 Function Name: NtCreateKey
Status: Hooked by "TfSysMon.sys" at address 0xf7339a1c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "TfSysMon.sys" at address 0xf7339c10

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf7339cb6

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spip.sys" at address 0xf7434ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spip.sys" at address 0xf7435030

#: 119 Function Name: NtOpenKey
Status: Hooked by "TfSysMon.sys" at address 0xf733990c

#: 160 Function Name: NtQueryKey
Status: Hooked by "spip.sys" at address 0xf7435108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spip.sys" at address 0xf7434f88

#: 247 Function Name: NtSetValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf7339e52

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "TfSysMon.sys" at address 0xf733bb30

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_CREATE]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_CLOSE]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_READ]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_WRITE]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_QUERY_EA]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_SET_EA]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_CLEANUP]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_SET_QUOTA]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Ntfsȅం扏楄, IRP_MJ_PNP]
Process: System Address: 0x82cb4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x82f6b1f8 Size: 121

Object: Hidden Code [Driver: ap6rvpldЅ敓쐰챐Ђఇ慆䍴ԇ,ࠀ, IRP_MJ_CREATE]
Process: System Address: 0x82d16500 Size: 121

Object: Hidden Code [Driver: ap6rvpldЅ敓쐰챐Ђఇ慆䍴ԇ,ࠀ, IRP_MJ_CLOSE]
Process: System Address: 0x82d16500 Size: 121

Object: Hidden Code [Driver: ap6rvpldЅ敓쐰챐Ђఇ慆䍴ԇ,ࠀ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82d16500 Size: 121

Object: Hidden Code [Driver: ap6rvpldЅ敓쐰챐Ђఇ慆䍴ԇ,ࠀ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82d16500 Size: 121

Object: Hidden Code [Driver: ap6rvpldЅ敓쐰챐Ђఇ慆䍴ԇ,ࠀ, IRP_MJ_POWER]
Process: System Address: 0x82d16500 Size: 121

Object: Hidden Code [Driver: ap6rvpldЅ敓쐰챐Ђఇ慆䍴ԇ,ࠀ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82d16500 Size: 121

Object: Hidden Code [Driver: ap6rvpldЅ敓쐰챐Ђఇ慆䍴ԇ,ࠀ, IRP_MJ_PNP]
Process: System Address: 0x82d16500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x82bba1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x82bba1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x82bba1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x82bba1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82bba1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82bba1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82bba1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82bba1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x82bba1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82bba1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x82bba1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x82cb6500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x82cb6500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x82cb6500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x82cb6500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82cb6500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82cb6500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x82cb6500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82cb6500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x82cb6500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x82c2a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x82c2a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82c2a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82c2a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x82c2a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82c2a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x82c2a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x82fdb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x82fdb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x82fdb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82fdb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82fdb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82fdb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82fdb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x82fdb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x82fdb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82fdb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x82fdb1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x82ce3500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x82ce3500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82ce3500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82ce3500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x82ce3500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x82ce3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x82bfc1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x82bfc1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82bfc1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82bfc1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x82bfc1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82bfc1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x82bfc1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x82dbf500 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_CREATE]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_CLOSE]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_READ]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_CLEANUP]
Process: System Address: 0x82d7f398 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_PNP]
Process: System Address: 0x82d7f398 Size: 121

==EOF==

Attached Files


Edited by rtonini, 01 February 2010 - 08:19 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:45 PM

Posted 08 February 2010 - 12:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 rtonini

rtonini
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indianapolis, IN
  • Local time:10:45 AM

Posted 09 February 2010 - 01:31 PM

Hey! Thanks again so much for all your help! You have no idea how much you guys are doing....

*It also told me that the post was too long when I added my GMER report on and the file was too big to upload so I placed it in a .zip file.

Here is my DDS report:

DDS (Ver_09-12-01.01) - FAT32x86
Run by Home at 13:20:56.92 on Tue 02/09/2010
Internet Explorer: 6.0.2900.3264
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.544 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lexmark 3500-4500 Series\LXDIAMON.EXE
C:\Documents and Settings\Home\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-18 64288]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-12-18 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-12-18 59664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-24 149864]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-24 149864]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-4-25 11776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1184912]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-4-25 33792]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2008-4-25 109056]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2008-4-25 15488]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-4-25 15232]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVENG.SYS [2009-12-15 81232]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVEX15.SYS [2009-12-15 865904]
R3 SMC55T;SMC EZ Card 10/100 (SMC1255TX-PF);c:\windows\system32\drivers\SMC55T51.sys [2008-5-5 39040]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-12-18 33552]
S2 Windows_rejoice2007_91;Windows_rejoice2007_91;c:\program files\system16.exe --> c:\program files\system16.exe [?]
S3 CGY013;CW-K85 Device;c:\windows\system32\drivers\CGY013.sys [2008-11-20 24093]
S3 cxwibu;Team H2O WIBU Driver;c:\program files\wibukey\h2o\cxwibu.sys [2008-4-25 7040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-13 38224]
S4 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S4 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2009-9-4 99248]
S4 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-12-15 1245064]

=============== Created Last 30 ================

2010-01-31 23:44:00 15132095 ----a-w- C:\Robert Tonini Web Design.psd

==================== Find3M ====================

2009-12-15 20:52:14 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-15 20:52:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-15 20:52:14 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-15 20:52:14 10652 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2002-07-05 09:32:32 38912 ----a-r- c:\windows\inf\SMC55T50.sys
2002-07-05 09:31:46 39040 ----a-r- c:\windows\inf\SMC55T51.sys

============= FINISH: 13:21:19.20 ===============

________________________________________________________________________________________________________

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:45 PM

Posted 09 February 2010 - 03:31 PM

Hello, rtonini
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 rtonini

rtonini
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indianapolis, IN
  • Local time:10:45 AM

Posted 09 February 2010 - 08:09 PM

OTL logfile created on: 2/9/2010 8:58:49 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = J:\Comp Fix
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 610.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.67 Gb Total Space | 3.07 Gb Free Space | 15.62% Space Free | Partition Type: FAT32
Drive D: | 42.26 Gb Total Space | 0.11 Gb Free Space | 0.26% Space Free | Partition Type: FAT32
Drive E: | 86.85 Gb Total Space | 19.02 Gb Free Space | 21.90% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 111.76 Gb Total Space | 4.62 Gb Free Space | 4.13% Space Free | Partition Type: FAT32

Computer Name: MICHAELMYERS
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/09 19:58:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- J:\Comp Fix\OTL.exe
PRC - [2009/12/02 07:19:04 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/02 07:19:02 | 001,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/23 12:49:24 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/09/30 17:57:20 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2007/12/11 04:59:40 | 000,307,200 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2007/12/01 00:27:00 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2007/12/01 00:27:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/24 23:07:08 | 000,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2005/10/14 04:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2003/07/16 14:48:52 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2001/08/17 22:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/09 19:58:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- J:\Comp Fix\OTL.exe
MOD - [2009/11/23 12:49:32 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2007/12/01 00:27:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Windows_rejoice2007_91)
SRV - [2009/12/15 14:52:58 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/12/02 07:19:02 | 001,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/23 12:49:24 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2008/05/31 22:22:10 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/08/24 23:07:08 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/08/24 23:07:08 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/23 14:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 14:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 10:14:42 | 000,099,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2005/10/25 23:06:08 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/10/14 04:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005/10/14 04:51:12 | 000,239,320 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/10/14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/04/25 13:36:06 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 NtKrnlpa.info
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: F:\Artwork\Wavelength-1-TEXT.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 11:37:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/02/04 01:57:06 | 000,000,090 | RH-- | M] () - D:\AutoRun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/04 01:57:06 | 000,000,090 | RH-- | M] () - E:\AutoRun.inf -- [ FAT32 ]
O32 - AutoRun File - [2007/08/27 09:27:18 | 000,000,000 | -H-D | M] - J:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2010/02/04 01:57:30 | 000,000,090 | RH-- | M] () - J:\AutoRun.inf -- [ FAT32 ]
O33 - MountPoints2\{083abe4e-12f1-11dd-9833-8c2b19277b68}\Shell - "" = AutoRun
O33 - MountPoints2\{083abe4e-12f1-11dd-9833-8c2b19277b68}\Shell\Auto\command - "" = system16.exe
O33 - MountPoints2\{083abe4e-12f1-11dd-9833-8c2b19277b68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e97b237-b91a-11dd-987b-839fdd855269}\Shell - "" = AutoRun
O33 - MountPoints2\{0e97b237-b91a-11dd-987b-839fdd855269}\Shell\Auto\command - "" = M:\system16.exe -- File not found
O33 - MountPoints2\{0e97b237-b91a-11dd-987b-839fdd855269}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{566cd2ed-132b-11de-989c-c50f529efe68}\Shell - "" = AutoRun
O33 - MountPoints2\{566cd2ed-132b-11de-989c-c50f529efe68}\Shell\Auto\command - "" = Se813.exe
O33 - MountPoints2\{566cd2ed-132b-11de-989c-c50f529efe68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{728394f0-187d-11dd-983d-f1b9b7c7cc67}\Shell - "" = AutoRun
O33 - MountPoints2\{728394f0-187d-11dd-983d-f1b9b7c7cc67}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{728394f0-187d-11dd-983d-f1b9b7c7cc67}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{da0cbae3-12b9-11dd-8008-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{da0cbae3-12b9-11dd-8008-806d6172696f}\Shell\Auto\command - "" = D:\system16.exe -- [2007/09/01 13:55:44 | 000,372,736 | RH-- | M] ()
O33 - MountPoints2\{da0cbae3-12b9-11dd-8008-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da0cbae4-12b9-11dd-8008-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{da0cbae4-12b9-11dd-8008-806d6172696f}\Shell\Auto\command - "" = system16.exe
O33 - MountPoints2\{da0cbae4-12b9-11dd-8008-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd662acc-4906-11de-98ac-d68ddbf1a868}\Shell - "" = AutoRun
O33 - MountPoints2\{fd662acc-4906-11de-98ac-d68ddbf1a868}\Shell\Auto\command - "" = J:\system16.exe -- File not found
O33 - MountPoints2\{fd662acc-4906-11de-98ac-d68ddbf1a868}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/25 11:23:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (86697685851045888)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/28 00:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\Photography 1 3 Views
[2009/09/04 14:07:16 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2009/09/04 14:07:16 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2009/09/04 14:07:16 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2009/09/04 14:07:16 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2009/09/04 14:07:16 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2009/09/04 14:07:16 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2009/09/04 14:07:16 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2009/09/04 14:07:16 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2009/09/04 14:07:16 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2009/09/04 14:07:16 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2009/09/04 14:07:16 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2009/09/04 14:07:16 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/04/25 11:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/04/25 11:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/04/25 11:28:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/25 11:28:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/09 18:55:46 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2010/02/09 18:55:46 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2010/02/09 18:55:46 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2010/02/09 18:55:46 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2010/02/09 18:55:46 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2010/02/09 18:55:46 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2010/02/09 18:55:46 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2010/02/09 18:55:46 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2010/02/09 18:55:46 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2010/02/09 18:55:46 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2010/02/09 18:55:46 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2010/02/09 18:54:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/09 18:53:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 18:52:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 18:51:08 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Home\ntuser.dat
[2010/02/05 00:51:40 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/02/04 16:01:22 | 000,000,052 | -HS- | M] () -- C:\WINDOWS\System32\p3857302.pxf
[2010/02/04 14:54:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Home\ntuser.ini
[2010/02/04 14:54:18 | 004,868,174 | -H-- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\IconCache.db
[2010/01/31 21:44:04 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\Home\default.pls
[2010/01/31 21:44:02 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/31 21:42:14 | 037,225,150 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK06-1.wav
[2010/01/31 21:42:14 | 000,072,776 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK06-1.sfk
[2010/01/31 21:42:04 | 000,093,368 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK05-1.sfk
[2010/01/31 21:41:52 | 045,944,014 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK04-1.wav
[2010/01/31 21:41:52 | 000,089,800 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK04-1.sfk
[2010/01/31 21:41:20 | 047,007,118 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK03-1.wav
[2010/01/31 21:41:20 | 000,091,880 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK03-1.sfk
[2010/01/31 21:38:24 | 000,075,288 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\CD1443381596-TRACK03-1.sfk
[2010/01/31 20:15:32 | 015,132,095 | ---- | M] () -- C:\Robert Tonini Web Design.psd
[2010/01/31 14:19:02 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\dds.scr
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/08 17:15:46 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\dds.scr
[2010/01/31 21:43:00 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Track05.cda
[2010/01/31 21:42:05 | 037,225,150 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK06-1.wav
[2010/01/31 21:42:05 | 000,072,776 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK06-1.sfk
[2010/01/31 21:41:52 | 000,093,368 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK05-1.sfk
[2010/01/31 21:41:34 | 045,944,014 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK04-1.wav
[2010/01/31 21:41:34 | 000,089,800 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK04-1.sfk
[2010/01/31 21:41:06 | 047,007,118 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK03-1.wav
[2010/01/31 21:41:06 | 000,091,880 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\CD1840767328-TRACK03-1.sfk
[2010/01/31 21:38:12 | 000,075,288 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\CD1443381596-TRACK03-1.sfk
[2010/01/31 17:44:00 | 015,132,095 | ---- | C] () -- C:\Robert Tonini Web Design.psd
[2010/01/26 23:43:23 | 039,052,844 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\its ya worldcash.wav
[2009/09/13 16:53:30 | 004,059,136 | ---- | C] () -- C:\WINDOWS\System32\PSP MasterComp.dll
[2009/09/13 16:53:30 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pspmcdx.dll
[2009/09/04 14:07:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2009/09/04 14:07:46 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2009/09/04 14:07:34 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2009/09/04 14:07:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2009/09/04 14:07:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2009/09/04 14:07:16 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2009/09/04 14:07:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2009/08/16 20:09:09 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/08/25 12:13:34 | 000,000,124 | ---- | C] () -- C:\WINDOWS\VocALign.INI
[2008/08/01 23:33:01 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/24 19:52:36 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/05/22 13:28:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\bdsrip.ini
[2008/05/06 14:52:14 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/25 14:26:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2008/04/25 13:37:29 | 008,151,040 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon.dll
[2008/04/25 13:37:17 | 008,278,016 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon HR.dll
[2008/04/25 13:37:17 | 000,520,267 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2008/04/25 13:33:41 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\libencdec.dll
[2008/04/25 13:15:04 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/04/25 12:56:03 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2008/04/25 11:59:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll

========== LOP Check ==========

[2008/04/25 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2008/04/25 13:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Ease
[2008/04/25 14:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/05/03 14:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/18 21:27:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2008/04/25 13:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\DAEMON Tools
[2008/04/25 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Propellerhead Software
[2008/04/25 13:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Audio Ease
[2008/04/25 13:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Waves Audio
[2008/04/25 13:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Steinberg
[2008/04/25 14:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\PACE Anti-Piracy
[2008/05/03 14:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Sony
[2008/08/30 18:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Opera
[2009/09/04 15:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Lexmark Productivity Studio
[2009/12/13 21:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\IObit
[2010/02/09 18:54:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2007/11/30 17:31:08 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A42ABFAEE59A1DC0E47014E7B5D76AD6 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2007/11/30 17:31:08 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A42ABFAEE59A1DC0E47014E7B5D76AD6 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 20:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007/11/30 17:24:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=335BB30ED68CF3DC0EE2BDDB438B6A9B -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2007/11/30 17:24:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=335BB30ED68CF3DC0EE2BDDB438B6A9B -- C:\WINDOWS\system32\drivers\atapi.sys
[2003/07/16 20:24:26 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2007/12/01 00:25:36 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=086FFA8479114AE3ECE616D7EB848577 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2007/12/01 00:25:36 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=086FFA8479114AE3ECE616D7EB848577 -- C:\WINDOWS\system32\eventlog.dll
[2003/07/16 20:28:04 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2007/12/01 00:25:48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=327309E36308F9DFB8D4699DF384D421 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2007/12/01 00:25:48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=327309E36308F9DFB8D4699DF384D421 -- C:\WINDOWS\system32\netlogon.dll
[2003/07/16 20:38:12 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007/12/01 00:25:52 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=625D7B39B09AB60A683AF4B95575056E -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2007/12/01 00:25:52 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=625D7B39B09AB60A683AF4B95575056E -- C:\WINDOWS\system32\scecli.dll
[2003/07/16 20:43:58 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

________________________________________________________________________________________________


OTL Extras logfile created on: 2/9/2010 8:58:54 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = J:\Comp Fix
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 610.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.67 Gb Total Space | 3.07 Gb Free Space | 15.62% Space Free | Partition Type: FAT32
Drive D: | 42.26 Gb Total Space | 0.11 Gb Free Space | 0.26% Space Free | Partition Type: FAT32
Drive E: | 86.85 Gb Total Space | 19.02 Gb Free Space | 21.90% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 111.76 Gb Total Space | 4.62 Gb Free Space | 4.13% Space Free | Partition Type: FAT32

Computer Name: MICHAELMYERS
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\lxdicoms.exe" = C:\WINDOWS\System32\lxdicoms.exe:*:Enabled:3500-4500 Series Server -- ( )
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor -- ()
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxdipswx.exe" = C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxditime.exe" = C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxdijswx.exe" = C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Lexmark 3500-4500 Series\LXDIAMON.EXE" = C:\Program Files\Lexmark 3500-4500 Series\LXDIAMON.EXE:*:Enabled:Device Monitor Application -- ()
"C:\Program Files\Lexmark 3500-4500 Series\App4R.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Printing Application -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}" = InterLok Driver Kit
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C80CD6-14DF-42E7-B460-CBF194A6439C}" = Sonic Foundry CD Architect 5.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{5C5F82A1-F792-48F9-99BE-8AFE123A23D5}" = DISC TITLE PRINTER
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{8BE47CAE-466C-4A12-AA62-3E3A1762DE87}" = Digidesign Pro Tools LE 7.0
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{92B43A6F-E328-495A-ACFA-FC47C1B7215D}" = Digidesign Shared Plug-Ins 7.0
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 7.3
"{A15B3CF2-7FB7-4102-BBC9-9680B7F0825F}" = InterLok Driver Kit
"{A74C1699-4BCE-433F-82D6-F11207A0581B}" = Sony ACID Music Studio 7.0
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{CF1D7323-8A0A-49C7-83B0-088DB90721E2}" = AmpegSVX
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}" = Free Bomb Factory Plug-Ins 7.0
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB6691DA-66D3-412E-9853-641CF7D0C35A}" = AmpliTube2
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AKAI professional DCVocoder 1.0" = AKAI professional DCVocoder 1.0
"Algorithmix Plugin Bundle 1.3" = Algorithmix Plugin Bundle 1.3
"Antares Autotune DX v4.12" = Antares Autotune DX v4.12
"Antares AVOX Vocal Kit Bundle VST v1.02" = Antares AVOX Vocal Kit Bundle VST v1.02
"Artillery" = Artillery
"AudioEase Speakersphone VST RTAS_is1" = AudioEase Speakersphone VST RTAS v1.01
"Drum Machine" = Drum Machine 1.36 BETA
"Effectrix" = Effectrix
"HijackThis" = HijackThis 2.0.2
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Guitar Rig 2" = Native Instruments Guitar Rig 2
"Native Instruments Vokator v1.0" = Native Instruments Vokator v1.0
"Nomad Factory Liquid Bundle VST v1.6" = Nomad Factory Liquid Bundle VST v1.6
"Nomad Factory SC-226" = Nomad Factory SC-226
"Nomadfactory Liquid Bundle VST RTAS v2.1" = Nomadfactory Liquid Bundle VST RTAS v2.1
"Omega ASIO driver" = Omega ASIO(remove only)
"PSP Audioware Neon HR VST RTAS" = PSP Audioware Neon HR VST RTAS
"PSP VintageWarmer v1.5d" = PSP VintageWarmer v1.5d
"PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ" = PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Reason4_is1" = Reason 4.0
"ReCycle_is1" = ReCycle 2.1.2
"Steinberg Nuendo v3.2.0.1128" = Steinberg Nuendo v3.2.0.1128
"SymSetupTemp.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"Synchro Arts VocAlign Project v2.71" = Synchro Arts VocAlign Project v2.71
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"Waves Mercury Bundle" = Waves Mercury Bundle
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"Wibu Emu driver v1.0" = Wibu Emu driver v1.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2009 10:52:29 PM | Computer Name = MICHAELMYERS | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 13.0.128.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2009 7:15:41 PM | Computer Name = MICHAELMYERS | Source = Application Hang | ID = 1002
Description = Hanging application CDArch50.exe, version 5.0.0.93, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2009 7:37:47 PM | Computer Name = MICHAELMYERS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 app4r.exe, P2 1.31.0.1, P3 46116d3d, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 edf, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

Error - 12/3/2009 12:48:36 AM | Computer Name = MICHAELMYERS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 app4r.exe, P2 1.31.0.1, P3 46116d3d, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 edf, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

Error - 12/3/2009 10:43:31 PM | Computer Name = MICHAELMYERS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 app4r.exe, P2 1.31.0.1, P3 46116d3d, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 edf, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

Error - 12/8/2009 5:45:25 PM | Computer Name = MICHAELMYERS | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 13.0.128.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2009 11:41:57 PM | Computer Name = MICHAELMYERS | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.42.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/18/2009 11:28:01 PM | Computer Name = MICHAELMYERS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/31/2009 4:00:42 PM | Computer Name = MICHAELMYERS | Source = Application Error | ID = 1000
Description = Faulting application cdarch50.exe, version 5.0.0.93, faulting module
sfscsi.dll, version 2.0.0.302, fault address 0x00002a47.

Error - 12/31/2009 4:02:56 PM | Computer Name = MICHAELMYERS | Source = Application Error | ID = 1000
Description = Faulting application cdarch50.exe, version 5.0.0.93, faulting module
sfcdx.dll, version 1.0.0.1, fault address 0x00025219.

[ System Events ]
Error - 2/9/2010 10:59:48 PM | Computer Name = MICHAELMYERS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 2/9/2010 10:59:51 PM | Computer Name = MICHAELMYERS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 2/9/2010 11:00:13 PM | Computer Name = MICHAELMYERS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 2/9/2010 11:00:15 PM | Computer Name = MICHAELMYERS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 2/9/2010 11:01:13 PM | Computer Name = MICHAELMYERS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 2/9/2010 11:01:16 PM | Computer Name = MICHAELMYERS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 2/9/2010 11:02:13 PM | Computer Name = MICHAELMYERS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 2/9/2010 11:02:15 PM | Computer Name = MICHAELMYERS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 2/9/2010 11:03:13 PM | Computer Name = MICHAELMYERS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 2/9/2010 11:03:16 PM | Computer Name = MICHAELMYERS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.


< End of report >


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:45 PM

Posted 10 February 2010 - 02:13 PM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 rtonini

rtonini
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indianapolis, IN
  • Local time:10:45 AM

Posted 11 February 2010 - 01:40 AM

Hey Tom!

I ran combofix and these are the reports it gave me. When I ran the program, it was telling me Norton Antvirus was running but I looked in my (Program Files) folder but there was nothing from Norton in there. I also went to the (Add/Remove Programs) list but found nothing there. Not sure if this might be something? I also ended up having to run ComboFix twice because the first time I didn't have Windows Recovery installed so I found a thread on here that explained how to download it and run it with ComboFix. I followed the directions and ran it the second time with the recovery on. Here are the two reports it gave me...

Thanks,
Rob

Pass 1:

ComboFix 10-02-10.01 - Home 02/11/2010 0:17.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.655 [GMT -6:00]
Running from: j:\comp fix\schrauber.exe
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msvcsv60.dll
D:\AutoRun.inf
D:\system16.exe
E:\Autorun.inf
J:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_REJOICE2007_91
-------\Service_Windows_rejoice2007_91


((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 06:11 . 2010-01-08 06:11 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-01-08 06:10 . 2010-01-08 06:10 -------- d-----w- c:\program files\Drum Machine
2009-12-19 03:27 . 2009-12-19 03:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-19 03:27 . 2009-12-19 03:27 -------- d-----w- c:\program files\Lavasoft
2009-12-19 03:27 . 2009-12-19 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-19 03:26 . 2009-12-19 03:26 -------- d-----w- c:\documents and settings\Home\Application Data\AVG8
2009-12-19 03:18 . 2009-12-19 03:18 -------- d-----w- c:\program files\Trend Micro
2009-12-19 03:05 . 2009-12-19 03:05 -------- d-----w- c:\program files\ThreatFire
2009-12-19 03:05 . 2009-12-19 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-15 22:18 . 2008-04-25 20:26 32 ----a-w- c:\windows\msocreg32.dat
2009-12-15 20:52 . 2009-12-15 20:49 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-15 20:52 . 2009-12-15 20:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-15 20:52 . 2009-12-15 20:49 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-15 20:52 . 2009-12-15 20:49 10652 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-15 20:51 . 2009-12-15 20:51 -------- d-----w- c:\program files\Windows Sidebar
2009-12-15 20:51 . 2009-12-15 20:51 -------- d-----w- c:\program files\Norton AntiVirus
2009-12-15 20:49 . 2009-12-15 20:49 -------- d-----w- c:\program files\Symantec
2009-12-14 03:38 . 2009-12-14 03:38 -------- d-----w- c:\documents and settings\Home\Application Data\IObit
2009-12-14 03:38 . 2009-12-14 03:38 -------- d-----w- c:\program files\IObit
2009-12-14 02:59 . 2009-12-14 02:59 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2009-12-14 02:59 . 2009-12-14 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-14 02:59 . 2009-12-14 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-07 14:10 . 2009-12-19 03:27 2953352 ----a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-03 22:14 . 2009-12-14 02:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-12-14 02:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 13:19 . 2009-12-19 03:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-23 18:49 . 2009-12-19 03:05 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-11-23 18:49 . 2009-12-19 03:05 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-11-23 18:49 . 2009-12-19 03:05 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-11-13 19:55 . 2009-11-13 19:55 -------- d-----w- c:\windows\Fonts\Fonts\The Best And Most Expensive Fonts
2009-11-13 19:55 . 2009-11-13 19:55 -------- d-----w- c:\windows\Fonts\Fonts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI4"=diomidi.dll
"wave3"=Digi32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxditime.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdijswx.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\LXDIAMON.EXE"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/18/2009 9:28 PM 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/25/2008 1:15 PM 716272]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12/18/2009 9:05 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12/18/2009 9:05 PM 59664]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [4/25/2008 11:59 AM 11776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1184912]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [4/25/2008 1:31 PM 33792]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [4/25/2008 11:59 AM 109056]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [4/25/2008 11:59 AM 15488]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [4/25/2008 11:59 AM 15232]
R3 SMC55T;SMC EZ Card 10/100 (SMC1255TX-PF);c:\windows\system32\drivers\SMC55T51.sys [5/5/2008 7:04 PM 39040]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12/18/2009 9:05 PM 33552]
S3 CGY013;CW-K85 Device;c:\windows\system32\drivers\CGY013.sys [11/20/2008 1:33 PM 24093]
S3 cxwibu;Team H2O WIBU Driver;c:\program files\WIBUKEY\H2O\cxwibu.sys [4/25/2008 1:46 PM 7040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/13/2009 8:59 PM 38224]
S4 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S4 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [9/4/2009 2:07 PM 99248]
.
Contents of the 'Scheduled Tasks' folder

2010-02-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Algorithmix Plugin Bundle 1.3 - c:\progra~1\ALGORI~1\ALGORI~1\UNINST~1\UNWISE.EXE
AddRemove-Antares Autotune DX v4.12 - c:\progra~1\ANTARES\AUTOTU~1\ANTARE~1\UNWISE.EXE
AddRemove-Antares AVOX Vocal Kit Bundle VST v1.02 - c:\progra~1\STEINB~1\VSTPLU~1\ANTARES\AVOXVO~1\CHOIR\UNWISE.EXE
AddRemove-Nomadfactory Liquid Bundle VST RTAS v2.1 - c:\progra~1\NOMADF~1\UNINST~1\UNWISE.EXE
AddRemove-SymSetupTemp.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2} - c:\program files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_0_0_58\Setup.exe
AddRemove-Wibu Emu driver v1.0 - c:\progra~1\WIBUKEY\H2O\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 00:36
Windows 5.1.2600 Service Pack 3, v.3264 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys sppj.sys hal.dll >>UNKNOWN [0x82F8C938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7578f28
\Driver\ACPI -> ACPI.sys @ 0xf73d6cb8
\Driver\atapi -> atapi.sys @ 0xf7391b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05b1
ParseProcedure -> ntoskrnl.exe @ 0x8056ea25
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05b1
ParseProcedure -> ntoskrnl.exe @ 0x8056ea25
NDIS: SMC EZ Card 10/100 (SMC1255TX-PF) -> SendCompleteHandler -> NDIS.sys @ 0xf72d1b0a
PacketIndicateHandler -> NDIS.sys @ 0xf72bea0d
SendHandler -> NDIS.sys @ 0xf72d2b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'lsass.exe'(820)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(1408)
c:\program files\ThreatFire\TfWah.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ThreatFire\TFService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-02-11 00:44:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-11 06:44

Pre-Run: 3,194,716,160 bytes free
Post-Run: 3,102,638,080 bytes free

- - End Of File - - 1A536890947242941C4D659FD15ECFB8

Pass 2:


ComboFix 10-02-10.01 - Home 02/11/2010 1:27.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.749 [GMT -6:00]
Running from: j:\comp fix\schrauber.exe
Command switches used :: j:\comp fix\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.

2010-02-11 06:09 . 2010-02-11 06:09 -------- d-----w- C:\schrauber

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 06:11 . 2010-01-08 06:11 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-01-08 06:10 . 2010-01-08 06:10 -------- d-----w- c:\program files\Drum Machine
2009-12-19 03:27 . 2009-12-19 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-19 03:26 . 2009-12-19 03:26 -------- d-----w- c:\documents and settings\Home\Application Data\AVG8
2009-12-19 03:18 . 2009-12-19 03:18 -------- d-----w- c:\program files\Trend Micro
2009-12-19 03:05 . 2009-12-19 03:05 -------- d-----w- c:\program files\ThreatFire
2009-12-19 03:05 . 2009-12-19 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-15 22:18 . 2008-04-25 20:26 32 ----a-w- c:\windows\msocreg32.dat
2009-12-15 20:52 . 2009-12-15 20:49 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-15 20:52 . 2009-12-15 20:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-15 20:52 . 2009-12-15 20:49 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-15 20:52 . 2009-12-15 20:49 10652 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-15 20:51 . 2009-12-15 20:51 -------- d-----w- c:\program files\Windows Sidebar
2009-12-15 20:49 . 2009-12-15 20:49 -------- d-----w- c:\program files\Symantec
2009-12-14 03:38 . 2009-12-14 03:38 -------- d-----w- c:\documents and settings\Home\Application Data\IObit
2009-12-14 03:38 . 2009-12-14 03:38 -------- d-----w- c:\program files\IObit
2009-12-14 02:59 . 2009-12-14 02:59 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2009-12-14 02:59 . 2009-12-14 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-14 02:59 . 2009-12-14 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-03 22:14 . 2009-12-14 02:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-12-14 02:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 18:49 . 2009-12-19 03:05 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-11-23 18:49 . 2009-12-19 03:05 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-11-23 18:49 . 2009-12-19 03:05 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-11-13 19:55 . 2009-11-13 19:55 -------- d-----w- c:\windows\Fonts\Fonts\The Best And Most Expensive Fonts
2009-11-13 19:55 . 2009-11-13 19:55 -------- d-----w- c:\windows\Fonts\Fonts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI4"=diomidi.dll
"wave3"=Digi32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxditime.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdijswx.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\LXDIAMON.EXE"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/25/2008 1:15 PM 716272]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12/18/2009 9:05 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12/18/2009 9:05 PM 59664]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [4/25/2008 11:59 AM 11776]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [4/25/2008 1:31 PM 33792]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [4/25/2008 11:59 AM 109056]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [4/25/2008 11:59 AM 15488]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [4/25/2008 11:59 AM 15232]
R3 SMC55T;SMC EZ Card 10/100 (SMC1255TX-PF);c:\windows\system32\drivers\SMC55T51.sys [5/5/2008 7:04 PM 39040]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12/18/2009 9:05 PM 33552]
S3 CGY013;CW-K85 Device;c:\windows\system32\drivers\CGY013.sys [11/20/2008 1:33 PM 24093]
S3 cxwibu;Team H2O WIBU Driver;c:\program files\WIBUKEY\H2O\cxwibu.sys [4/25/2008 1:46 PM 7040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/13/2009 8:59 PM 38224]
S4 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S4 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [9/4/2009 2:07 PM 99248]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 01:44
Windows 5.1.2600 Service Pack 3, v.3264 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spgz.sys hal.dll >>UNKNOWN [0x82F8C938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7578f28
\Driver\ACPI -> ACPI.sys @ 0xf73d6cb8
\Driver\atapi -> atapi.sys @ 0xf7391b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05b1
ParseProcedure -> ntoskrnl.exe @ 0x8056ea25
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05b1
ParseProcedure -> ntoskrnl.exe @ 0x8056ea25
NDIS: SMC EZ Card 10/100 (SMC1255TX-PF) -> SendCompleteHandler -> NDIS.sys @ 0xf72d1b0a
PacketIndicateHandler -> NDIS.sys @ 0xf72bea0d
SendHandler -> NDIS.sys @ 0xf72d2b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll

- - - - - - - > 'lsass.exe'(816)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(2296)
c:\program files\ThreatFire\TfWah.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ThreatFire\TFService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2010-02-11 01:52:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-11 07:52
ComboFix2.txt 2010-02-11 06:44

Pre-Run: 3,276,750,848 bytes free
Post-Run: 3,237,625,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - D9C791885E4F834189FDD4048CCFFE50

Edited by rtonini, 11 February 2010 - 01:53 AM.


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:45 PM

Posted 13 February 2010 - 07:01 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
MIA::
c:\windows\system32\userinit.exe


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 rtonini

rtonini
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indianapolis, IN
  • Local time:10:45 AM

Posted 13 February 2010 - 07:25 PM

ComboFix 10-02-10.01 - Home 02/13/2010 19:54:21.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.755 [GMT -6:00]
Running from: j:\comp fix\schrauber.exe
Command switches used :: j:\comp fix\CFScript.txt
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2010-01-14 to 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-11 07:20 . 2010-02-11 07:21 -------- d-----w- C:\schrauber20636s
2010-02-11 06:09 . 2010-02-11 06:09 -------- d-----w- C:\schrauber

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 06:11 . 2010-01-08 06:11 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-01-08 06:10 . 2010-01-08 06:10 -------- d-----w- c:\program files\Drum Machine
2009-12-19 03:27 . 2009-12-19 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-19 03:26 . 2009-12-19 03:26 -------- d-----w- c:\documents and settings\Home\Application Data\AVG8
2009-12-19 03:18 . 2009-12-19 03:18 -------- d-----w- c:\program files\Trend Micro
2009-12-19 03:05 . 2009-12-19 03:05 -------- d-----w- c:\program files\ThreatFire
2009-12-19 03:05 . 2009-12-19 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-15 22:18 . 2008-04-25 20:26 32 ----a-w- c:\windows\msocreg32.dat
2009-12-15 20:52 . 2009-12-15 20:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-15 20:52 . 2009-12-15 20:49 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-03 22:14 . 2009-12-14 02:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-12-14 02:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 18:49 . 2009-12-19 03:05 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-11-23 18:49 . 2009-12-19 03:05 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-11-23 18:49 . 2009-12-19 03:05 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI4"=diomidi.dll
"wave3"=Digi32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxditime.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdijswx.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\LXDIAMON.EXE"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12/18/2009 9:05 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12/18/2009 9:05 PM 59664]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [4/25/2008 11:59 AM 11776]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [4/25/2008 1:31 PM 33792]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [4/25/2008 11:59 AM 109056]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [4/25/2008 11:59 AM 15488]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [4/25/2008 11:59 AM 15232]
R3 SMC55T;SMC EZ Card 10/100 (SMC1255TX-PF);c:\windows\system32\drivers\SMC55T51.sys [5/5/2008 7:04 PM 39040]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12/18/2009 9:05 PM 33552]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/25/2008 1:15 PM 716272]
S3 CGY013;CW-K85 Device;c:\windows\system32\drivers\CGY013.sys [11/20/2008 1:33 PM 24093]
S3 cxwibu;Team H2O WIBU Driver;c:\program files\WIBUKEY\H2O\cxwibu.sys [4/25/2008 1:46 PM 7040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/13/2009 8:59 PM 38224]
S4 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S4 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [9/4/2009 2:07 PM 99248]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 20:08
Windows 5.1.2600 Service Pack 3, v.3264 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'lsass.exe'(804)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(3508)
c:\program files\ThreatFire\TfWah.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
.
Completion time: 2010-02-13 20:15:39
ComboFix-quarantined-files.txt 2010-02-14 02:15
ComboFix2.txt 2010-02-11 07:52
ComboFix3.txt 2010-02-11 06:44

Pre-Run: 3,241,033,728 bytes free
Post-Run: 3,206,627,328 bytes free

- - End Of File - - A3239554644A676BF43EA04D47EF7254

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:45 PM

Posted 13 February 2010 - 07:39 PM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.


  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:45 PM

Posted 19 February 2010 - 03:25 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:45 PM

Posted 13 March 2010 - 11:29 AM

Reopened by user request.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:45 PM

Posted 18 March 2010 - 02:51 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:45 PM

Posted 28 March 2010 - 11:09 PM

Reopened by user request.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 rtonini

rtonini
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indianapolis, IN
  • Local time:10:45 AM

Posted 29 March 2010 - 01:59 AM

Malwarebytes' Anti-Malware 1.44
Database version: 3925
Windows 5.1.2600 Service Pack 3, v.3264
Internet Explorer 6.0.2900.3264

3/28/2010 7:53:01 PM
mbam-log-2010-03-28 (19-53-01).txt

Scan type: Quick Scan
Objects scanned: 118060
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



_____________________________________________________________________________________________________




OTL logfile created on: 3/29/2010 12:46:04 AM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 541.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.67 Gb Total Space | 0.39 Gb Free Space | 2.00% Space Free | Partition Type: FAT32
Drive D: | 42.26 Gb Total Space | 0.32 Gb Free Space | 0.75% Space Free | Partition Type: FAT32
Drive E: | 86.85 Gb Total Space | 0.54 Gb Free Space | 0.62% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 27.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
Drive L: | 111.76 Gb Total Space | 2.63 Gb Free Space | 2.36% Space Free | Partition Type: FAT32

Computer Name: MICHAELMYERS
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/09 19:58:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
PRC - [2009/09/30 17:57:20 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2009/06/16 14:36:22 | 003,272,704 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2009/06/04 15:49:18 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/02/13 17:09:40 | 000,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2007/12/11 04:59:40 | 000,307,200 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2007/12/01 00:27:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/12/01 00:26:30 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/24 23:07:08 | 000,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/14 00:05:34 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2005/10/14 04:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005/10/03 00:00:00 | 000,313,185 | ---- | M] (H2O) -- C:\Program Files\WIBUKEY\H2O\CXWibu.exe
PRC - [2001/08/17 22:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/09 19:58:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
MOD - [2007/12/01 00:27:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/14 16:03:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/14 15:53:16 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/12/15 14:52:58 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/06/04 15:49:18 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/08/24 23:07:08 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/08/24 23:07:08 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 10:14:42 | 000,099,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/14 00:05:34 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2005/10/14 04:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005/10/14 04:51:12 | 000,239,320 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/10/14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/03/14 17:07:18 | 000,000,060 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [H2OWIBU] C:\Program Files\WIBUKEY\H2O\CXWibu.exe (H2O)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O4 - Startup: C:\Documents and Settings\Home\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 11:37:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/02/21 18:43:07 | 000,358,248 | R--- | M] (NETGEAR Inc.) - H:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 02:27:40 | 000,000,047 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/08/27 09:27:18 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O33 - MountPoints2\{da0cbae0-12b9-11dd-8008-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{da0cbae0-12b9-11dd-8008-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da0cbae0-12b9-11dd-8008-806d6172696f}\Shell\AutoRun\command - "" = H:\Autorun.exe -- [2008/02/21 18:43:07 | 000,358,248 | R--- | M] (NETGEAR Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/25 11:23:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/28 21:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/28 21:36:10 | 000,240,248 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\wpcap.dll
[2010/03/28 21:36:10 | 000,088,696 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\Packet.dll
[2010/03/28 21:36:10 | 000,068,224 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\WanPacket.dll
[2010/03/28 21:36:10 | 000,034,064 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/03/28 21:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/03/28 19:53:33 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/03/26 01:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\ZoomBrowser EX
[2010/03/26 00:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2010/03/26 00:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/03/15 21:04:29 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\REX Shared Library.dll
[2010/03/15 20:16:07 | 000,015,488 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\mbx2dfu.sys
[2010/03/15 20:16:07 | 000,015,232 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\mbx2midk.sys
[2010/03/15 02:52:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/09/04 14:07:16 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2009/09/04 14:07:16 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2009/09/04 14:07:16 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2009/09/04 14:07:16 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2009/09/04 14:07:16 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2009/09/04 14:07:16 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2009/09/04 14:07:16 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2009/09/04 14:07:16 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2009/09/04 14:07:16 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2009/09/04 14:07:16 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2009/09/04 14:07:16 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2009/09/04 14:07:16 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/04/25 11:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/04/25 11:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/04/25 11:28:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/25 11:28:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/29 00:47:36 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Home\ntuser.dat
[2010/03/28 21:36:06 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2010/03/28 19:46:56 | 000,524,148 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 19:46:56 | 000,439,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 19:46:56 | 000,076,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 16:17:38 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2010/03/28 16:17:38 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2010/03/28 16:17:38 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2010/03/28 16:17:38 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2010/03/28 16:17:38 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2010/03/28 16:17:38 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2010/03/28 16:17:38 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2010/03/28 16:17:38 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2010/03/28 16:17:38 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2010/03/28 16:17:38 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2010/03/28 16:17:38 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2010/03/27 18:26:10 | 000,000,095 | ---- | M] () -- C:\Documents and Settings\Home\default.pls
[2010/03/27 18:26:08 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/26 23:13:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/26 23:13:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/26 00:31:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Home\ntuser.ini
[2010/03/26 00:31:52 | 010,217,140 | -H-- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\IconCache.db
[2010/03/26 00:23:56 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Digital Photo Professional.lnk
[2010/03/16 01:46:28 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Adobe Dreamweaver CS4.lnk
[2010/03/16 01:45:56 | 000,001,143 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Adobe Illustrator CS4.lnk
[2010/03/16 01:45:26 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Adobe Photoshop CS4.lnk
[2010/03/15 21:04:30 | 000,233,472 | ---- | M] (Propellerhead Software AB) -- C:\WINDOWS\System32\REX Shared Library.dll
[2010/03/15 20:23:12 | 001,989,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/15 03:47:52 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/28 21:36:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/03/28 21:36:04 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2010/03/26 00:23:55 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Digital Photo Professional.lnk
[2010/03/16 01:46:27 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Adobe Dreamweaver CS4.lnk
[2010/03/16 01:45:54 | 000,001,143 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Adobe Illustrator CS4.lnk
[2010/03/16 01:45:24 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Adobe Photoshop CS4.lnk
[2010/03/14 17:09:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2010/02/11 00:53:23 | 000,693,994 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2009/09/13 16:53:30 | 004,059,136 | ---- | C] () -- C:\WINDOWS\System32\PSP MasterComp.dll
[2009/09/13 16:53:30 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pspmcdx.dll
[2009/09/04 14:07:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2009/09/04 14:07:46 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2009/09/04 14:07:34 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2009/09/04 14:07:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2009/09/04 14:07:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2009/09/04 14:07:16 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2009/09/04 14:07:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2009/08/16 20:09:09 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/08/25 12:13:34 | 000,000,124 | ---- | C] () -- C:\WINDOWS\VocALign.INI
[2008/08/01 23:33:01 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/24 19:52:36 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/05/22 13:28:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\bdsrip.ini
[2008/05/06 14:52:14 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/25 13:37:29 | 008,151,040 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon.dll
[2008/04/25 13:37:17 | 008,278,016 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon HR.dll
[2008/04/25 13:37:17 | 000,520,267 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2008/04/25 13:33:41 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\libencdec.dll
[2008/04/25 13:15:04 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/04/25 12:56:03 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2008/04/25 11:59:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll

========== LOP Check ==========

[2008/04/25 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2008/04/25 13:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Ease
[2008/04/25 14:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/05/03 14:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/25 13:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\DAEMON Tools
[2008/04/25 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Propellerhead Software
[2008/04/25 13:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Audio Ease
[2008/04/25 13:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Waves Audio
[2008/04/25 13:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Steinberg
[2008/04/25 14:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\PACE Anti-Piracy
[2008/05/03 14:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Sony
[2008/08/30 18:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Opera
[2009/09/04 15:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Lexmark Productivity Studio
[2009/12/13 21:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\IObit
[2010/02/17 18:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Canon

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2007/11/30 17:31:08 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A42ABFAEE59A1DC0E47014E7B5D76AD6 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2007/11/30 17:31:08 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A42ABFAEE59A1DC0E47014E7B5D76AD6 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2007/11/30 17:31:08 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A42ABFAEE59A1DC0E47014E7B5D76AD6 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 20:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007/11/30 17:24:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=335BB30ED68CF3DC0EE2BDDB438B6A9B -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2007/11/30 17:24:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=335BB30ED68CF3DC0EE2BDDB438B6A9B -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2007/11/30 17:24:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=335BB30ED68CF3DC0EE2BDDB438B6A9B -- C:\WINDOWS\system32\drivers\atapi.sys
[2003/07/16 20:24:26 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2007/12/01 00:25:36 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=086FFA8479114AE3ECE616D7EB848577 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2007/12/01 00:25:36 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=086FFA8479114AE3ECE616D7EB848577 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2007/12/01 00:25:36 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=086FFA8479114AE3ECE616D7EB848577 -- C:\WINDOWS\system32\eventlog.dll
[2003/07/16 20:28:04 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2007/12/01 00:25:48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=327309E36308F9DFB8D4699DF384D421 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2007/12/01 00:25:48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=327309E36308F9DFB8D4699DF384D421 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2007/12/01 00:25:48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=327309E36308F9DFB8D4699DF384D421 -- C:\WINDOWS\system32\netlogon.dll
[2003/07/16 20:38:12 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007/12/01 00:25:52 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=625D7B39B09AB60A683AF4B95575056E -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2007/12/01 00:25:52 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=625D7B39B09AB60A683AF4B95575056E -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2007/12/01 00:25:52 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=625D7B39B09AB60A683AF4B95575056E -- C:\WINDOWS\system32\scecli.dll
[2003/07/16 20:43:58 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users