Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ATAPI.SYS, can't login to certain sites, THANKS


  • This topic is locked This topic is locked
72 replies to this topic

#1 goodie2010

goodie2010

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 12 May 2010 - 08:59 PM

Hello here's the link to my initial post.

http://www.bleepingcomputer.com/forums/ind...p;#entry1755055

Good day, a couple of days ago my computer started acting a little different. I was trying to login to myspace and it never loads. Other sites were giving me some message about certificate. I can't log into gmail, paypal, etc...I ran malwarebytes and nothing came up. I ran spybot and it found 1 registry thing and it deleted, i just ran bitdefender and it found 1, its called ATAPI.SYS

On another note my documents and pictures folders are all out of wack. Meaning, when I click date created, or modified, it still arranges files in some other way, its not by name, size, type, etc....I can save a document right now and it'll be out of place, the setting i have is by date created, but its not putting files in that order. My clock changed, I keep getting a message about my yahoo toolbar certificate wont be until may 2009 or something.

I followed instructions given to me in my other thread by Orange Blossom (by the way thanks again) but when it came time to run gmer my computer kept freezing after about 3 minutes in the scan. When I got to task manager it showed my computer usage was 100%. I had my internet browsers closed no non mandatory programs were running.

here is my dds log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 8:49:36.56 on Sun 01/04/2004
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1657 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\fsproflt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sonique\Sonique.exe
C:\Program Files\Sonique\sqstart.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\IrfanView3.99\i_view32.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds(3).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236394652509
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\l8r50sm9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\administrator\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2010-4-19 16384]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-3-15 43792]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-8-26 40560]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [2008-6-7 84752]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2009-4-3 1680704]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2007-11-26 20992]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-3-15 73344]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-8 236368]
R2 NetBurnerService;Net Burner iSCSI Service;c:\program files\paragon software\drive backup 9 professional\net burner service\NetBurnerService.exe [2008-6-7 223248]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-5-3 33792]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [2004-1-1 158600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-8 19160]
R3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [2009-3-16 65794]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-4-10 127496]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [2007-11-26 163352]
S3 SliceDisk5;SliceDisk5;\??\c:\docume~1\admini~1\locals~1\temp\slicedisk.sys --> c:\docume~1\admini~1\locals~1\temp\slicedisk.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2010-4-22 16896]

=============== Created Last 30 ================

2010-05-03 21:48:23 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-05-03 21:47:43 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-03 21:47:39 14640 -c----w- c:\windows\system32\spmsgXP_2k3.dll
2010-05-03 13:39:10 581192 -c--a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-05-03 13:39:10 1112288 -c--a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-05-03 11:14:02 0 dc----w- C:\N1
2010-05-03 11:11:17 0 dc----w- C:\android-sdk-windows
2010-05-03 10:35:14 994279 -c--a-w- C:\fastboot.exe
2010-05-03 10:35:14 96256 -c--a-w- C:\AdbWinApi.dll
2010-05-03 10:35:14 60928 -c--a-w- C:\AdbWinUsbApi.dll
2010-05-03 10:35:14 2530671 -c--a-w- C:\adb.exe
2010-05-03 10:24:33 0 dc----w- C:\superboot
2010-05-03 10:05:03 0 dc----w- c:\documents and settings\administrator\.android
2010-05-03 09:46:35 0 dc----w- C:\fastboot
2010-04-26 10:33:19 90112 -c--a-w- c:\windows\system32\stacsv.exe
2010-04-24 17:00:03 98816 -c--a-w- c:\windows\sed.exe
2010-04-24 17:00:03 77312 -c--a-w- c:\windows\MBR.exe
2010-04-24 17:00:03 261632 -c--a-w- c:\windows\PEV.exe
2010-04-24 17:00:03 161792 -c--a-w- c:\windows\SWREG.exe
2010-04-24 16:37:34 0 -c--a-w- c:\documents and settings\administrator\ntuser.tmp
2010-04-23 01:57:50 737280 -c--a-w- c:\windows\system32\msvcp70d.dll
2010-04-23 01:57:50 536576 -c--a-w- c:\windows\system32\msvcr70d.dll
2010-04-23 01:00:38 0 dc----w- c:\program files\KORG
2010-04-23 01:00:38 0 dc----w- c:\program files\common files\KORG
2010-04-23 00:45:17 147425 -c--a-w- c:\windows\system32\SYNSOACC-Aide.chm
2010-04-23 00:45:17 120468 -c--a-w- c:\windows\system32\SYNSOACC-Hilfe.chm
2010-04-23 00:45:17 114279 -c--a-w- c:\windows\system32\SYNSOACC-Help.chm
2010-04-23 00:45:16 16896 -c--a-w- c:\windows\system32\drivers\synasUSB.sys
2010-04-23 00:45:07 86016 -c--a-w- c:\windows\system32\SYNSOPOS.exe
2010-04-22 14:28:37 3090 -c--a-w- c:\documents and settings\administrator\trk.ens
2010-04-22 13:34:49 0 dc----w- c:\program files\Cakewalk
2010-04-22 13:34:49 0 dc----w- c:\docume~1\alluse~1\applic~1\Cakewalk
2010-04-22 12:38:51 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-04-22 12:20:37 491520 -c--a-w- c:\windows\system32\libencdec.dll
2010-04-22 12:20:37 0 dc----w- c:\docume~1\admini~1\applic~1\Audio Ease
2010-04-22 12:20:33 0 dc----w- c:\program files\Audio Ease
2010-04-22 12:20:33 0 dc----w- c:\docume~1\alluse~1\applic~1\Audio Ease
2010-04-22 10:51:25 2892 -c--a-w- c:\windows\system32\audcon.sys
2010-04-22 10:51:24 0 dc----w- c:\docume~1\alluse~1\applic~1\Syncrosoft
2010-04-22 10:49:22 0 dc----w- c:\docume~1\alluse~1\applic~1\eLicenser
2010-04-22 10:49:20 0 dc----w- c:\program files\eLicenser
2010-04-22 10:48:59 45 -c--a-w- c:\windows\system32\SYNSOPOS.exe.cfg
2010-04-22 10:48:14 163840 -c--a-w- c:\windows\system32\ArtFfct.dll
2010-04-22 10:48:06 0 dc----w- c:\program files\Arturia
2010-04-22 10:48:06 0 dc----w- c:\docume~1\alluse~1\applic~1\Arturia
2010-04-22 10:45:51 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}
2010-04-22 10:29:13 0 dc----w- c:\program files\Native Instruments
2010-04-22 10:21:08 0 dc----w- c:\docume~1\alluse~1\applic~1\Temporary
2010-04-22 10:20:34 0 dc----w- c:\program files\common files\Celemony
2010-04-22 10:20:13 0 dc----w- c:\program files\Celemony
2010-04-22 10:13:40 1777664 -c--a-w- c:\windows\system32\gdiplus.dll
2010-04-22 10:07:33 0 dc----w- c:\program files\Image-Line
2010-04-21 09:09:59 0 dc----w- c:\program files\ConvertHelper
2010-04-21 09:07:49 0 dc----w- c:\documents and settings\administrator\dwhelper
2010-04-19 05:28:36 0 dc----w- c:\docume~1\admini~1\applic~1\Digidesign
2010-04-19 05:28:09 0 dc----w- C:\Digidesign Databases
2010-04-19 05:12:00 16384 -c--a-w- c:\windows\system32\drivers\DigiFilt.sys
2010-04-19 05:10:29 974848 -c--a-w- c:\windows\system32\mfc70.dll
2010-04-19 05:10:29 217088 -c--a-w- c:\windows\system32\qtmlClient.dll
2010-04-19 05:10:27 630784 -c----w- c:\windows\system32\ilinet.dll
2010-04-19 05:10:19 90112 -c--a-w- c:\windows\system32\WinMMFix.dll
2010-04-19 05:10:19 659456 -c--a-w- c:\windows\system32\DSI.dll
2010-04-19 05:10:19 3683014 -c--a-w- c:\windows\system32\DirectIO.dll
2010-04-19 05:10:19 270336 -c--a-w- c:\windows\system32\DigiPlatformSupport.dll
2010-04-19 05:10:19 15872 -c--a-w- c:\windows\system32\digicoin.dll
2010-04-19 05:10:19 1362460 -c--a-w- c:\windows\system32\ExpansionHD_Firmware.bin
2010-04-18 22:35:48 69632 -c--a-w- c:\windows\system32\com.fxpansion.fxshared.dll
2010-04-18 13:36:32 60032 -c--a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-04-18 13:36:32 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-04-17 10:34:26 0 dc----w- c:\program files\common files\PACE Anti-Piracy
2010-04-17 10:34:26 0 dc----w- c:\docume~1\alluse~1\applic~1\PACE Anti-Piracy
2010-04-04 05:08:41 122 -c--a-w- c:\windows\msmmdx9.ini
2010-02-20 06:41:34 0 dc----w- c:\docume~1\admini~1\applic~1\QuickScan
2010-02-13 00:35:09 0 dcsha-r- C:\cmdcons
2010-01-24 12:01:40 0 dc----w- c:\program files\LUXONIX
2010-01-24 11:01:13 16 -c--a-w- c:\windows\system32\w3data.vss
2010-01-24 11:01:13 16 -c--a-w- c:\windows\msocreg32.dat
2010-01-24 11:00:38 0 dc----w- c:\program files\Sonik Synth 2
2010-01-24 01:43:40 0 dc----w- c:\program files\common files\Native Instruments
2010-01-24 01:43:11 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2010-01-23 23:05:05 0 dc----w- c:\windows\vocoder
2010-01-23 22:56:04 0 dc----w- c:\docume~1\admini~1\applic~1\Antares
2010-01-23 22:56:03 0 dc----w- c:\program files\Antares Audio Technologies
2010-01-08 23:59:59 401484 -c--a-w- c:\windows\system32\Msvcrtd.dll
2010-01-08 23:59:57 0 dc----w- c:\program files\FXpansion DR-008 v1.21
2010-01-08 05:31:20 471 -c--a-w- c:\windows\system32\Datei4
2010-01-08 05:31:20 471 -c--a-w- c:\windows\system32\Datei2
2010-01-08 05:31:20 470 -c--a-w- c:\windows\system32\Datei3
2010-01-08 05:31:20 470 -c--a-w- c:\windows\system32\Datei1
2010-01-08 05:31:20 469 -c--a-w- c:\windows\system32\Datei7
2010-01-08 05:31:20 469 -c--a-w- c:\windows\system32\Datei5
2010-01-08 05:31:20 468 -c--a-w- c:\windows\system32\Datei0
2010-01-08 05:31:20 467 -c--a-w- c:\windows\system32\Datei9
2010-01-08 05:31:20 467 -c--a-w- c:\windows\system32\Datei8
2010-01-08 05:31:20 467 -c--a-w- c:\windows\system32\Datei10
2010-01-08 05:31:20 465 -c--a-w- c:\windows\system32\Datei6
2010-01-08 04:49:03 0 dc----w- c:\program files\Digidesign
2010-01-08 04:49:00 0 dc----w- c:\program files\Garritan Personal Orchestra
2010-01-08 04:07:52 0 dc----w- c:\program files\Alcohol Soft
2010-01-08 03:48:52 1177600 -c--a-w- c:\windows\system32\SYNSOEMU.DLL
2010-01-08 03:47:26 0 dc----w- c:\program files\rgcaudio software
2010-01-08 03:46:36 69632 -c--a-w- c:\windows\system32\FxShared.dll
2010-01-08 03:46:08 0 dc----w- c:\program files\FXpansion
2010-01-08 03:45:41 0 dc----w- c:\docume~1\admini~1\applic~1\FXpansion
2010-01-03 21:51:22 0 dc----w- c:\program files\Trend Micro
2010-01-03 14:00:50 0 dc----w- c:\program files\common files\Digidesign
2010-01-03 14:00:38 0 dc----w- c:\program files\Spectrasonics
2009-12-27 02:14:42 0 dc----w- c:\program files\Seagate
2009-12-27 02:14:42 0 dc----w- c:\docume~1\alluse~1\applic~1\Seagate
2009-12-27 02:13:35 0 dcsh--w- c:\windows\ftpcache
2009-12-09 00:38:35 0 dc----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-12-09 00:38:29 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 00:38:28 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-09 00:38:26 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-09 00:38:26 0 dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 23:15:42 0 dc----w- c:\program files\Ask.com
2009-11-22 23:14:51 0 dc----w- c:\program files\DVDVideoSoft
2009-11-22 23:14:51 0 dc----w- c:\program files\common files\DVDVideoSoft
2009-11-13 22:33:02 0 dc----w- c:\docume~1\admini~1\applic~1\PACE Anti-Piracy
2009-11-13 22:17:41 0 dc----w- c:\docume~1\alluse~1\applic~1\Line 6
2009-11-13 22:17:36 233472 -c--a-w- c:\windows\system32\REX Shared Library.dll
2009-11-13 22:17:35 406528 -c--a-w- c:\windows\system32\ReWire.dll
2009-11-13 22:16:07 0 dc----w- c:\program files\CodeMeter
2009-11-12 02:43:21 0 dc----w- C:\spoolerlogs
2009-11-11 08:52:55 0 dc----w- c:\docume~1\alluse~1\applic~1\kds_kodak
2009-11-10 10:33:46 0 dc----w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-09 18:56:38 643592 -c--a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2009-11-09 18:56:32 253448 -c--a-w- c:\windows\system32\M-AudioFastTrackProControlPanelApplet.cpl
2009-11-09 18:56:24 32776 -c--a-w- c:\windows\system32\mausbasio.dll
2009-11-09 18:56:04 2526185 -c--a-w- c:\windows\system32\madiousb.dll
2009-11-07 14:56:11 0 dc----w- c:\docume~1\alluse~1\applic~1\Eastman Kodak Company
2009-11-07 14:50:05 405504 -c--a-w- c:\windows\system32\EKIJ5000MON.dll
2009-11-07 14:49:09 0 dc----w- c:\program files\Kodak
2009-11-07 11:04:54 0 dc----w- c:\program files\Bonjour
2009-11-07 11:03:07 0 dc----w- c:\docume~1\admini~1\applic~1\Temp
2009-11-07 10:58:44 0 dc----w- c:\docume~1\alluse~1\applic~1\Kodak
2009-11-07 10:57:41 0 dc----w- c:\windows\system32\kodak
2009-11-07 10:57:36 87040 -c--a-w- c:\windows\system32\wiafbdrv.dll
2009-11-07 10:57:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-09-21 22:38:48 0 dc----w- c:\program files\att-prt22
2009-09-21 22:38:37 0 dc----w- c:\program files\ATT-PRT22-WISE
2009-09-13 16:16:07 0 dc----w- c:\program files\Motorola Tools
2009-09-11 21:03:45 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2009-09-11 21:03:45 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-09-08 21:59:17 0 dc----w- c:\docume~1\alluse~1\applic~1\deletepart
2009-09-03 01:08:31 0 dc----w- c:\program files\RAR Password Recovery Magic
2009-08-28 04:52:39 0 dc----w- c:\program files\Spybot - Search & Destroy
2009-08-28 04:52:39 0 dc----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-27 01:17:45 0 dc----w- c:\docume~1\alluse~1\applic~1\redistpart
2009-08-27 01:15:17 0 dc----w- c:\docume~1\alluse~1\applic~1\createpart
2009-08-27 01:15:07 0 dc----w- c:\docume~1\alluse~1\applic~1\explauncher
2009-08-27 01:15:05 0 dc----w- c:\docume~1\alluse~1\applic~1\launcher
2009-08-27 01:10:27 40560 -c--a-w- c:\windows\system32\drivers\hotcore3.sys
2009-08-27 01:10:00 0 dc----w- c:\program files\Paragon Software
2009-08-27 00:07:59 0 d-----w- C:\ubuntu
2009-08-22 18:11:39 0 dc----w- c:\program files\DivXCodec
2009-08-22 18:11:24 0 dc----w- c:\program files\GordianKnot
2009-08-16 14:43:47 50 -c--a-w- c:\windows\MegaManager.INI
2009-08-15 00:41:23 0 dc----w- c:\program files\Nuclear Coffee
2009-08-14 23:55:54 299008 -c--a-w- c:\windows\system32\TubeFinder.exe
2009-08-14 23:55:52 84512 -c--a-w- c:\windows\system32\PICCLP32.OCX
2009-08-14 23:55:52 364544 -c--a-w- c:\windows\system32\PropertyGrid.ocx
2009-08-14 23:55:52 208500 -c--a-w- c:\windows\system32\ReyXpBasics.tlb
2009-08-14 23:55:52 119568 -c--a-w- c:\windows\system32\VB6FR.DLL
2009-08-14 23:55:52 101888 -c--a-w- c:\windows\system32\VB6STKIT.DLL
2009-08-14 23:55:51 9728 -c--a-w- c:\windows\system32\PCCLPFR.DLL
2009-08-14 23:55:51 32768 -c--a-w- c:\windows\system32\CMDLGFR.DLL
2009-08-14 23:55:51 24576 -c--a-w- c:\windows\system32\ControlSubX.ocx
2009-08-14 23:55:51 141312 -c--a-w- c:\windows\system32\MSCMCFR.DLL
2009-08-14 23:55:51 0 dc----w- c:\program files\Free FLV Converter
2009-08-14 02:23:37 37026568 -c--a-w- C:\Absynth 5.exe
2009-08-08 16:20:00 0 dc----w- c:\docume~1\admini~1\applic~1\Megaupload
2009-08-08 16:19:30 0 dc----w- c:\program files\Megaupload
2009-07-31 19:57:00 126976 -c--a-w- c:\windows\system32\EKIJCOINST05.dll
2009-07-25 19:40:34 0 dc----w- c:\docume~1\alluse~1\applic~1\GoldWave
2009-06-12 16:58:06 0 dc----w- c:\program files\common files\Wise Installation Wizard
2009-05-31 04:32:19 306688 -c--a-w- c:\windows\IsUninst.exe
2009-05-30 11:59:59 0 dc----w- c:\program files\Sony
2009-05-30 11:55:42 0 dc----w- c:\program files\Sony Setup
2009-05-30 11:47:48 0 dc----w- c:\docume~1\admini~1\applic~1\Tracktion 3
2009-05-30 11:47:36 0 dc----w- c:\program files\Tracktion 3
2009-05-30 11:09:02 0 dc----w- c:\docume~1\admini~1\applic~1\REAPER
2009-05-30 11:05:59 0 dc----w- c:\program files\REAPER
2009-05-11 23:44:20 0 dc----w- c:\program files\GoldWave5.51
2009-05-11 23:41:08 0 dc----w- c:\docume~1\alluse~1\applic~1\Tracktion 3
2009-05-11 23:34:20 0 dc----w- c:\docume~1\admini~1\applic~1\Thinstall
2009-05-10 03:56:48 0 dc----w- c:\docume~1\alluse~1\applic~1\vsosdk
2009-05-10 03:05:26 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-10 03:05:26 47360 -c--a-w- c:\docume~1\admini~1\applic~1\pcouffin.sys
2009-05-10 03:05:20 102439 -c--a-w- c:\windows\system32\sipr3260.dll
2009-05-10 03:05:19 65602 -c--a-w- c:\windows\system32\cook3260.dll
2009-05-10 03:05:19 626688 -c--a-w- c:\windows\system32\vp7vfw.dll
2009-05-10 03:05:19 217127 -c--a-w- c:\windows\system32\drv43260.dll
2009-05-10 03:05:19 208935 -c--a-w- c:\windows\system32\drv33260.dll
2009-05-10 03:05:19 176165 -c--a-w- c:\windows\system32\drv23260.dll
2009-05-10 03:05:19 1184984 -c--a-w- c:\windows\system32\wvc1dmod.dll
2009-05-10 03:05:17 0 dc----w- c:\program files\VSO
2009-05-10 02:53:10 0 dc----w- c:\program files\Combined Community Codec Pack
2009-05-10 02:51:56 77824 -c--a-w- c:\windows\system32\xvid.ax
2009-05-10 02:51:56 774144 -c--a-w- c:\windows\system32\xvidcore.dll
2009-05-10 02:51:56 180224 -c--a-w- c:\windows\system32\xvidvfw.dll
2009-05-10 02:40:18 719872 -c--a-w- c:\windows\system32\devil.dll
2009-05-10 02:40:18 196608 -c--a-w- c:\windows\system32\avisynth.dll
2009-05-10 02:40:18 0 dc----w- c:\program files\Kingdia Software
2009-05-09 11:02:52 0 dc----w- c:\program files\Ares
2009-05-06 02:47:10 0 dc----w- c:\program files\Yahoo!
2009-05-06 00:54:46 0 dc-h--w- c:\windows\PIF
2009-05-04 04:01:18 0 dc----w- c:\docume~1\admini~1\applic~1\Steinberg
2009-05-04 03:56:11 0 dc----w- c:\program files\Steinberg
2009-05-04 03:52:33 33792 -c--a-w- c:\windows\system32\drivers\cledx.sys
2009-05-04 03:52:21 147456 -c----w- c:\windows\system32\SynsoLChk.dll
2009-05-04 03:52:21 1261568 -c--a-w- c:\windows\system32\SYNSOACC.dll
2009-05-04 03:52:21 0 dc----w- c:\program files\Syncrosoft
2009-04-24 01:39:35 256 -c--a-w- c:\windows\system32\pool.bin
2009-04-24 01:38:42 0 dc----w- c:\docume~1\admini~1\applic~1\Research In Motion
2009-04-24 01:33:40 0 dc----w- c:\program files\common files\Sonic Shared
2009-04-24 01:33:39 0 dc----w- c:\program files\Roxio
2009-04-24 01:32:37 26496 -c--a-r- c:\windows\system32\drivers\RimSerial.sys
2009-04-24 01:31:57 0 dc----w- c:\program files\common files\Research In Motion
2009-04-24 01:31:56 0 dc----w- c:\program files\Research In Motion
2009-04-23 01:31:22 0 dc----w- c:\program files\ABBYY FineReader 6.0
2009-04-23 01:31:22 0 dc----w- c:\program files\ABBYY FineReader 5.0 Sprint
2009-04-23 01:30:55 0 dc----w- c:\program files\FaxTools
2009-04-23 01:28:52 236 -c--a-w- c:\windows\lexstat.ini
2009-04-23 01:28:49 76 -c--a-w- c:\windows\dellstat.ini
2009-04-23 01:26:18 25856 -c--a-w- c:\windows\system32\drivers\usbprint.sys
2009-04-23 01:26:18 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-04-21 00:44:10 60416 -c--a-w- c:\windows\ST4UNST.EXE
2009-04-21 00:44:10 37376 -c--a-w- c:\windows\system32\ven2232.olb
2009-04-21 00:40:45 0 dc----w- c:\program files\3CX VoIP Client
2009-04-19 05:06:47 0 dc----w- c:\program files\Talking Caller ID
2009-04-19 04:39:22 0 dc----w- c:\docume~1\alluse~1\applic~1\GrebleSoft
2009-04-18 19:30:46 0 dc----w- c:\windows\$CrystalSetup
2009-04-18 19:30:37 0 dc----w- C:\dell
2009-04-18 19:26:57 10624 -c--a-w- c:\windows\system32\drivers\gameenum.sys
2009-04-18 19:26:57 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2009-04-18 19:26:48 93952 -c--a-w- c:\windows\system32\drivers\cwcwdm.sys
2009-04-18 19:26:48 93952 -c--a-w- c:\windows\system32\dllcache\cwcwdm.sys
2009-04-18 19:26:25 3584 -c--a-w- c:\windows\system32\drivers\cwcos.sys
2009-04-18 19:26:25 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2009-04-18 19:26:25 111872 -c--a-w- c:\windows\system32\drivers\cwcspud.sys
2009-04-18 19:26:25 111872 -c--a-w- c:\windows\system32\dllcache\cwcspud.sys
2009-04-18 19:26:23 0 dc----w- c:\windows\cwcdata
2009-04-16 03:29:48 2560 -c----w- c:\windows\system32\xpsp4res.dll
2009-04-12 11:59:36 5632 -c--a-w- c:\windows\system32\ptpusb.dll
2009-04-12 11:59:35 159232 -c--a-w- c:\windows\system32\ptpusd.dll
2009-04-12 11:59:35 15104 -c--a-w- c:\windows\system32\drivers\usbscan.sys
2009-04-12 11:59:35 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-04-10 14:27:14 0 dc----w- c:\docume~1\admini~1\applic~1\TotalRecorder
2009-04-10 14:26:42 127496 -c--a-w- c:\windows\system32\drivers\TotRec7.sys
2009-04-10 14:26:41 61448 -c--a-w- c:\windows\system32\DrvTrNTm.dll
2009-04-10 14:26:41 106496 -c--a-w- c:\windows\system32\DrvTrNTl.dll
2009-04-10 14:26:41 0 dc----w- c:\program files\HighCriteria
2009-04-01 01:17:42 503808 -c--a-w- c:\windows\system32\MSVCP71.DLL
2009-04-01 01:17:42 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2009-04-01 01:17:42 1060864 -c--a-w- c:\windows\system32\MFC71.DLL
2009-04-01 01:17:35 0 dc----w- c:\program files\common files\Symantec Shared
2009-04-01 01:17:34 0 dc----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-04-01 01:08:39 0 dc----w- c:\program files\FastStone Photo Resizer
2009-03-29 04:02:24 0 dc----w- c:\program files\IrfanView3.99
2009-03-26 20:33:04 4248848 -c--a-w- c:\windows\system32\qtp-mt334.dll
2009-03-26 20:32:46 248592 -c--a-w- c:\windows\system32\prgiso.dll
2009-03-25 09:43:49 0 dc----w- c:\windows\Motive
2009-03-25 09:43:44 0 dc----w- c:\program files\BellSouth Application Management
2009-03-25 09:43:42 0 dc----w- c:\program files\BellSouth
2009-03-25 09:42:48 0 dc----w- c:\docume~1\alluse~1\applic~1\MotiveSysIDs
2009-03-24 23:56:19 87040 -c--a-w- c:\windows\system32\WebFlowIDPersist.dll
2009-03-24 23:56:19 37376 -c--a-w- c:\windows\system32\ReportReader.dll
2009-03-24 23:56:16 40448 -c--a-w- c:\windows\system32\BJAXSecurityManager.dll
2009-03-24 23:56:16 1073152 -c--a-w- c:\windows\system32\ActiveUtils.dll
2009-03-24 23:56:16 0 dc----w- c:\program files\common files\Motive
2009-03-24 23:56:15 327680 -c--a-w- c:\windows\system32\snmpaxctrl.dll
2009-03-24 23:56:14 86016 -c--a-w- c:\windows\system32\BJInstaller.dll
2009-03-24 23:56:14 73728 -c--a-w- c:\windows\system32\BinaryAggregator1.dll
2009-03-24 23:56:13 15733588 -c--a-w- C:\BellSouthIW.re~
2009-03-24 23:56:05 6345 -c--a-r- c:\windows\system32\DevMngr.vxd
2009-03-24 23:23:26 0 dc----w- c:\windows\system32\wbem\Repository
2009-03-24 23:16:18 0 dc----w- c:\program files\SigmaTel
2009-03-24 23:13:57 0 dc----w- c:\program files\MSXML 4.0
2009-03-24 23:12:46 0 dc----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2009-03-24 23:12:44 0 dc----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-03-24 23:12:43 0 dc----w- c:\program files\DAEMON Tools Lite
2009-03-24 23:07:04 0 dc----w- c:\documents and settings\administrator\rzr
2009-03-24 23:07:04 0 dc----w- c:\documents and settings\administrator\I LOVE LIFE
2009-03-24 23:07:04 0 dc----w- c:\documents and settings\administrator\Firefox
2009-03-24 00:08:26 30600 -c--a-w- c:\windows\system32\BMXStateBkp-{00000007-00000000-00000000-00001102-00000008-10211102}.rfx
2009-03-24 00:08:26 30600 -c--a-w- c:\windows\system32\BMXState-{00000007-00000000-00000000-00001102-00000008-10211102}.rfx
2009-03-24 00:08:26 29604 -c--a-w- c:\windows\system32\BMXCtrlState-{00000007-00000000-00000000-00001102-00000008-10211102}.rfx
2009-03-24 00:08:26 29604 -c--a-w- c:\windows\system32\BMXBkpCtrlState-{00000007-00000000-00000000-00001102-00000008-10211102}.rfx
2009-03-24 00:08:26 11564 -c--a-w- c:\windows\system32\DVCState-{00000007-00000000-00000000-00001102-00000008-10211102}.rfx
2009-03-24 00:08:26 1080 -c--a-w- c:\windows\system32\settingsbkup.sfm
2009-03-24 00:08:26 1080 -c--a-w- c:\windows\system32\settings.sfm
2009-03-24 00:07:55 4958588 -c----w- c:\windows\{00000007-00000000-00000000-00001102-00000008-10211102}.BAK
2009-03-24 00:06:16 4174814 -c----w- c:\windows\system32\CT4MGM.SF2
2009-03-24 00:06:10 4958588 -c--a-w- c:\windows\{00000007-00000000-00000000-00001102-00000008-10211102}.CDF
2009-03-23 22:58:40 0 dc----w- c:\program files\IDT(2)
2009-03-22 22:11:07 0 dc----w- c:\program files\GoldWave 5.20
2009-03-22 12:36:33 0 dc----w- c:\program files\IrfanView
2009-03-22 10:32:48 0 dc----w- c:\program files\ffdshow
2009-03-22 10:32:34 0 dc----w- c:\program files\AC3Filter
2009-03-22 10:32:29 0 dc----w- c:\program files\XviD
2009-03-22 10:32:09 0 dc----w- c:\program files\DivX
2009-03-21 12:15:42 0 dc----w- c:\program files\winLAME
2009-03-17 02:32:45 69 -c--a-w- c:\windows\NeroDigital.ini
2009-03-17 02:13:27 1024 -c--a-w- c:\documents and settings\administrator\.rnd
2009-03-17 02:11:53 0 dc----w- c:\program files\Nero
2009-03-17 02:11:53 0 dc----w- c:\docume~1\alluse~1\applic~1\Nero
2009-03-17 00:58:25 9799 -c--a-w- c:\windows\system32\RdCi1009.dll
2009-03-17 00:58:25 65794 -c--a-w- c:\windows\system32\drivers\Rdwm1009.sys
2009-03-17 00:58:25 57344 -c--a-w- c:\windows\system32\RDCP1009.CPL
2009-03-17 00:58:25 4088 -c--a-w- c:\windows\system32\Rd3t1009.DAT
2009-03-17 00:58:25 204800 -c--a-w- c:\windows\system32\RDDP1009.DAT
2009-03-17 00:58:25 0 dc----w- c:\program files\RdDrv001
2009-03-17 00:24:40 0 dc----w- c:\program files\Propellerhead
2009-03-17 00:18:54 0 dc----w- c:\docume~1\alluse~1\applic~1\Propellerhead Software
2009-03-17 00:18:53 0 dc----w- c:\docume~1\admini~1\applic~1\Propellerhead Software
2009-03-16 22:47:37 721904 -c--a-w- c:\windows\system32\drivers\sptd.sys
2009-03-16 22:47:34 0 dc----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
2009-03-16 04:30:43 0 dc----w- c:\docume~1\admini~1\applic~1\IDM
2009-03-16 04:30:43 0 dc----w- c:\docume~1\admini~1\applic~1\DMCache
2009-03-16 04:30:27 0 dc----w- c:\program files\Internet Download Manager
2009-03-15 20:43:09 0 dc----w- c:\program files\Sonique
2009-03-15 13:48:59 0 dc----w- C:\1 NTFS
2009-03-15 07:27:35 0 dc----w- c:\documents and settings\administrator\Propellerhead
2009-03-15 06:12:24 73344 -c--a-w- c:\windows\system32\fsproflt.exe
2009-03-15 06:12:23 43792 -c--a-w- c:\windows\system32\drivers\FSPFltd.sys
2009-03-15 06:12:23 0 dc----w- c:\program files\My Lockbox
2009-03-15 03:01:24 41984 -c----w- c:\windows\Ctregrun.exe
2009-03-15 03:01:23 90 -c--a-w- c:\windows\setuplog
2009-03-15 03:01:15 90112 -c----w- c:\windows\Updreg.EXE
2009-03-15 03:01:14 0 dc----w- c:\program files\Creative
2009-03-15 03:01:08 35 -c--a-r- c:\windows\system32\ctzapxx.ini
2009-03-15 03:01:08 2319 -c--a-r- c:\windows\system32\emaud.ini
2009-03-15 03:01:08 11776 -c--a-w- c:\windows\INRES.DLL
2009-03-15 03:01:08 0 dc----w- c:\windows\system32\Data
2009-03-15 03:00:58 0 dc----w- c:\program files\Creative Professional
2009-03-15 02:50:43 0 dc----w- C:\Driver Backup 3-14-2009-225035
2009-03-14 23:22:52 0 dc----w- c:\windows\system32\NtmsData
2009-03-14 23:20:35 0 dc----w- c:\program files\common files\Logitech
2009-03-08 02:19:42 0 dc----w- c:\program files\Active Data Recovery Software
2009-03-08 02:09:45 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-08 02:09:45 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 02:09:44 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-03-08 02:09:44 383488 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-08 02:09:44 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 02:09:44 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-03-08 02:09:43 991232 -c----w- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-08 02:09:43 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-08 02:09:40 6066176 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-03-07 22:03:31 0 dc----w- c:\program files\EASEUS
2009-03-07 21:45:39 0 dc----w- c:\windows\pss
2009-03-07 18:30:55 0 dc----w- c:\program files\Runtime Software
2009-03-07 17:40:26 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-07 17:40:13 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-07 17:40:10 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-07 17:39:44 301656 -c--a-w- c:\windows\system32\BtCoreIf.dll
2009-03-07 17:39:43 84496 -c--a-w- c:\windows\system32\KemXML.dll
2009-03-07 17:39:43 170512 -c--a-w- c:\windows\system32\kemutb.dll
2009-03-07 17:39:43 145936 -c--a-w- c:\windows\system32\KemUtil.dll
2009-03-07 17:39:43 117264 -c--a-w- c:\windows\system32\KemWnd.dll
2009-03-07 17:38:51 18772 -c--a-w- c:\windows\system32\nvapps.nvb
2009-03-07 17:38:16 0 dc----w- C:\NVIDIA
2009-03-07 17:35:59 53248 -c--a-w- c:\windows\system32\CSVer.dll
2009-03-07 17:35:35 0 dc----w- C:\nv_gf175.19_whql_xp32
2009-03-07 17:35:33 0 dc----w- C:\Logitech_setpoint460
2009-03-07 17:35:33 0 dc----w- C:\intel_pro1000_124_xp32
2009-03-07 17:35:33 0 dc----w- C:\intel_inf_9001008_office
2009-03-07 17:19:43 662288 -c--a-w- c:\windows\system32\MSCOMCT2.OCX
2009-03-07 17:19:43 427864 -c--a-w- c:\windows\system32\XceedZip.dll
2009-03-07 17:19:43 1686016 -c--a-w- c:\windows\system32\clinetsuitex6.ocx
2009-03-07 17:19:43 1071088 -c--a-w- c:\windows\system32\MSCOMCTL.OCX
2009-03-07 17:19:42 0 dc----w- c:\program files\Driver-Soft
2009-03-07 17:13:15 0 dc----w- c:\docume~1\admini~1\applic~1\Uniblue
2009-03-07 17:09:16 0 dc----w- c:\windows\system32\CatRoot_bak
2009-03-07 17:09:14 0 dc----w- c:\windows\system32\appmgmt
2009-03-07 17:08:35 0 dc----w- c:\windows\system32\LogFiles
2009-03-07 16:44:48 0 dc----w- c:\program files\PC Drivers HeadQuarters
2009-03-07 16:44:48 0 dc----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-03-07 11:27:05 0 dc----w- C:\Intel
2009-03-07 04:41:29 21504 -c--a-w- c:\windows\system32\hidserv.dll
2009-03-07 04:41:29 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-03-07 04:41:25 12160 -c--a-w- c:\windows\system32\drivers\mouhid.sys
2009-03-07 04:41:25 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-03-07 04:41:22 14592 -c--a-w- c:\windows\system32\drivers\kbdhid.sys
2009-03-07 04:41:22 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-03-07 04:20:47 10368 -c--a-w- c:\windows\system32\drivers\hidusb.sys
2009-03-07 04:20:47 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-03-07 04:20:36 32128 -c--a-w- c:\windows\system32\drivers\usbccgp.sys
2009-03-07 04:20:36 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-03-07 03:09:02 0 dc----w- c:\program files\LSI SoftModem
2009-03-07 03:05:54 0 dc----w- c:\program files\Windows Media Connect 2
2009-03-07 03:04:56 162159 -c--a-w- c:\windows\system32\nvapps.xml
2009-03-07 03:04:56 0 dc----w- c:\windows\nview
2009-03-07 03:04:55 446464 -c--a-w- c:\windows\system32\nvudisp.exe
2009-03-07 03:04:55 18070 -c--a-w- c:\windows\system32\nvdisp.nvu
2009-03-07 03:03:13 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-07 03:03:12 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-07 03:02:20 272128 -c----w- c:\windows\system32\drivers\bthport.sys
2009-03-07 03:02:20 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-03-07 02:58:42 26488 -c--a-w- c:\windows\system32\spupdsvc.exe
2009-03-07 02:58:42 0 dc----w- c:\windows\system32\PreInstall
2009-03-07 02:58:41 0 dc-h--w- c:\windows\$hf_mig$
2009-03-07 02:57:53 31768 -c--a-w- c:\windows\system32\wucltui.dll.mui
2009-03-07 02:57:53 23576 -c--a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-03-07 02:57:53 23576 -c--a-w- c:\windows\system32\wuapi.dll.mui
2009-03-07 02:57:53 18456 -c--a-w- c:\windows\system32\wuaueng.dll.mui
2009-03-07 02:57:53 0 dc----w- c:\windows\system32\SoftwareDistribution
2009-03-07 02:57:31 0 dcsh--w- c:\documents and settings\administrator\UserData
2009-03-07 02:54:30 446464 -c--a-w- c:\windows\system32\NVUNINST.EXE
2009-03-07 02:52:14 1904 -c----w- c:\windows\system32\SetupBD.din
2009-03-07 02:27:45 0 dc----w- c:\program files\Digital Media Reader
2009-03-07 02:27:16 0 dc----w- c:\windows\Downloaded Installations
2009-03-07 02:26:21 0 dc----w- c:\windows\system32\ReinstallBackups
2009-03-07 02:25:10 0 dc----w- c:\program files\AVerMedia
2009-03-07 02:19:23 0 dc----w- C:\cabs
2009-03-07 01:58:07 0 dcsh--w- c:\documents and settings\all users\DRM
2009-03-07 01:57:51 0 dc-h--w- c:\program files\WindowsUpdate
2009-03-07 01:57:16 0 dc----w- c:\program files\common files\MSSoap
2009-03-07 01:55:53 0 dc----w- c:\program files\Online Services
2009-03-07 01:55:47 0 dc----w- c:\program files\Messenger
2009-03-07 01:55:44 0 dc----w- c:\program files\MSN Gaming Zone
2009-03-07 01:55:10 0 dc----w- c:\program files\Windows NT
2004-01-01 13:50:26 0 dc----w- c:\program files\M-Audio
2004-01-01 00:29:15 0 dc----w- c:\program files\common files\ODBC
2004-01-01 00:29:12 0 dc----w- c:\program files\common files\SpeechEngines
2004-01-01 00:28:51 0 dc----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-11-09 18:56:10 158600 -c--a-w- c:\windows\system32\drivers\MAudioFastTrackPro.sys
2009-08-22 18:11:28 414272 -c--a-w- c:\windows\system32\DivXc32f.dll
2009-08-22 18:11:28 414272 -c--a-w- c:\windows\system32\DivXc32.dll
2009-08-22 18:11:24 33280 -c--a-w- c:\windows\system32\HUFFYUV.DLL
2009-06-16 14:36:30 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36:30 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09:37 1291264 -c--a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32:35 345600 -c--a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56:02 827392 -c----w- c:\windows\system32\wininet.dll
2009-04-29 04:55:56 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26:40 1847168 -c--a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51:25 585216 -c--a-w- c:\windows\system32\rpcrt4.dll
2009-04-03 09:01:00 638976 -c--a-w- c:\windows\system32\WibuCm32.dll
2009-04-03 09:01:00 561152 -c--a-w- c:\windows\system32\WibuCmWeb32.dll
2009-04-03 09:01:00 385024 -c--a-w- c:\windows\system32\WibuXpm4J32.dll
2009-04-03 09:01:00 143360 -c--a-w- c:\windows\system32\wibucmJNI.dll
2009-03-07 01:56:10 21640 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-03-06 15:57:30 83448 -c--a-w- c:\windows\system32\CddbLangJA.dll
2009-03-06 15:57:30 808440 -c--a-w- c:\windows\system32\CDDBUI.dll
2009-03-06 15:57:30 796152 -c--a-w- c:\windows\system32\CDDBControl.dll
2009-03-06 15:57:30 108024 -c--a-w- c:\windows\system32\CddbLangIT.dll
2009-03-06 15:57:30 103928 -c--a-w- c:\windows\system32\CddbLangNL.dll
2009-03-06 15:57:30 103928 -c--a-w- c:\windows\system32\CddbLangFR.dll
2009-03-06 15:57:30 103928 -c--a-w- c:\windows\system32\CddbLangES.dll
2009-03-06 15:57:30 103928 -c--a-w- c:\windows\system32\CddbLangDE.dll
2009-03-06 14:22:18 284160 -c--a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10:49 729088 -c--a-w- c:\windows\system32\lsasrv.dll
2009-02-09 12:10:48 714752 -c--a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10:48 617472 -c--a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10:48 473600 -c--a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10:48 453120 -c--a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10:48 401408 -c----w- c:\windows\system32\rpcss.dll
2009-02-06 11:11:05 110592 -c----w- c:\windows\system32\services.exe
2009-02-06 11:06:41 2145280 -c----w- c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39:08 35328 -c--a-w- c:\windows\system32\sc.exe
2009-02-06 10:32:56 2023936 -c----w- c:\windows\system32\ntkrnlpa.exe
2009-02-06 10:10:02 227840 -c--a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-02-03 19:59:07 56832 -c--a-w- c:\windows\system32\secur32.dll
2008-12-16 12:30:34 354304 -c--a-w- c:\windows\system32\winhttp.dll
2008-12-12 16:18:16 87336 -c--a-w- c:\windows\system32\dns-sd.exe
2008-12-12 16:11:46 65536 -c--a-w- c:\windows\system32\jdns_sd.dll
2008-12-12 16:11:46 61440 -c--a-w- c:\windows\system32\dnssd.dll
2008-12-11 10:57:09 333952 -c--a-w- c:\windows\system32\drivers\srv.sys
2008-12-05 06:54:55 144896 -c--a-w- c:\windows\system32\schannel.dll
2008-10-30 01:43:44 1204128 -c--a-w- c:\windows\system32\drivers\AGRSM.sys
2008-10-24 11:21:09 455296 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36:14 286720 -c--a-w- c:\windows\system32\gdi32.dll
2008-10-16 19:12:20 561688 -c--a-w- c:\windows\system32\wuapi(2)(2).dll
2008-10-16 19:08:58 34328 -c--a-w- c:\windows\system32\wups(2)(2).dll
2008-10-03 10:02:42 247326 -c--a-w- c:\windows\system32\strmdll.dll
2008-09-30 20:43:34 1286152 -c--a-w- c:\windows\system32\msxml4.dll
2008-09-26 20:13:08 55816 -c--a-w- c:\windows\agrsmdel.exe
2008-09-12 10:44:38 206256 -c--a-w- c:\windows\system32\idmmbc.dll
2008-09-10 01:14:56 1307648 -c--a-w- c:\windows\system32\msxml6.dll
2008-09-06 04:29:58 917032 -c--a-w- c:\windows\system32\WgaTray.exeold.exe
2008-09-04 17:15:04 1106944 -c--a-w- c:\windows\system32\msxml3.dll
2008-08-26 19:32:48 13824 -c--a-w- c:\windows\system32\agrscoin.dll
2008-08-14 10:04:36 138496 -c--a-w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:26:58 253952 -c----w- c:\windows\system32\es.dll
2008-06-24 23:12:58 295936 -c----w- c:\windows\system32\wmpeffects.dll
2008-06-24 20:06:56 972072 -c--a-w- c:\windows\UNNeroMediaHome.exe
2008-06-24 16:43:16 74240 -c--a-w- c:\windows\system32\mscms.dll
2008-06-20 17:46:57 245248 -c----w- c:\windows\system32\mswsock.dll
2008-06-20 11:51:12 361600 -c----w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08:27 225856 -c--a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-18 10:03:08 938496 -c--a-w- c:\windows\system32\WMNetmgr.dll
2008-06-18 06:09:22 100864 -c--a-w- c:\windows\system32\logagent.exe
2008-06-12 14:23:32 956928 -c--a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23:32 91648 -c--a-w- c:\windows\system32\mtxoci.dll
2008-06-12 14:23:32 66560 -c--a-w- c:\windows\system32\mtxclu.dll
2008-06-12 14:23:32 58880 -c--a-w- c:\windows\system32\msdtclog.dll
2008-06-12 14:23:32 428032 -c--a-w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:23:32 161792 -c--a-w- c:\windows\system32\msdtcuiu.dll
2008-06-08 13:37:56 132904 -c--a-w- c:\windows\system32\drivers\imagesrv.sys
2008-06-08 13:37:46 11304 -c--a-w- c:\windows\system32\drivers\imagedrv.sys
2008-06-07 18:54:28 84752 -c--a-w- c:\windows\system32\drivers\NetBurn.sys
2008-06-07 18:53:04 33072 -c--a-w- c:\windows\system32\drivers\UimBus.sys
2008-06-07 18:53:04 217152 -c--a-w- c:\windows\system32\drivers\UimFIO.sys
2008-06-07 18:53:04 130688 -c--a-w- c:\windows\system32\drivers\Uim_IM.sys
2008-06-07 18:53:02 13576 -c--a-w- c:\windows\system32\wnaspi32.dll
2008-06-06 18:54:26 95600 -c--a-w- c:\windows\system32\NeroCo.dll
2008-06-06 18:54:16 972072 -c--a-w- c:\windows\UNRecode.exe
2008-05-09 10:53:40 90112 -c--a-w- c:\windows\system32\wshext.dll
2008-05-09 10:53:40 430080 -c--a-w- c:\windows\system32\vbscript.dll
2008-05-09 10:53:40 172032 -c--a-w- c:\windows\system32\scrrun.dll
2008-05-09 10:53:39 180224 -c--a-w- c:\windows\system32\scrobj.dll
2008-05-08 14:02:52 203136 -c--a-w- c:\windows\system32\drivers\rmcast.sys
2008-05-08 11:24:44 155648 -c--a-w- c:\windows\system32\wscript.exe
2008-05-07 09:07:23 135168 -c--a-w- c:\windows\system32\cscript.exe
2008-04-14 10:43:22 40840 -c--a-w- c:\windows\system32\drivers\termdd.sys
2008-04-14 10:41:58 4096 -c--a-w- c:\windows\system32\ksuser.dll
2008-04-14 05:49:42 146048 -c--a-w- c:\windows\system32\drivers\portcls.sys
2008-04-14 05:47:20 83072 -c--a-w- c:\windows\system32\drivers\wdmaud.sys
2008-04-14 05:46:38 141056 -c--a-w- c:\windows\system32\drivers\ks.sys
2008-04-14 05:45:56 60800 -c--a-w- c:\windows\system32\drivers\sysaudio.sys
2008-04-14 05:42:08 74752 -c--a-w- c:\windows\system32\storprop.dll
2008-04-14 05:15:38 59520 -c--a-w- c:\windows\system32\drivers\usbhub.sys
2008-04-14 05:15:38 143872 -c--a-w- c:\windows\system32\drivers\usbport.sys
2008-04-14 05:15:36 30208 -c--a-w- c:\windows\system32\drivers\usbehci.sys
2008-04-14 05:15:36 20608 -c--a-w- c:\windows\system32\drivers\usbuhci.sys

============= FINISH: 8:50:06.54 ===============


here's the attach log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/6/2009 9:00:30 PM
System Uptime: 1/4/2004 12:18:48 AM (8 hours ago)

Motherboard: Intel Corporation | | D945GCF
Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | LGA 775 | 1999/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 2.438 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 9.642 GiB free.
F: is FIXED (NTFS) - 1397 GiB total, 975.293 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48B81043&REV_00\4&30224E63&0&00E3
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48B81043&REV_00\4&30224E63&0&00E3
Service:

Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Device ID: PCI\VEN_104C&DEV_8020&SUBSYS_00000000&REV_00\4&1E46F438&0&28F0
Manufacturer: Texas Instruments
Name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
PNP Device ID: PCI\VEN_104C&DEV_8020&SUBSYS_00000000&REV_00\4&1E46F438&0&28F0
Service: ohci1394

==== System Restore Points ===================

RP63: 5/3/2010 5:47:31 PM - Unsigned driver install
RP64: 5/3/2010 5:59:32 PM - Unsigned driver install
RP65: 5/4/2010 10:08:55 AM - Update to an unsigned driver
RP66: 1/1/2004 4:53:09 AM - System Checkpoint
RP67: 1/1/2004 8:49:29 AM - Removed M-Audio FastTrackPro Driver 6.0.2 (x86)
RP68: 1/1/2004 8:50:24 AM - Installed M-Audio FastTrackPro Driver 6.0.2 (x86)

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint
Acrobat.com
Active@ Partition Recovery Enterprise
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
aiofw
aioprnt
aioscnnr
Antares Auto-Tune Evo VST
Antares Autotune VST v5.09
Ares 2.1.1
ARP2600 V2 2.0
Arturia Arp2600 V VSTi RTAS v1.6
Arturia CS-80V v1.6
AudioEase Speakersphone VST RTAS v1.03
Authorizer 1.0
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.0.5
BellSouth Application Management
BlackBerry Desktop Software 4.3
BlackBerry Device Software v4.5.0 for the BlackBerry 8100 smartphone
Bonjour
Brass 2.0.1
CDDRV_Installer
center
CodeMeter Runtime Kit v4.01
ConvertHelper 2.2
Critical Update for Windows Media Player 11 (KB959772)
CS-80V2 2.0
Digidesign Free Bomb Factory Plug-Ins 7.4
Digidesign Pro Tools M-Powered 7.4
Digidesign Shared Plug-Ins 7.4
Digital Media Reader
DivX 4.11 Codec
Driver Genius Professional Edition
E-MU USB Audio
EASEUS Data Recovery Wizard Professional 3.3.4
EASEUS Data Recovery Wizard Professional 4.3.6
eLicenser Control
FastStone Photo Resizer 2.7
FaxTools
Free 3GP Video Converter version 3.2
Free FLV Converter V 6.6.3
FXpansion DR-008 v1.10
FXpansion DR-008 v1.21
Garritan Personal Orchestra
GetDataBack for FAT and GetDataBack for NTFS
GetDataBack for NTFS
GoldWave v5.51
Google Talk (remove only)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Huffyuv AVI lossless video codec (Remove Only)
IL Vocodex
Intel® Network Connections 12.4.38.0
Internet Download Manager
IsoBuster 2.2
Java™ 6 Update 16
Jupiter-8V2 2.0
KhalInstallWrapper
KODAK AiO Home Center
KORG Legacy Collection - DIGITAL EDITION
KORG Legacy Collection - DIGITAL EDITION RTAS
KORG Legacy Collection - DIGITAL EDITION VST
ksDIP
Logitech SetPoint
Logitech Updater
LUXONIX Purity
M-Audio FastTrackPro Driver 6.0.2 (x86)
Malwarebytes' Anti-Malware
Mega Manager
Melodyne plugin
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
minimoog V2 2.0
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
My Lockbox 1.3 for Windows 2000/XP
Native Instruments Absynth 5
Native Instruments FM8
Native Instruments Massive
Native Instruments Pro-53
Native Instruments Traktor DJ Studio 3
Nero 8 Ultra Edition HD
neroxml
NVIDIA Drivers
OrangeVocoder v2.0-OxYGeN
Paragon Drive Backupô 9 Professional
Paragon Partition Managerô 9.5 Professional
PreReq
Prophet-V2 2.0
Rapture 1.1
RAR Password Recovery Magic v6.1.1.21
Reason 4.0
Record 1.0
reFX Vanguard 1.7.2
Roxio Media Manager
Seagate Manager Installer
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SigmaTel Audio
Sonik Synth 2
Sonique
Spybot - Search & Destroy
Steinberg HALion VSTi DXi v3.5
Steinberg Hypersonic 2
Tracktion 3.0.2.6
Uninstall 1.0.0.1
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoGet
VobSub v2.05 (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
winLAME prerelease4
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/5/2010 5:16:26 AM, error: Service Control Manager [7034] - The CodeMeter Runtime Server service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:16:23 AM, error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:16:18 AM, error: Service Control Manager [7034] - The E-MU Audio Service service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:16:10 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:16:02 AM, error: Service Control Manager [7034] - The Nero BackItUp Scheduler 3 service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:15:57 AM, error: Service Control Manager [7034] - The Net Burner iSCSI Service service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:15:47 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ohci1394
4/5/2010 5:15:47 AM, error: Service Control Manager [7001] - The Kodak AiO Network Discovery Service service depends on the Bonjour Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/5/2010 5:15:47 AM, error: Service Control Manager [7000] - The Nsynas32 service failed to start due to the following error: The system cannot find the file specified.
4/4/2010 5:57:42 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
4/4/2010 5:19:01 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll. Reference error message: The operation completed successfully. .
4/4/2010 5:19:01 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\msa.dll. Reference error message: The operation completed successfully. .
4/4/2010 5:19:01 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll" on line 9.
4/4/2010 5:19:01 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Common Files\Nero\AudioPlugins\msa.dll" on line 9.
4/30/2010 4:42:19 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215974 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
4/29/2010 9:20:03 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215972 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
4/22/2010 9:20:00 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215970 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
4/19/2010 1:47:39 AM, error: Service Control Manager [7034] - The Digidesign MME Refresh Service service terminated unexpectedly. It has done this 1 time(s).
4/15/2010 9:21:15 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215968 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
4/14/2010 7:15:03 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215964 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.197.32:123) is working properly.
3/4/2010 6:54:52 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215214 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.197.32:123) is working properly.
3/31/2010 1:40:58 PM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 5 time(s).
3/3/2010 10:43:09 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +172779 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.197.32:123) is working properly.
3/29/2010 9:11:52 AM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 4 time(s).
3/28/2010 9:01:28 AM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 3 time(s).
3/26/2010 9:05:01 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215958 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.197.32:123) is working properly.
3/24/2010 9:53:49 AM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 2 time(s).
3/22/2010 6:05:08 PM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
3/18/2010 7:53:21 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215962 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
3/11/2010 6:53:20 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215959 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.197.32:123) is working properly.
2/26/2010 6:05:12 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +172780 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The FSPro Filter Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:13 AM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
2/19/2010 6:05:03 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +172784 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
2/18/2010 12:46:23 PM, error: System Error [1003] - Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.
2/18/2010 12:46:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

==== End Of File ===========================


thanks

BC AdBot (Login to Remove)

 


#2 goodie2010

goodie2010
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 13 May 2010 - 06:51 AM

Any help please? I really need my computer and whatever rootkit is on it is preventing me from doing many important things. Thanks

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:05 PM

Posted 13 May 2010 - 11:01 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 goodie2010

goodie2010
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 13 May 2010 - 06:33 PM

OTL logfile created on: 1/5/2004 6:55:54 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 2.34 Gb Free Space | 0.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 9.64 Gb Free Space | 2.07% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 975.29 Gb Free Space | 69.80% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CS-B883B7E3273E
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = All Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/31 06:12:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/11/09 13:56:38 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/04/03 04:01:00 | 001,680,704 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2008/12/04 20:23:43 | 002,745,776 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2008/10/23 10:36:52 | 000,073,344 | ---- | M] (FSPro Labs) -- C:\WINDOWS\system32\fsproflt.exe
PRC - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/05/01 22:05:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/18 08:01:01 | 000,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2007/10/30 23:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2004/01/05 06:55:15 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\OTL_2.exe
PRC - [2004/01/05 06:39:00 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


========== Modules (SafeList) ==========

MOD - [2008/05/01 22:05:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/01/05 06:55:15 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\OTL_2.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/04/03 04:01:00 | 001,680,704 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2008/10/23 10:36:52 | 000,073,344 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\WINDOWS\system32\fsproflt.exe -- (fsproflt)
SRV - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/07 13:54:28 | 000,223,248 | ---- | M] (Paragon GmbH) [Auto | Stopped] -- C:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe -- (NetBurnerService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/11/26 14:10:08 | 000,020,992 | ---- | M] (E-MU Systems) [Auto | Stopped] -- C:\WINDOWS\system32\emaudsv.exe -- (emaudsv)
SRV - [2007/10/30 23:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2007/10/30 23:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2006/11/02 15:39:26 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/01/07 23:03:37 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/09 13:56:10 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2009/08/04 17:56:26 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2009/01/26 17:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 17:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/10/29 20:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/27 21:51:34 | 000,127,496 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2008/06/07 13:54:28 | 000,084,752 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NetBurn.sys -- (NetBurn)
DRV - [2008/06/07 13:53:04 | 000,130,688 | ---- | M] (Paragon Software Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2008/06/07 13:53:04 | 000,033,072 | ---- | M] (Paragon Software Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2008/06/05 17:37:54 | 000,043,792 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\FSPFltd.sys -- (FSProFilter)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/05/01 22:05:20 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/05/01 22:05:20 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/14 00:10:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) Crystal SoundFusion™
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/11/26 14:14:54 | 000,163,352 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emusba10.sys -- (emusba10)
DRV - [2006/12/08 21:50:28 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/11/02 15:39:42 | 000,812,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/06/03 13:36:16 | 000,065,794 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rdwm1009.sys -- (RDID1009)
DRV - [2005/05/09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2002/11/25 04:46:16 | 000,016,896 | ---- | M] (Syncrosoft GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2001/08/17 11:19:48 | 000,093,952 | ---- | M] (Crystal Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cwcwdm.sys -- (cwcwdm) Crystal SoundFusion™
DRV - [2001/08/17 11:19:36 | 000,111,872 | ---- | M] (Crystal Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cwcspud.sys -- (cwcspud) Crystal SoundFusion™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.10
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:5.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 06:12:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 06:12:22 | 000,000,000 | ---D | M]

[2009/03/14 22:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/04 08:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions
[2009/08/08 11:21:14 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/03/18 02:06:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/21 04:06:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/18 02:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/05/15 11:51:47 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/03/18 02:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\SkipScreen@SkipScreen
[2009/08/08 11:00:57 | 000,002,145 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\searchplugins\yahoo-search.xml
[2010/05/04 08:52:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/14 19:41:45 | 000,000,000 | ---D | M] (VideoGet FireFox extension) -- C:\Program Files\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}

O1 HOSTS File: ([2010/02/20 01:25:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1236394652509 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/06 20:58:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/05 07:17:10 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{8770086d-883d-11de-a75b-00183a316294}\Shell - "" = AutoRun
O33 - MountPoints2\{8770086d-883d-11de-a75b-00183a316294}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8770086d-883d-11de-a75b-00183a316294}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within All Days ==========

[2010/05/03 16:47:39 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010/05/03 08:39:10 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010/05/03 08:39:10 | 000,581,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WinUSBCoInstaller.dll
[2010/05/03 07:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\android-sdk-windows
[2010/05/03 06:14:02 | 000,000,000 | ---D | C] -- C:\N1
[2010/05/03 06:11:17 | 000,000,000 | ---D | C] -- C:\android-sdk-windows
[2010/05/03 06:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\.android
[2010/05/03 05:35:14 | 000,096,256 | ---- | C] (Google, inc) -- C:\AdbWinApi.dll
[2010/05/03 05:35:14 | 000,060,928 | ---- | C] (Google, inc) -- C:\AdbWinUsbApi.dll
[2010/05/03 05:24:33 | 000,000,000 | ---D | C] -- C:\superboot
[2010/05/03 04:46:35 | 000,000,000 | ---D | C] -- C:\fastboot
[2010/04/29 23:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tracktion 3
[2010/04/29 23:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tracktion 3
[2010/04/29 23:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\give it up
[2010/04/26 05:33:19 | 000,090,112 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2010/04/24 19:16:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/24 12:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\wgfhrgevm
[2010/04/24 12:09:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/04/24 12:00:44 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2010/04/24 12:00:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/24 12:00:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/24 12:00:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/24 12:00:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/24 11:31:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/04/24 10:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\eLicenser
[2010/04/24 10:47:48 | 000,000,000 | ---D | M] -- C:\Program Files\Syncrosoft
[2010/04/22 21:01:07 | 000,000,000 | ---D | M] -- C:\Program Files\Arturia
[2010/04/22 20:57:50 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70d.dll
[2010/04/22 20:57:50 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70d.dll
[2010/04/22 20:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Antares
[2010/04/22 20:22:56 | 000,000,000 | ---D | M] -- C:\Program Files\Antares Audio Technologies
[2010/04/22 20:03:25 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\KORG
[2010/04/22 20:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/04/22 20:00:38 | 000,000,000 | ---D | M] -- C:\Program Files\KORG
[2010/04/22 19:45:16 | 000,016,896 | ---- | C] (Syncrosoft GmbH) -- C:\WINDOWS\System32\drivers\synasUSB.sys
[2010/04/22 09:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MelodynePlugin
[2010/04/22 09:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2010/04/22 08:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\trial
[2010/04/22 08:51:29 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/04/22 08:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Identities
[2010/04/22 08:50:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Documents
[2010/04/22 08:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Audio Ease
[2010/04/22 08:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eLicenser
[2010/04/22 08:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Cakewalk
[2010/04/22 08:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/04/22 08:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arturia
[2010/04/22 07:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\Native Instruments
[2010/04/22 07:38:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
[2010/04/22 07:28:41 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Native Instruments
[2010/04/22 07:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audio Ease
[2010/04/22 07:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\Audio Ease
[2010/04/22 07:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Ease
[2010/04/22 05:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2010/04/22 05:45:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}
[2010/04/22 05:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Native Instruments
[2010/04/22 05:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Traktor3
[2010/04/22 05:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temporary
[2010/04/22 05:20:34 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Celemony
[2010/04/22 05:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\Celemony
[2010/04/22 05:20:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/04/22 05:13:40 | 001,777,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2010/04/22 05:07:52 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2010/04/21 20:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\tr3
[2010/04/21 19:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\tr2
[2010/04/21 18:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\tr
[2010/04/21 06:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2010/04/21 06:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\Free FLV Converter
[2010/04/21 04:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\dwhelper
[2010/04/21 04:10:01 | 000,000,000 | ---D | M] -- C:\Program Files\ConvertHelper
[2010/04/19 08:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\13
[2010/04/19 08:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\12
[2010/04/19 00:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\11
[2010/04/19 00:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FXpansion
[2010/04/19 00:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\bdf
[2010/04/19 00:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\New Folder (2)
[2010/04/19 00:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Digidesign
[2010/04/19 00:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\kwasi
[2010/04/19 00:28:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/04/19 00:28:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\7v7mN9FuX
[2010/04/19 00:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FXpansion
[2010/04/19 00:28:09 | 000,000,000 | ---D | C] -- C:\Digidesign Databases
[2010/04/19 00:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/04/19 00:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy
[2010/04/19 00:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/04/19 00:12:00 | 000,016,384 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\DigiFilt.sys
[2010/04/19 00:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Digidesign
[2010/04/19 00:10:29 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010/04/19 00:10:27 | 000,630,784 | ---- | C] (PACE Anti-Piracy) -- C:\WINDOWS\System32\ilinet.dll
[2010/04/19 00:10:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Digidesign
[2010/04/19 00:10:19 | 003,683,014 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\DirectIO.dll
[2010/04/19 00:10:19 | 000,659,456 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\DSI.dll
[2010/04/19 00:10:19 | 000,270,336 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2010/04/19 00:10:19 | 000,090,112 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\WinMMFix.dll
[2010/04/19 00:10:19 | 000,015,872 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\digicoin.dll
[2010/04/18 17:44:25 | 000,000,000 | ---D | M] -- C:\Program Files\FXpansion
[2010/04/18 08:36:32 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/04/18 08:36:32 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/04/17 05:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2010/04/07 19:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Professional
[2010/04/05 04:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\4
[2010/04/02 04:37:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\DRM
[2010/02/20 01:34:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Local Settings
[2010/02/20 01:23:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/18 11:55:50 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/02/12 19:35:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/12 19:33:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/12 19:31:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/12 18:15:02 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/12 08:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\NEXUS SD OFFICIAL
[2010/02/12 08:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\NEXUS SD
[2010/02/07 18:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/01/31 13:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/24 07:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\LUXONIX
[2010/01/24 06:01:17 | 000,000,000 | ---D | M] -- C:\Program Files\Sonik Synth 2
[2010/01/24 05:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\Garritan Personal Orchestra
[2010/01/23 20:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Native Instruments
[2010/01/23 20:43:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
[2010/01/23 20:30:46 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\SendTo
[2010/01/23 20:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Projects
[2010/01/23 18:05:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\vocoder
[2010/01/08 19:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\FXpansion DR-008 v1.21
[2010/01/08 18:59:59 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msvcrtd.dll
[2010/01/08 18:59:58 | 000,000,000 | ---D | M] -- C:\Program Files\Steinberg
[2010/01/07 23:07:52 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2010/01/07 22:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steinberg
[2010/01/07 22:48:52 | 001,177,600 | ---- | C] (AD) -- C:\WINDOWS\System32\SYNSOEMU.DLL
[2010/01/07 22:47:26 | 000,000,000 | ---D | M] -- C:\Program Files\rgcaudio software
[2010/01/07 21:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
[2010/01/04 20:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Spectrasonics
[2010/01/04 20:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\omni
[2010/01/04 18:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/01/03 17:48:04 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Symantec Shared
[2010/01/03 16:51:22 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/01/03 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/01/03 10:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OmniUp104f
[2010/01/03 09:30:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spectrasonics

#5 goodie2010

goodie2010
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 13 May 2010 - 06:36 PM

========== Files Created - No Company Name ==========

[2010/05/03 16:48:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2010/05/03 16:47:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/05/03 05:35:14 | 002,530,671 | ---- | C] () -- C:\adb.exe
[2010/05/03 05:35:14 | 000,994,279 | ---- | C] () -- C:\fastboot.exe
[2010/04/29 23:10:36 | 001,544,149 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\give it up Edit 3 Export 1.mp3
[2010/04/29 21:33:48 | 001,929,992 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\as the world turns.mp3
[2010/04/29 21:33:45 | 001,635,236 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\just floating.mp3
[2010/04/29 21:33:41 | 001,868,078 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\teardrops and sad songs.mp3
[2010/04/29 08:03:48 | 001,573,909 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\my sunshine.mp3
[2010/04/29 08:03:45 | 001,702,175 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\every nite.mp3
[2010/04/29 08:03:42 | 001,447,261 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\thinkn back.mp3
[2010/04/29 08:03:38 | 001,945,171 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cheap thrills.mp3
[2010/04/29 08:03:34 | 001,902,748 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\time machines and lost dreams.mp3
[2010/04/29 08:03:30 | 001,587,123 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\all over her.mp3
[2010/04/28 23:31:33 | 001,767,190 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\the mission.mp3
[2010/04/28 23:31:29 | 001,913,588 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\march and salute.mp3
[2010/04/28 23:31:25 | 002,048,650 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\whiter than .mp3
[2010/04/28 23:31:21 | 002,453,276 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\my life in the spotlight.mp3
[2010/04/28 23:31:16 | 002,558,550 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\a million.mp3
[2010/04/28 23:31:13 | 001,707,475 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\visions.mp3
[2010/04/26 01:56:04 | 001,273,565 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\we do it big.mp3
[2010/04/26 01:55:59 | 001,437,200 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\where world's part.mp3
[2010/04/25 07:35:59 | 001,407,155 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hey.mp3
[2010/04/25 07:35:56 | 001,561,390 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\gleemn.mp3
[2010/04/25 07:35:52 | 001,364,418 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\I hope to see u again (c u when).mp3
[2010/04/25 07:35:49 | 001,655,857 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\always hood.mp3
[2010/04/25 07:35:46 | 001,562,121 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\a better world.mp3
[2010/04/24 22:46:12 | 001,492,391 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\da juice.mp3
[2010/04/24 22:46:09 | 001,578,885 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\dey back.mp3
[2010/04/24 22:46:06 | 001,529,915 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\show it off.mp3
[2010/04/24 12:00:03 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/24 12:00:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/24 12:00:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/24 12:00:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/24 12:00:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/24 10:39:04 | 001,636,407 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\run with me.mp3
[2010/04/24 10:39:00 | 001,619,682 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ya'll know da clique.mp3
[2010/04/24 10:38:56 | 001,574,671 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\faces and places i've seen before.mp3
[2010/04/24 10:38:53 | 001,367,642 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\nights on the avenue.mp3
[2010/04/23 01:42:44 | 002,400,054 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\thik3.bmp
[2010/04/22 20:00:46 | 000,001,888 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WAVESTATION.lnk
[2010/04/22 20:00:46 | 000,001,888 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\M1.lnk
[2010/04/22 19:45:17 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2010/04/22 19:45:17 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2010/04/22 19:45:17 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2010/04/22 19:45:07 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2010/04/22 09:28:37 | 000,003,090 | ---- | C] () -- C:\Documents and Settings\Administrator\trk.ens
[2010/04/22 07:38:30 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Absynth 5.lnk
[2010/04/22 07:20:37 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\libencdec.dll
[2010/04/22 05:51:25 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2010/04/22 05:48:59 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010/04/22 05:48:14 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFDCA54
@Alternate Data Stream - 1370 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:xmRjVt9jAbISSI8bMTLMyWA
@Alternate Data Stream - 1337 bytes -> C:\Documents and Settings\Administrator\Local Settings\Application Data\7v7mN9FuX:1zpaE23YU1Ad6bmatVT30F
@Alternate Data Stream - 1255 bytes -> C:\Documents and Settings\Administrator\Cookies:5pBINP9c2cnYSafbON1dvwLWy
@Alternate Data Stream - 1177 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:09C10Krz0rYGpkCjcADMLfsGVn
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Administrator\Cookies:TBsddKKi947kAc3DyUWB
< End of report >

#6 goodie2010

goodie2010
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 13 May 2010 - 06:40 PM

since i couldn't run gmer, i decided to do a hijackthis, you have to excuse this posting, my browser has froze 3 times, making me retype and my computer is acting real buggy. thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:43:38 AM, on 1/5/2004
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\fsproflt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\OTL_2.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236394652509
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\WINDOWS\system32\emaudsv.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 8440 bytes


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:05 PM

Posted 14 May 2010 - 06:03 AM

Could you please try to run GMER with only the Sections option checked and post the resulting log?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 goodie2010

goodie2010
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 14 May 2010 - 10:38 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2004-01-05 23:41:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgpiyaod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + C72 8054172A 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 2BE 80545C7E 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...]
.text ntkrnlpa.exe!KiDispatchInterrupt + 2D6 80545C96 1 Byte [00]
.text ntkrnlpa.exe!RtlPrefetchMemoryNonTemporal 80546684 1 Byte [90]
.text hal.dll!HalBeginSystemInterrupt + 996 806E78FE 5 Bytes [A0, 6E, 80, 02, 03] {MOV AL, [0x302806e]}
.text hal.dll!HalBeginSystemInterrupt + 99E 806E7906 33 Bytes [24, A7, 06, 32, 1D, 05, 88, ...]
.text hal.dll!HalBeginSystemInterrupt + 9C0 806E7928 9 Bytes [61, 40, 28, 08, 32, 12, B2, ...]
.text hal.dll!HalBeginSystemInterrupt + 9CC 806E7934 13 Bytes [01, 01, 06, 32, 9F, 4B, 48, ...] {ADD [ECX], EAX; PUSH ES; XOR BL, [EDI+0x49e484b]; AND AL, 0xa4; DAA }
.text hal.dll!HalBeginSystemInterrupt + 9DD 806E7945 1 Byte [10]
.text ...
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xBA721794]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8E89360, 0x37388D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

UPX1 C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\gmer.exe[704] C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\gmer.exe entry point in "UPX1" section [0x004B3F40]
.petite C:\Program Files\Sonique\sqstart.exe[1392] C:\Program Files\Sonique\sqstart.exe entry point in ".petite" section [0x0041110B]
.petite C:\Program Files\Sonique\sqstart.exe[1392] C:\Program Files\Sonique\sqstart.exe unknown last code section [0x00411000, 0x187D, 0xE2000060]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3484] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- EOF - GMER 1.0.15 ----


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:05 PM

Posted 14 May 2010 - 11:27 AM

Hello again,

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 goodie2010

goodie2010
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 14 May 2010 - 12:36 PM

ComboFix 10-05-13.04 - Administrator 01/06/2004 1:13.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1712 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\pcouffin.sys
c:\windows\system\WINSPOOL.DRV
F:\Autorun.inf

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
((((((((((((((((((((((((( Files Created from 2003-12-06 to 2004-01-06 )))))))))))))))))))))))))))))))
.

2010-05-03 21:47 . 2008-03-21 17:57 14640 -c----w- c:\windows\system32\spmsgXP_2k3.dll
2010-05-03 13:39 . 2010-05-03 13:39 581192 -c--a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-05-03 13:39 . 2010-05-03 13:39 1112288 -c--a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-05-03 11:14 . 2010-05-03 11:39 -------- dc----w- C:\N1
2010-05-03 11:11 . 2010-02-09 15:36 -------- dc----w- C:\android-sdk-windows
2010-05-03 10:35 . 2010-01-07 16:42 96256 -c--a-w- C:\AdbWinApi.dll
2010-05-03 10:35 . 2010-01-07 16:42 60928 -c--a-w- C:\AdbWinUsbApi.dll
2010-05-03 10:35 . 2010-01-07 16:42 2530671 -c--a-w- C:\adb.exe
2010-05-03 10:35 . 2010-01-07 16:42 994279 -c--a-w- C:\fastboot.exe
2010-05-03 10:24 . 2010-05-04 14:01 -------- dc----w- C:\superboot
2010-05-03 10:05 . 2010-05-03 11:09 -------- dc----w- c:\documents and settings\Administrator\.android
2010-05-03 09:46 . 2010-01-04 00:22 -------- dc----w- C:\fastboot
2010-04-26 10:33 . 2006-11-02 20:39 90112 -c--a-w- c:\windows\system32\stacsv.exe
2010-04-24 16:31 . 2010-04-24 17:15 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\wgfhrgevm
2010-04-23 01:57 . 2002-01-05 15:16 737280 -c--a-w- c:\windows\system32\msvcp70d.dll
2010-04-23 01:57 . 2002-01-05 15:16 536576 -c--a-w- c:\windows\system32\msvcr70d.dll
2010-04-23 01:00 . 2010-04-23 01:03 -------- dc----w- c:\program files\Common Files\KORG
2010-04-23 01:00 . 2010-04-23 01:00 -------- dc----w- c:\program files\KORG
2010-04-23 00:45 . 2002-11-25 09:46 16896 -c--a-w- c:\windows\system32\drivers\synasUSB.sys
2010-04-23 00:45 . 2009-05-19 20:21 86016 -c--a-w- c:\windows\system32\SYNSOPOS.exe
2010-04-22 13:38 . 2010-04-22 13:38 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\eLicenser
2010-04-22 13:34 . 2010-04-22 13:34 -------- dc----w- c:\program files\Cakewalk
2010-04-22 13:34 . 2010-04-22 13:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Cakewalk
2010-04-22 12:38 . 2010-04-22 12:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\documents and settings\Administrator\Application Data\Audio Ease
2010-04-22 12:20 . 2007-09-12 16:51 491520 -c--a-w- c:\windows\system32\libencdec.dll
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\program files\Audio Ease
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Audio Ease
2010-04-22 10:51 . 2010-04-22 10:51 2892 -c--a-w- c:\windows\system32\audcon.sys
2010-04-22 10:51 . 2010-04-22 10:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Syncrosoft
2010-04-22 10:49 . 2010-04-22 14:13 -------- dc----w- c:\documents and settings\All Users\Application Data\eLicenser
2010-04-22 10:49 . 2010-04-24 15:48 -------- dc----w- c:\program files\eLicenser
2010-04-22 10:48 . 2009-09-09 22:56 163840 -c--a-w- c:\windows\system32\ArtFfct.dll
2010-04-22 10:48 . 2010-04-23 02:01 -------- dc----w- c:\program files\Arturia
2010-04-22 10:48 . 2010-04-22 13:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Arturia
2010-04-22 10:45 . 2010-04-22 10:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}
2010-04-22 10:29 . 2010-04-22 12:57 -------- dc----w- c:\program files\Native Instruments
2010-04-22 10:21 . 2010-04-22 10:21 -------- dc----w- c:\documents and settings\All Users\Application Data\Temporary
2010-04-22 10:20 . 2010-04-22 10:20 -------- dc----w- c:\program files\Common Files\Celemony
2010-04-22 10:20 . 2010-04-22 10:20 -------- dc----w- c:\program files\Celemony
2010-04-22 10:13 . 2003-06-20 16:28 1777664 -c--a-w- c:\windows\system32\gdiplus.dll
2010-04-22 10:11 . 2010-04-22 10:11 -------- dc----w- c:\documents and settings\nexus
2010-04-22 10:07 . 2010-04-22 10:07 -------- dc----w- c:\program files\Image-Line
2010-04-21 09:09 . 2010-04-21 09:10 -------- dc----w- c:\program files\ConvertHelper
2010-04-21 09:07 . 2010-04-21 09:10 -------- dc----w- c:\documents and settings\Administrator\dwhelper
2010-04-19 05:28 . 2010-04-19 05:37 -------- dc----w- c:\documents and settings\Administrator\Application Data\Digidesign
2010-04-19 05:28 . 2010-04-19 05:28 -------- dc----w- C:\Digidesign Databases
2010-04-19 05:12 . 2006-12-09 02:50 16384 -c--a-w- c:\windows\system32\drivers\DigiFilt.sys
2010-04-19 05:10 . 2002-01-05 09:48 974848 -c--a-w- c:\windows\system32\mfc70.dll
2010-04-19 05:10 . 2001-06-27 14:13 217088 -c--a-w- c:\windows\system32\qtmlClient.dll
2010-04-19 05:10 . 2007-09-05 15:43 630784 -c----w- c:\windows\system32\ilinet.dll
2010-04-19 05:10 . 2007-10-31 07:16 3683014 -c--a-w- c:\windows\system32\DirectIO.dll
2010-04-19 05:10 . 2007-10-31 04:36 15872 -c--a-w- c:\windows\system32\digicoin.dll
2010-04-19 05:10 . 2007-10-31 04:03 659456 -c--a-w- c:\windows\system32\DSI.dll
2010-04-19 05:10 . 2007-10-31 04:03 1362460 -c--a-w- c:\windows\system32\ExpansionHD_Firmware.bin
2010-04-19 05:10 . 2007-10-31 03:03 270336 -c--a-w- c:\windows\system32\DigiPlatformSupport.dll
2010-04-19 05:10 . 2006-12-09 03:21 90112 -c--a-w- c:\windows\system32\WinMMFix.dll
2010-04-18 22:35 . 2010-04-18 22:35 69632 -c--a-w- c:\windows\system32\com.fxpansion.fxshared.dll
2010-04-18 13:36 . 2008-04-14 04:15 60032 -c--a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-04-18 13:36 . 2008-04-14 04:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-04-17 10:34 . 2010-04-19 05:17 -------- dc----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-04-17 10:34 . 2010-04-17 10:34 -------- dc----w- c:\program files\Common Files\PACE Anti-Piracy
2010-03-04 02:00 . 2010-04-19 05:28 -------- dc-ha-w- c:\documents and settings\Administrator\Local Settings\Application Data\7v7mN9FuX
2010-02-20 06:41 . 2004-01-01 15:13 -------- dc----w- c:\documents and settings\Administrator\Application Data\QuickScan
2010-01-24 12:01 . 2010-01-24 12:01 -------- dc----w- c:\program files\LUXONIX
2010-01-24 11:01 . 2010-04-23 01:12 16 -c--a-w- c:\windows\msocreg32.dat
2010-01-24 11:00 . 2010-01-24 11:01 -------- dc----w- c:\program files\Sonik Synth 2
2010-01-24 01:43 . 2010-04-22 12:28 -------- dc----w- c:\program files\Common Files\Native Instruments
2010-01-24 01:43 . 2010-04-22 10:33 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Native Instruments
2010-01-24 01:43 . 2010-01-24 01:43 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2010-01-24 01:30 . 2010-01-24 01:30 -------- dc----w- c:\program files\Smart Projects
2010-01-23 23:05 . 2010-01-23 23:05 -------- dc----w- c:\windows\vocoder
2010-01-23 22:56 . 2010-04-23 01:22 -------- dc----w- c:\documents and settings\Administrator\Application Data\Antares
2010-01-23 22:56 . 2010-04-23 01:22 -------- dc----w- c:\program files\Antares Audio Technologies
2010-01-08 23:59 . 2000-01-19 00:45 401484 -c--a-w- c:\windows\system32\Msvcrtd.dll
2010-01-08 23:59 . 2010-01-09 00:01 -------- dc----w- c:\program files\FXpansion DR-008 v1.21
2010-01-08 04:49 . 2010-04-19 05:10 -------- dc----w- c:\program files\Digidesign
2010-01-08 04:49 . 2010-01-24 10:18 -------- dc----w- c:\program files\Garritan Personal Orchestra
2010-01-08 04:07 . 2010-01-08 04:07 -------- dc----w- c:\program files\Alcohol Soft
2010-01-08 03:48 . 2009-10-12 02:58 1177600 -c--a-w- c:\windows\system32\SYNSOEMU.DLL
2010-01-08 03:47 . 2010-01-08 03:47 -------- dc----w- c:\program files\rgcaudio software
2010-01-08 03:46 . 2010-04-18 22:35 69632 -c--a-w- c:\windows\system32\FxShared.dll
2010-01-08 03:46 . 2010-04-18 22:44 -------- dc----w- c:\program files\FXpansion
2010-01-08 03:45 . 2010-04-19 05:28 -------- dc----w- c:\documents and settings\Administrator\Application Data\FXpansion
2010-01-05 01:32 . 2010-01-05 01:32 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Spectrasonics
2010-01-03 21:51 . 2010-01-03 21:51 -------- dc----w- c:\program files\Trend Micro
2010-01-03 14:00 . 2010-04-19 05:10 -------- dc----w- c:\program files\Common Files\Digidesign
2010-01-03 14:00 . 2010-01-03 14:30 -------- dc----w- c:\program files\Spectrasonics
2009-12-27 02:14 . 2009-12-27 02:14 -------- dc----w- c:\program files\Seagate
2009-12-27 02:14 . 2009-12-27 02:14 -------- dc----w- c:\documents and settings\All Users\Application Data\Seagate
2009-12-27 02:13 . 2009-12-27 02:13 -------- dcsh--w- c:\windows\ftpcache
2009-12-27 02:09 . 2009-12-27 02:09 -------- dc----w- c:\documents and settings\Administrator\Application Data\Leadertech
2009-12-09 00:38 . 2009-12-09 00:38 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-09 00:38 . 2010-01-07 21:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 00:38 . 2009-12-09 00:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-09 00:38 . 2010-02-12 23:15 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 00:38 . 2010-01-07 21:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 23:15 . 2010-02-18 16:55 -------- dc----w- c:\program files\Ask.com
2009-11-22 23:14 . 2009-11-22 23:15 -------- dc----w- c:\program files\Common Files\DVDVideoSoft
2009-11-22 23:14 . 2009-11-22 23:14 -------- dc----w- c:\program files\DVDVideoSoft
2009-11-13 22:33 . 2010-04-19 05:17 -------- dc----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy
2009-11-13 22:33 . 2009-11-13 22:33 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy
2009-11-13 22:17 . 2009-11-13 22:17 -------- dc----w- c:\documents and settings\All Users\Application Data\Line 6
2009-11-13 22:17 . 2006-03-29 19:11 233472 -c--a-w- c:\windows\system32\REX Shared Library.dll
2009-11-13 22:17 . 2009-11-13 22:17 406528 -c--a-w- c:\windows\system32\ReWire.dll
2009-11-13 22:16 . 2009-11-13 22:16 -------- dc----w- c:\program files\CodeMeter
2009-11-12 02:43 . 2009-11-12 02:43 -------- dc----w- C:\spoolerlogs
2009-11-11 08:52 . 2009-11-11 08:52 -------- dc----w- c:\documents and settings\All Users\Application Data\kds_kodak
2009-11-10 10:33 . 2009-11-10 10:33 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-09 18:56 . 2009-11-09 18:56 643592 -c--a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2009-11-09 18:56 . 2009-11-09 18:56 32776 -c--a-w- c:\windows\system32\mausbasio.dll
2009-11-09 18:56 . 2009-11-09 18:56 2526185 -c--a-w- c:\windows\system32\madiousb.dll
2009-11-07 14:56 . 2009-11-07 14:56 -------- dc----w- c:\documents and settings\All Users\Application Data\Eastman Kodak Company
2009-11-07 14:53 . 2009-11-07 14:53 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eastman_Kodak_Company
2009-11-07 14:52 . 2009-11-07 15:04 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eastman Kodak Company
2009-11-07 14:52 . 2009-11-07 14:52 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\KODAK
2009-11-07 14:52 . 2009-11-07 14:52 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
2009-11-07 14:50 . 2009-08-03 14:33 192512 -c--a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2009-11-07 14:50 . 2009-08-03 14:33 405504 -c--a-w- c:\windows\system32\EKIJ5000MON.dll
2009-11-07 14:49 . 2009-11-07 14:52 -------- dc----w- c:\program files\Kodak
2009-11-07 11:04 . 2009-11-07 11:04 -------- dc----w- c:\program files\Bonjour
2009-11-07 11:04 . 2009-11-07 11:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-07 11:03 . 2009-11-07 14:48 -------- dc----w- c:\documents and settings\Administrator\Application Data\Temp
2009-11-07 10:58 . 2010-01-03 21:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Kodak
2009-11-07 10:57 . 2009-11-07 14:50 -------- dc----w- c:\windows\system32\kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 21:48 . 2010-05-03 21:48 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-05-03 21:47 . 2010-05-03 21:47 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-24 16:37 . 2010-04-24 16:37 0 -c--a-w- c:\documents and settings\Administrator\ntuser.tmp
2010-04-22 10:20 . 2009-03-07 02:21 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-01-08 23:59 . 2009-05-04 03:56 -------- dc----w- c:\program files\Steinberg
2010-01-08 02:49 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-11-09 18:56 . 2004-01-01 13:50 158600 -c--a-w- c:\windows\system32\drivers\MAudioFastTrackPro.sys
2009-08-22 18:11 . 2001-12-11 12:17 414272 -c--a-w- c:\windows\system32\DivXc32.dll
2009-08-22 18:11 . 2001-11-27 00:19 414272 -c--a-w- c:\windows\system32\DivXc32f.dll
2009-08-22 18:11 . 2001-12-08 20:20 33280 -c--a-w- c:\windows\system32\HUFFYUV.DLL
2009-06-16 14:36 . 2008-05-02 03:05 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-05-02 03:05 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2008-05-02 03:05 1291264 -c--a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2008-05-02 03:05 345600 -c--a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2008-05-02 03:05 827392 -c----w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-05-02 03:05 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-04-24 01:33 . 2009-03-07 02:21 -------- dc----w- c:\program files\Common Files\InstallShield
2009-04-17 12:26 . 2008-05-02 03:05 1847168 -c--a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-05-02 03:05 585216 -c--a-w- c:\windows\system32\rpcrt4.dll
2009-03-24 23:16 . 2009-03-22 10:32 -------- dc----w- c:\program files\ffdshow
2009-03-24 23:16 . 2009-03-22 10:32 -------- dc----w- c:\program files\AC3Filter
2009-03-24 23:16 . 2009-03-22 12:36 -------- dc----w- c:\program files\IrfanView
2009-03-24 23:16 . 2009-03-24 23:16 -------- dc----w- c:\program files\SigmaTel
2009-03-24 23:16 . 2009-03-22 22:11 -------- dc----w- c:\program files\GoldWave 5.20
2009-03-24 23:16 . 2009-03-23 22:58 -------- dc----w- c:\program files\IDT(2)
2009-03-24 23:13 . 2009-03-24 23:13 -------- dc----w- c:\program files\MSXML 4.0
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\program files\DAEMON Tools Lite
2009-03-24 09:34 . 2009-03-22 22:02 5072 -c--a-w- c:\windows\system32\drivers\sthdae.log
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-07 02:47 . 2009-03-07 01:58 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-07 01:59 . 2009-03-07 01:59 -------- dc----w- c:\program files\microsoft frontpage
2009-03-07 01:56 . 2009-03-07 01:56 21640 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-03-06 15:57 . 2009-03-06 15:57 83448 -c--a-w- c:\windows\system32\CddbLangJA.dll
2009-03-06 15:57 . 2009-03-06 15:57 808440 -c--a-w- c:\windows\system32\CDDBUI.dll
2009-03-06 15:57 . 2009-03-06 15:57 796152 -c--a-w- c:\windows\system32\CDDBControl.dll
2009-03-06 15:57 . 2009-03-06 15:57 108024 -c--a-w- c:\windows\system32\CddbLangIT.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangNL.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangFR.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangES.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangDE.dll
2009-03-06 14:22 . 2008-05-02 03:05 284160 -c--a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2008-05-02 03:05 729088 -c--a-w- c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2009-03-07 01:55 453120 -c--a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10 . 2009-03-07 01:54 473600 -c--a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10 . 2008-05-02 03:05 714752 -c--a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-05-02 03:05 617472 -c--a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-05-02 03:05 401408 -c----w- c:\windows\system32\rpcss.dll
2009-02-06 11:11 . 2008-05-02 03:05 110592 -c----w- c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-05-02 03:05 2145280 -c----w- c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-05-02 03:05 35328 -c--a-w- c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 -c----w- c:\windows\system32\ntkrnlpa.exe
2009-02-06 10:10 . 2009-03-07 01:55 227840 -c--a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-02-03 19:59 . 2008-05-02 03:05 56832 -c--a-w- c:\windows\system32\secur32.dll
2008-12-16 12:30 . 2008-05-02 03:05 354304 -c--a-w- c:\windows\system32\winhttp.dll
2008-12-12 16:18 . 2008-12-12 16:18 87336 -c--a-w- c:\windows\system32\dns-sd.exe
2008-12-12 16:11 . 2008-12-12 16:11 65536 -c--a-w- c:\windows\system32\jdns_sd.dll
2008-12-12 16:11 . 2008-12-12 16:11 61440 -c--a-w- c:\windows\system32\dnssd.dll
2008-12-11 10:57 . 2008-05-02 03:05 333952 -c--a-w- c:\windows\system32\drivers\srv.sys
2008-12-05 06:54 . 2008-05-02 03:05 144896 -c--a-w- c:\windows\system32\schannel.dll
2008-10-30 01:43 . 2008-10-30 01:43 1204128 -c--a-w- c:\windows\system32\drivers\AGRSM.sys
2008-10-24 11:21 . 2008-05-02 03:05 455296 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 . 2008-05-02 03:05 286720 -c--a-w- c:\windows\system32\gdi32.dll
2008-10-16 19:13 . 2009-03-07 01:57 1809944 -c--a-w- c:\windows\system32\wuaueng.dll
2008-10-16 19:12 . 2009-03-07 01:57 202776 -c--a-w- c:\windows\system32\wuweb.dll
2008-10-16 19:12 . 2009-03-07 01:57 323608 -c--a-w- c:\windows\system32\wucltui.dll
2008-10-16 19:12 . 2009-03-07 01:57 561688 -c--a-w- c:\windows\system32\wuapi.dll
2008-10-16 19:12 . 2009-03-07 01:57 561688 -c--a-w- c:\windows\system32\wuapi(2)(2).dll
2008-10-16 19:09 . 2009-03-07 01:57 51224 -c----w- c:\windows\system32\wuauclt.exe
2008-10-16 19:09 . 2008-05-02 03:05 92696 -c--a-w- c:\windows\system32\cdm.dll
2008-10-16 19:08 . 2009-03-07 01:57 34328 -c--a-w- c:\windows\system32\wups.dll
2008-10-16 19:08 . 2009-03-07 01:57 34328 -c--a-w- c:\windows\system32\wups(2)(2).dll
2008-10-03 10:02 . 2008-05-02 03:05 247326 -c--a-w- c:\windows\system32\strmdll.dll
2008-09-30 20:43 . 2008-09-30 20:43 1286152 -c--a-w- c:\windows\system32\msxml4.dll
2008-09-26 20:13 . 2008-09-26 20:13 55816 -c--a-w- c:\windows\agrsmdel.exe
2008-09-12 10:44 . 2008-12-04 11:42 206256 -c--a-w- c:\windows\system32\idmmbc.dll
2008-09-10 01:14 . 2008-05-02 03:05 1307648 -c--a-w- c:\windows\system32\msxml6.dll
2008-09-06 04:29 . 2008-09-06 04:29 917032 -c--a-w- c:\windows\system32\WgaTray.exeold.exe
2008-09-04 17:15 . 2008-05-02 03:05 1106944 -c--a-w- c:\windows\system32\msxml3.dll
2008-08-26 19:32 . 2008-08-26 19:32 13824 -c--a-w- c:\windows\system32\agrscoin.dll
2008-08-14 10:04 . 2008-05-02 03:05 138496 -c--a-w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:26 . 2008-05-02 03:05 253952 -c----w- c:\windows\system32\es.dll
2008-06-24 23:12 . 2006-10-19 02:47 295936 -c----w- c:\windows\system32\wmpeffects.dll
2008-06-24 20:06 . 2008-06-24 20:06 972072 -c--a-w- c:\windows\UNNeroMediaHome.exe
2008-06-24 16:43 . 2008-05-02 03:05 74240 -c--a-w- c:\windows\system32\mscms.dll
2008-06-20 17:46 . 2008-05-02 03:05 245248 -c----w- c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2008-05-02 03:05 361600 -c----w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08 . 2008-05-02 03:05 225856 -c--a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-18 10:03 . 2008-05-02 03:05 938496 -c--a-w- c:\windows\system32\WMNetmgr.dll
2008-06-18 06:09 . 2008-05-02 03:05 100864 -c--a-w- c:\windows\system32\logagent.exe
2008-06-12 14:23 . 2009-03-07 01:55 956928 -c--a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23 . 2009-03-07 01:55 91648 -c--a-w- c:\windows\system32\mtxoci.dll
2008-06-12 14:23 . 2009-03-07 01:55 58880 -c--a-w- c:\windows\system32\msdtclog.dll
2008-06-12 14:23 . 2009-03-07 01:55 428032 -c--a-w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:23 . 2009-03-07 01:55 161792 -c--a-w- c:\windows\system32\msdtcuiu.dll
2008-06-12 14:23 . 2008-05-02 03:05 66560 -c--a-w- c:\windows\system32\mtxclu.dll
2008-06-08 13:37 . 2008-06-08 13:37 132904 -c--a-w- c:\windows\system32\drivers\imagesrv.sys
.

------- Sigcheck -------

[7] 2008-05-02 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-14 05:10 . E9113D940039B84BB9FE49C0BA67FAB8 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-04-24_17.16.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-01-06 06:28 . 2004-01-06 06:28 16384 c:\windows\temp\Perflib_Perfdata_1c8.dat
+ 2006-11-02 11:00 . 2006-11-02 11:00 24136 c:\windows\system32\winusb.dll
+ 2004-01-01 13:50 . 2008-04-14 10:42 23552 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\wdmaud.drv
+ 2004-01-01 13:50 . 2008-04-14 04:15 60032 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\USBAUDIO.sys
+ 2004-01-01 13:50 . 2008-04-14 04:15 49408 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\stream.sys
+ 2004-01-01 13:50 . 2008-04-14 04:15 60160 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\drmk.sys
+ 2008-05-02 03:05 . 2004-01-01 04:09 77316 c:\windows\system32\perfc009.dat
- 2008-05-02 03:05 . 2010-04-22 13:10 77316 c:\windows\system32\perfc009.dat
+ 2006-11-02 11:00 . 2006-11-02 11:00 39368 c:\windows\system32\drivers\winusb.sys
+ 2006-11-02 12:22 . 2008-03-27 20:27 35040 c:\windows\system32\drivers\wdfldr.sys
+ 2008-04-14 00:15 . 2008-04-14 05:15 49408 c:\windows\system32\drivers\stream.sys
- 2008-04-14 00:15 . 2008-04-14 04:15 49408 c:\windows\system32\drivers\stream.sys
+ 2009-03-07 02:21 . 2008-04-14 05:15 60160 c:\windows\system32\drivers\drmk.sys
- 2009-03-07 02:21 . 2008-04-14 04:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2008-04-14 00:15 . 2008-04-14 05:15 49408 c:\windows\system32\dllcache\stream.sys
- 2008-04-14 00:15 . 2008-04-14 04:15 49408 c:\windows\system32\dllcache\stream.sys
+ 2009-03-07 02:21 . 2008-04-14 05:15 60160 c:\windows\system32\dllcache\drmk.sys
- 2009-03-07 02:21 . 2008-04-14 04:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2004-01-01 13:50 . 2008-04-14 09:41 4096 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\ksuser.dll
+ 2009-03-07 02:21 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser.dll
- 2009-03-07 02:21 . 2008-04-14 09:41 4096 c:\windows\system32\ksuser.dll
+ 2009-03-07 02:21 . 2008-04-14 10:41 4096 c:\windows\system32\dllcache\ksuser.dll
- 2009-03-07 02:21 . 2008-04-14 09:41 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2004-01-01 13:50 . 2008-04-14 04:49 146048 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\portcls.sys
+ 2004-01-01 13:50 . 2008-04-14 04:46 141056 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\ks.sys
+ 2008-05-02 03:05 . 2004-01-01 04:09 473296 c:\windows\system32\perfh009.dat
- 2008-05-02 03:05 . 2010-04-22 13:10 473296 c:\windows\system32\perfh009.dat
- 2010-04-18 13:34 . 2009-11-09 17:56 158600 c:\windows\system32\DRVSTORE\MAudioFast_05C7CD81B60E923B0D53011E91B8DD83902B13E7\MAudioFastTrackPro.sys
+ 2004-01-01 13:50 . 2009-11-09 18:56 158600 c:\windows\system32\DRVSTORE\MAudioFast_05C7CD81B60E923B0D53011E91B8DD83902B13E7\MAudioFastTrackPro.sys
+ 2006-11-02 12:22 . 2008-03-27 20:27 503008 c:\windows\system32\drivers\wdf01000.sys
+ 2009-03-07 02:21 . 2008-04-14 05:49 146048 c:\windows\system32\drivers\portcls.sys
- 2009-03-07 02:21 . 2008-04-14 04:49 146048 c:\windows\system32\drivers\portcls.sys
- 2008-04-14 00:46 . 2008-04-14 04:46 141056 c:\windows\system32\drivers\ks.sys
+ 2008-04-14 00:46 . 2008-04-14 05:46 141056 c:\windows\system32\drivers\ks.sys
- 2009-03-07 02:21 . 2008-04-14 04:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2009-03-07 02:21 . 2008-04-14 05:49 146048 c:\windows\system32\dllcache\portcls.sys
- 2008-04-14 00:46 . 2008-04-14 04:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2008-04-14 00:46 . 2008-04-14 05:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2004-01-05 12:43 . 2004-01-05 12:43 1094656 c:\windows\Installer\5334ec.msi
+ 2004-01-01 13:50 . 2004-01-01 13:50 1397760 c:\windows\Installer\1a9872d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 303104]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 643592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 -c--a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 -c--a-w- c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-05-02 03:05 27648 -c--a-w- c:\windows\system32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-05-02 03:05 15360 -c----w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 -c--a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-MU USB Audio Control Panel]
2007-11-26 19:03 274432 -c----w- c:\program files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2009-08-03 14:33 1626112 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 -c--a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2008-12-05 01:23 2745776 -c--a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06 1840424 -c--a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 08:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-01-07 21:07 429392 -c--a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-05-01 19:35 185640 -c--a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 -c----w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2009-03-05 04:44 1074352 -c--a-w- c:\program files\My Lockbox\mylbx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 13:31 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 13:53 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 -c--a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01 86016 -c--a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01 1630208 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-16 12:56 236016 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
2009-03-15 20:43 44832 -c--a-w- c:\program files\Sonique\SQStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Tracktion 3\\Tracktion.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/19/2010 12:12 AM 16384]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [3/15/2009 1:12 AM 43792]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/26/2009 8:10 PM 40560]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [6/7/2008 1:54 PM 84752]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [4/3/2009 4:01 AM 1680704]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [11/26/2007 2:10 PM 20992]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [3/15/2009 1:12 AM 73344]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/8/2009 7:38 PM 236368]
R2 NetBurnerService;Net Burner iSCSI Service;c:\program files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe [6/7/2008 1:54 PM 223248]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [5/3/2009 10:52 PM 33792]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [1/1/2004 8:50 AM 158600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/8/2009 7:38 PM 19160]
R3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [3/16/2009 7:58 PM 65794]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [4/10/2009 9:26 AM 127496]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 12:49 PM 284016]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [11/26/2007 2:14 PM 163352]
S3 SliceDisk5;SliceDisk5;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\slicedisk.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\slicedisk.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [4/22/2010 7:45 PM 16896]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/16/2009 5:47 PM 721904]
.
Contents of the 'Scheduled Tasks' folder

2004-01-05 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Administrator.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-09 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2004-01-06 01:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d8,7f,6c,0e,55,06,b5,10,b4,04,9a,39,b2,5d,1f,2e,d6,02,1f,bf,ec,
2e,ae,f7,be,5a,78,b4,25,18,53,d2,b6,67,fa,bd,8c,4b,a5,c4,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c204474a-cecf-41db-a1ce-9d8ca5632bd0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cb
"Therad"=dword:00000015
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2180)
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2004-01-06 01:38:31 - machine was rebooted
ComboFix-quarantined-files.txt 2004-01-06 06:38
ComboFix2.txt 2010-04-24 17:22
ComboFix3.txt 2010-02-20 06:34
ComboFix4.txt 2010-02-18 17:12
ComboFix5.txt 2004-01-06 06:12

Pre-Run: 2,248,183,808 bytes free
Post-Run: 2,232,995,840 bytes free

- - End Of File - - 28AAA6B7DAF3D33E26B113F5D22DF176


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:05 PM

Posted 14 May 2010 - 12:43 PM

Hello again,

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
TDL::
C:\WINDOWS\system32\drivers\atapi.sys

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 goodie2010

goodie2010
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 14 May 2010 - 02:09 PM

thanks so much for your assistance!


ComboFix 10-05-13.04 - Administrator 01/06/2004 2:00.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2681 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\My Documents\Downloads\Programs\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
((((((((((((((((((((((((( Files Created from 2003-12-06 to 2004-01-06 )))))))))))))))))))))))))))))))
.

2010-05-03 21:47 . 2008-03-21 17:57 14640 -c----w- c:\windows\system32\spmsgXP_2k3.dll
2010-05-03 13:39 . 2010-05-03 13:39 581192 -c--a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-05-03 13:39 . 2010-05-03 13:39 1112288 -c--a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-05-03 11:14 . 2010-05-03 11:39 -------- dc----w- C:\N1
2010-05-03 11:11 . 2010-02-09 15:36 -------- dc----w- C:\android-sdk-windows
2010-05-03 10:35 . 2010-01-07 16:42 96256 -c--a-w- C:\AdbWinApi.dll
2010-05-03 10:35 . 2010-01-07 16:42 60928 -c--a-w- C:\AdbWinUsbApi.dll
2010-05-03 10:35 . 2010-01-07 16:42 2530671 -c--a-w- C:\adb.exe
2010-05-03 10:35 . 2010-01-07 16:42 994279 -c--a-w- C:\fastboot.exe
2010-05-03 10:24 . 2010-05-04 14:01 -------- dc----w- C:\superboot
2010-05-03 10:05 . 2010-05-03 11:09 -------- dc----w- c:\documents and settings\Administrator\.android
2010-05-03 09:46 . 2010-01-04 00:22 -------- dc----w- C:\fastboot
2010-04-26 10:33 . 2006-11-02 20:39 90112 -c--a-w- c:\windows\system32\stacsv.exe
2010-04-24 16:31 . 2010-04-24 17:15 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\wgfhrgevm
2010-04-23 01:57 . 2002-01-05 15:16 737280 -c--a-w- c:\windows\system32\msvcp70d.dll
2010-04-23 01:57 . 2002-01-05 15:16 536576 -c--a-w- c:\windows\system32\msvcr70d.dll
2010-04-23 01:00 . 2010-04-23 01:03 -------- dc----w- c:\program files\Common Files\KORG
2010-04-23 01:00 . 2010-04-23 01:00 -------- dc----w- c:\program files\KORG
2010-04-23 00:45 . 2002-11-25 09:46 16896 -c--a-w- c:\windows\system32\drivers\synasUSB.sys
2010-04-23 00:45 . 2009-05-19 20:21 86016 -c--a-w- c:\windows\system32\SYNSOPOS.exe
2010-04-22 13:38 . 2010-04-22 13:38 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\eLicenser
2010-04-22 13:34 . 2010-04-22 13:34 -------- dc----w- c:\program files\Cakewalk
2010-04-22 13:34 . 2010-04-22 13:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Cakewalk
2010-04-22 12:38 . 2010-04-22 12:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\documents and settings\Administrator\Application Data\Audio Ease
2010-04-22 12:20 . 2007-09-12 16:51 491520 -c--a-w- c:\windows\system32\libencdec.dll
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\program files\Audio Ease
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Audio Ease
2010-04-22 10:51 . 2010-04-22 10:51 2892 -c--a-w- c:\windows\system32\audcon.sys
2010-04-22 10:51 . 2010-04-22 10:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Syncrosoft
2010-04-22 10:49 . 2010-04-22 14:13 -------- dc----w- c:\documents and settings\All Users\Application Data\eLicenser
2010-04-22 10:49 . 2010-04-24 15:48 -------- dc----w- c:\program files\eLicenser
2010-04-22 10:48 . 2009-09-09 22:56 163840 -c--a-w- c:\windows\system32\ArtFfct.dll
2010-04-22 10:48 . 2010-04-23 02:01 -------- dc----w- c:\program files\Arturia
2010-04-22 10:48 . 2010-04-22 13:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Arturia
2010-04-22 10:45 . 2010-04-22 10:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}
2010-04-22 10:29 . 2010-04-22 12:57 -------- dc----w- c:\program files\Native Instruments
2010-04-22 10:21 . 2010-04-22 10:21 -------- dc----w- c:\documents and settings\All Users\Application Data\Temporary
2010-04-22 10:20 . 2010-04-22 10:20 -------- dc----w- c:\program files\Common Files\Celemony
2010-04-22 10:20 . 2010-04-22 10:20 -------- dc----w- c:\program files\Celemony
2010-04-22 10:13 . 2003-06-20 16:28 1777664 -c--a-w- c:\windows\system32\gdiplus.dll
2010-04-22 10:11 . 2010-04-22 10:11 -------- dc----w- c:\documents and settings\nexus
2010-04-22 10:07 . 2010-04-22 10:07 -------- dc----w- c:\program files\Image-Line
2010-04-21 09:09 . 2010-04-21 09:10 -------- dc----w- c:\program files\ConvertHelper
2010-04-21 09:07 . 2010-04-21 09:10 -------- dc----w- c:\documents and settings\Administrator\dwhelper
2010-04-19 05:28 . 2010-04-19 05:37 -------- dc----w- c:\documents and settings\Administrator\Application Data\Digidesign
2010-04-19 05:28 . 2010-04-19 05:28 -------- dc----w- C:\Digidesign Databases
2010-04-19 05:12 . 2006-12-09 02:50 16384 -c--a-w- c:\windows\system32\drivers\DigiFilt.sys
2010-04-19 05:10 . 2002-01-05 09:48 974848 -c--a-w- c:\windows\system32\mfc70.dll
2010-04-19 05:10 . 2001-06-27 14:13 217088 -c--a-w- c:\windows\system32\qtmlClient.dll
2010-04-19 05:10 . 2007-09-05 15:43 630784 -c----w- c:\windows\system32\ilinet.dll
2010-04-19 05:10 . 2007-10-31 07:16 3683014 -c--a-w- c:\windows\system32\DirectIO.dll
2010-04-19 05:10 . 2007-10-31 04:36 15872 -c--a-w- c:\windows\system32\digicoin.dll
2010-04-19 05:10 . 2007-10-31 04:03 659456 -c--a-w- c:\windows\system32\DSI.dll
2010-04-19 05:10 . 2007-10-31 04:03 1362460 -c--a-w- c:\windows\system32\ExpansionHD_Firmware.bin
2010-04-19 05:10 . 2007-10-31 03:03 270336 -c--a-w- c:\windows\system32\DigiPlatformSupport.dll
2010-04-19 05:10 . 2006-12-09 03:21 90112 -c--a-w- c:\windows\system32\WinMMFix.dll
2010-04-18 22:35 . 2010-04-18 22:35 69632 -c--a-w- c:\windows\system32\com.fxpansion.fxshared.dll
2010-04-18 13:36 . 2008-04-14 04:15 60032 -c--a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-04-18 13:36 . 2008-04-14 04:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-04-17 10:34 . 2010-04-19 05:17 -------- dc----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-04-17 10:34 . 2010-04-17 10:34 -------- dc----w- c:\program files\Common Files\PACE Anti-Piracy
2010-03-04 02:00 . 2010-04-19 05:28 -------- dc-ha-w- c:\documents and settings\Administrator\Local Settings\Application Data\7v7mN9FuX
2010-02-20 06:41 . 2004-01-01 15:13 -------- dc----w- c:\documents and settings\Administrator\Application Data\QuickScan
2010-01-24 12:01 . 2010-01-24 12:01 -------- dc----w- c:\program files\LUXONIX
2010-01-24 11:01 . 2010-04-23 01:12 16 -c--a-w- c:\windows\msocreg32.dat
2010-01-24 11:00 . 2010-01-24 11:01 -------- dc----w- c:\program files\Sonik Synth 2
2010-01-24 01:43 . 2010-04-22 12:28 -------- dc----w- c:\program files\Common Files\Native Instruments
2010-01-24 01:43 . 2010-04-22 10:33 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Native Instruments
2010-01-24 01:43 . 2010-01-24 01:43 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2010-01-24 01:30 . 2010-01-24 01:30 -------- dc----w- c:\program files\Smart Projects
2010-01-23 23:05 . 2010-01-23 23:05 -------- dc----w- c:\windows\vocoder
2010-01-23 22:56 . 2010-04-23 01:22 -------- dc----w- c:\documents and settings\Administrator\Application Data\Antares
2010-01-23 22:56 . 2010-04-23 01:22 -------- dc----w- c:\program files\Antares Audio Technologies
2010-01-08 23:59 . 2000-01-19 00:45 401484 -c--a-w- c:\windows\system32\Msvcrtd.dll
2010-01-08 23:59 . 2010-01-09 00:01 -------- dc----w- c:\program files\FXpansion DR-008 v1.21
2010-01-08 04:49 . 2010-04-19 05:10 -------- dc----w- c:\program files\Digidesign
2010-01-08 04:49 . 2010-01-24 10:18 -------- dc----w- c:\program files\Garritan Personal Orchestra
2010-01-08 04:07 . 2010-01-08 04:07 -------- dc----w- c:\program files\Alcohol Soft
2010-01-08 03:48 . 2009-10-12 02:58 1177600 -c--a-w- c:\windows\system32\SYNSOEMU.DLL
2010-01-08 03:47 . 2010-01-08 03:47 -------- dc----w- c:\program files\rgcaudio software
2010-01-08 03:46 . 2010-04-18 22:35 69632 -c--a-w- c:\windows\system32\FxShared.dll
2010-01-08 03:46 . 2010-04-18 22:44 -------- dc----w- c:\program files\FXpansion
2010-01-08 03:45 . 2010-04-19 05:28 -------- dc----w- c:\documents and settings\Administrator\Application Data\FXpansion
2010-01-05 01:32 . 2010-01-05 01:32 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Spectrasonics
2010-01-03 21:51 . 2010-01-03 21:51 -------- dc----w- c:\program files\Trend Micro
2010-01-03 14:00 . 2010-04-19 05:10 -------- dc----w- c:\program files\Common Files\Digidesign
2010-01-03 14:00 . 2010-01-03 14:30 -------- dc----w- c:\program files\Spectrasonics
2009-12-27 02:14 . 2009-12-27 02:14 -------- dc----w- c:\program files\Seagate
2009-12-27 02:14 . 2009-12-27 02:14 -------- dc----w- c:\documents and settings\All Users\Application Data\Seagate
2009-12-27 02:13 . 2009-12-27 02:13 -------- dcsh--w- c:\windows\ftpcache
2009-12-27 02:09 . 2009-12-27 02:09 -------- dc----w- c:\documents and settings\Administrator\Application Data\Leadertech
2009-12-09 00:38 . 2009-12-09 00:38 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-09 00:38 . 2010-01-07 21:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 00:38 . 2009-12-09 00:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-09 00:38 . 2010-02-12 23:15 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 00:38 . 2010-01-07 21:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 23:15 . 2010-02-18 16:55 -------- dc----w- c:\program files\Ask.com
2009-11-22 23:14 . 2009-11-22 23:15 -------- dc----w- c:\program files\Common Files\DVDVideoSoft
2009-11-22 23:14 . 2009-11-22 23:14 -------- dc----w- c:\program files\DVDVideoSoft
2009-11-13 22:33 . 2010-04-19 05:17 -------- dc----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy
2009-11-13 22:33 . 2009-11-13 22:33 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy
2009-11-13 22:17 . 2009-11-13 22:17 -------- dc----w- c:\documents and settings\All Users\Application Data\Line 6
2009-11-13 22:17 . 2006-03-29 19:11 233472 -c--a-w- c:\windows\system32\REX Shared Library.dll
2009-11-13 22:17 . 2009-11-13 22:17 406528 -c--a-w- c:\windows\system32\ReWire.dll
2009-11-13 22:16 . 2009-11-13 22:16 -------- dc----w- c:\program files\CodeMeter
2009-11-12 02:43 . 2009-11-12 02:43 -------- dc----w- C:\spoolerlogs
2009-11-11 08:52 . 2009-11-11 08:52 -------- dc----w- c:\documents and settings\All Users\Application Data\kds_kodak
2009-11-10 10:33 . 2009-11-10 10:33 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-09 18:56 . 2009-11-09 18:56 643592 -c--a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2009-11-09 18:56 . 2009-11-09 18:56 32776 -c--a-w- c:\windows\system32\mausbasio.dll
2009-11-09 18:56 . 2009-11-09 18:56 2526185 -c--a-w- c:\windows\system32\madiousb.dll
2009-11-07 14:56 . 2009-11-07 14:56 -------- dc----w- c:\documents and settings\All Users\Application Data\Eastman Kodak Company
2009-11-07 14:53 . 2009-11-07 14:53 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eastman_Kodak_Company
2009-11-07 14:52 . 2009-11-07 15:04 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eastman Kodak Company
2009-11-07 14:52 . 2009-11-07 14:52 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\KODAK
2009-11-07 14:52 . 2009-11-07 14:52 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
2009-11-07 14:50 . 2009-08-03 14:33 192512 -c--a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2009-11-07 14:50 . 2009-08-03 14:33 405504 -c--a-w- c:\windows\system32\EKIJ5000MON.dll
2009-11-07 14:49 . 2009-11-07 14:52 -------- dc----w- c:\program files\Kodak
2009-11-07 11:04 . 2009-11-07 11:04 -------- dc----w- c:\program files\Bonjour
2009-11-07 11:04 . 2009-11-07 11:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-07 11:03 . 2009-11-07 14:48 -------- dc----w- c:\documents and settings\Administrator\Application Data\Temp
2009-11-07 10:58 . 2010-01-03 21:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Kodak
2009-11-07 10:57 . 2009-11-07 14:50 -------- dc----w- c:\windows\system32\kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 21:48 . 2010-05-03 21:48 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-05-03 21:47 . 2010-05-03 21:47 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-24 16:37 . 2010-04-24 16:37 0 -c--a-w- c:\documents and settings\Administrator\ntuser.tmp
2010-04-22 10:20 . 2009-03-07 02:21 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-01-08 23:59 . 2009-05-04 03:56 -------- dc----w- c:\program files\Steinberg
2010-01-08 02:49 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-11-09 18:56 . 2004-01-01 13:50 158600 -c--a-w- c:\windows\system32\drivers\MAudioFastTrackPro.sys
2009-08-22 18:11 . 2001-12-11 12:17 414272 -c--a-w- c:\windows\system32\DivXc32.dll
2009-08-22 18:11 . 2001-11-27 00:19 414272 -c--a-w- c:\windows\system32\DivXc32f.dll
2009-08-22 18:11 . 2001-12-08 20:20 33280 -c--a-w- c:\windows\system32\HUFFYUV.DLL
2009-06-16 14:36 . 2008-05-02 03:05 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-05-02 03:05 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2008-05-02 03:05 1291264 -c--a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2008-05-02 03:05 345600 -c--a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2008-05-02 03:05 827392 -c----w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-05-02 03:05 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-04-24 01:33 . 2009-03-07 02:21 -------- dc----w- c:\program files\Common Files\InstallShield
2009-04-17 12:26 . 2008-05-02 03:05 1847168 -c--a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-05-02 03:05 585216 -c--a-w- c:\windows\system32\rpcrt4.dll
2009-03-24 23:16 . 2009-03-22 10:32 -------- dc----w- c:\program files\ffdshow
2009-03-24 23:16 . 2009-03-22 10:32 -------- dc----w- c:\program files\AC3Filter
2009-03-24 23:16 . 2009-03-22 12:36 -------- dc----w- c:\program files\IrfanView
2009-03-24 23:16 . 2009-03-24 23:16 -------- dc----w- c:\program files\SigmaTel
2009-03-24 23:16 . 2009-03-22 22:11 -------- dc----w- c:\program files\GoldWave 5.20
2009-03-24 23:16 . 2009-03-23 22:58 -------- dc----w- c:\program files\IDT(2)
2009-03-24 23:13 . 2009-03-24 23:13 -------- dc----w- c:\program files\MSXML 4.0
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\program files\DAEMON Tools Lite
2009-03-24 09:34 . 2009-03-22 22:02 5072 -c--a-w- c:\windows\system32\drivers\sthdae.log
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-07 02:47 . 2009-03-07 01:58 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-07 01:59 . 2009-03-07 01:59 -------- dc----w- c:\program files\microsoft frontpage
2009-03-07 01:56 . 2009-03-07 01:56 21640 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-03-06 15:57 . 2009-03-06 15:57 83448 -c--a-w- c:\windows\system32\CddbLangJA.dll
2009-03-06 15:57 . 2009-03-06 15:57 808440 -c--a-w- c:\windows\system32\CDDBUI.dll
2009-03-06 15:57 . 2009-03-06 15:57 796152 -c--a-w- c:\windows\system32\CDDBControl.dll
2009-03-06 15:57 . 2009-03-06 15:57 108024 -c--a-w- c:\windows\system32\CddbLangIT.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangNL.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangFR.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangES.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangDE.dll
2009-03-06 14:22 . 2008-05-02 03:05 284160 -c--a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2008-05-02 03:05 729088 -c--a-w- c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2009-03-07 01:55 453120 -c--a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10 . 2009-03-07 01:54 473600 -c--a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10 . 2008-05-02 03:05 714752 -c--a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-05-02 03:05 617472 -c--a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-05-02 03:05 401408 -c----w- c:\windows\system32\rpcss.dll
2009-02-06 11:11 . 2008-05-02 03:05 110592 -c----w- c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-05-02 03:05 2145280 -c----w- c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-05-02 03:05 35328 -c--a-w- c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 -c----w- c:\windows\system32\ntkrnlpa.exe
2009-02-06 10:10 . 2009-03-07 01:55 227840 -c--a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-02-03 19:59 . 2008-05-02 03:05 56832 -c--a-w- c:\windows\system32\secur32.dll
2008-12-16 12:30 . 2008-05-02 03:05 354304 -c--a-w- c:\windows\system32\winhttp.dll
2008-12-12 16:18 . 2008-12-12 16:18 87336 -c--a-w- c:\windows\system32\dns-sd.exe
2008-12-12 16:11 . 2008-12-12 16:11 65536 -c--a-w- c:\windows\system32\jdns_sd.dll
2008-12-12 16:11 . 2008-12-12 16:11 61440 -c--a-w- c:\windows\system32\dnssd.dll
2008-12-11 10:57 . 2008-05-02 03:05 333952 -c--a-w- c:\windows\system32\drivers\srv.sys
2008-12-05 06:54 . 2008-05-02 03:05 144896 -c--a-w- c:\windows\system32\schannel.dll
2008-10-30 01:43 . 2008-10-30 01:43 1204128 -c--a-w- c:\windows\system32\drivers\AGRSM.sys
2008-10-24 11:21 . 2008-05-02 03:05 455296 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 . 2008-05-02 03:05 286720 -c--a-w- c:\windows\system32\gdi32.dll
2008-10-16 19:13 . 2009-03-07 01:57 1809944 -c--a-w- c:\windows\system32\wuaueng.dll
2008-10-16 19:12 . 2009-03-07 01:57 202776 -c--a-w- c:\windows\system32\wuweb.dll
2008-10-16 19:12 . 2009-03-07 01:57 323608 -c--a-w- c:\windows\system32\wucltui.dll
2008-10-16 19:12 . 2009-03-07 01:57 561688 -c--a-w- c:\windows\system32\wuapi.dll
2008-10-16 19:12 . 2009-03-07 01:57 561688 -c--a-w- c:\windows\system32\wuapi(2)(2).dll
2008-10-16 19:09 . 2009-03-07 01:57 51224 -c----w- c:\windows\system32\wuauclt.exe
2008-10-16 19:09 . 2008-05-02 03:05 92696 -c--a-w- c:\windows\system32\cdm.dll
2008-10-16 19:08 . 2009-03-07 01:57 34328 -c--a-w- c:\windows\system32\wups.dll
2008-10-16 19:08 . 2009-03-07 01:57 34328 -c--a-w- c:\windows\system32\wups(2)(2).dll
2008-10-03 10:02 . 2008-05-02 03:05 247326 -c--a-w- c:\windows\system32\strmdll.dll
2008-09-30 20:43 . 2008-09-30 20:43 1286152 -c--a-w- c:\windows\system32\msxml4.dll
2008-09-26 20:13 . 2008-09-26 20:13 55816 -c--a-w- c:\windows\agrsmdel.exe
2008-09-12 10:44 . 2008-12-04 11:42 206256 -c--a-w- c:\windows\system32\idmmbc.dll
2008-09-10 01:14 . 2008-05-02 03:05 1307648 -c--a-w- c:\windows\system32\msxml6.dll
2008-09-06 04:29 . 2008-09-06 04:29 917032 -c--a-w- c:\windows\system32\WgaTray.exeold.exe
2008-09-04 17:15 . 2008-05-02 03:05 1106944 -c--a-w- c:\windows\system32\msxml3.dll
2008-08-26 19:32 . 2008-08-26 19:32 13824 -c--a-w- c:\windows\system32\agrscoin.dll
2008-08-14 10:04 . 2008-05-02 03:05 138496 -c--a-w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:26 . 2008-05-02 03:05 253952 -c----w- c:\windows\system32\es.dll
2008-06-24 23:12 . 2006-10-19 02:47 295936 -c----w- c:\windows\system32\wmpeffects.dll
2008-06-24 20:06 . 2008-06-24 20:06 972072 -c--a-w- c:\windows\UNNeroMediaHome.exe
2008-06-24 16:43 . 2008-05-02 03:05 74240 -c--a-w- c:\windows\system32\mscms.dll
2008-06-20 17:46 . 2008-05-02 03:05 245248 -c----w- c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2008-05-02 03:05 361600 -c----w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08 . 2008-05-02 03:05 225856 -c--a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-18 10:03 . 2008-05-02 03:05 938496 -c--a-w- c:\windows\system32\WMNetmgr.dll
2008-06-18 06:09 . 2008-05-02 03:05 100864 -c--a-w- c:\windows\system32\logagent.exe
2008-06-12 14:23 . 2009-03-07 01:55 956928 -c--a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23 . 2009-03-07 01:55 91648 -c--a-w- c:\windows\system32\mtxoci.dll
2008-06-12 14:23 . 2009-03-07 01:55 58880 -c--a-w- c:\windows\system32\msdtclog.dll
2008-06-12 14:23 . 2009-03-07 01:55 428032 -c--a-w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:23 . 2009-03-07 01:55 161792 -c--a-w- c:\windows\system32\msdtcuiu.dll
2008-06-12 14:23 . 2008-05-02 03:05 66560 -c--a-w- c:\windows\system32\mtxclu.dll
2008-06-08 13:37 . 2008-06-08 13:37 132904 -c--a-w- c:\windows\system32\drivers\imagesrv.sys
.

------- Sigcheck -------

[7] 2008-05-02 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-14 05:10 . E9113D940039B84BB9FE49C0BA67FAB8 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-04-24_17.16.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-01-06 07:09 . 2004-01-06 07:09 16384 c:\windows\temp\Perflib_Perfdata_1c8.dat
+ 2006-11-02 11:00 . 2006-11-02 11:00 24136 c:\windows\system32\winusb.dll
+ 2004-01-01 13:50 . 2008-04-14 10:42 23552 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\wdmaud.drv
+ 2004-01-01 13:50 . 2008-04-14 04:15 60032 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\USBAUDIO.sys
+ 2004-01-01 13:50 . 2008-04-14 04:15 49408 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\stream.sys
+ 2004-01-01 13:50 . 2008-04-14 04:15 60160 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\drmk.sys
+ 2008-05-02 03:05 . 2004-01-01 04:09 77316 c:\windows\system32\perfc009.dat
- 2008-05-02 03:05 . 2010-04-22 13:10 77316 c:\windows\system32\perfc009.dat
+ 2006-11-02 11:00 . 2006-11-02 11:00 39368 c:\windows\system32\drivers\winusb.sys
+ 2006-11-02 12:22 . 2008-03-27 20:27 35040 c:\windows\system32\drivers\wdfldr.sys
+ 2008-04-14 00:15 . 2008-04-14 05:15 49408 c:\windows\system32\drivers\stream.sys
- 2008-04-14 00:15 . 2008-04-14 04:15 49408 c:\windows\system32\drivers\stream.sys
+ 2009-03-07 02:21 . 2008-04-14 05:15 60160 c:\windows\system32\drivers\drmk.sys
- 2009-03-07 02:21 . 2008-04-14 04:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2008-04-14 00:15 . 2008-04-14 05:15 49408 c:\windows\system32\dllcache\stream.sys
- 2008-04-14 00:15 . 2008-04-14 04:15 49408 c:\windows\system32\dllcache\stream.sys
+ 2009-03-07 02:21 . 2008-04-14 05:15 60160 c:\windows\system32\dllcache\drmk.sys
- 2009-03-07 02:21 . 2008-04-14 04:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2004-01-01 13:50 . 2008-04-14 09:41 4096 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\ksuser.dll
+ 2009-03-07 02:21 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser.dll
- 2009-03-07 02:21 . 2008-04-14 09:41 4096 c:\windows\system32\ksuser.dll
+ 2009-03-07 02:21 . 2008-04-14 10:41 4096 c:\windows\system32\dllcache\ksuser.dll
- 2009-03-07 02:21 . 2008-04-14 09:41 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2004-01-01 13:50 . 2008-04-14 04:49 146048 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\portcls.sys
+ 2004-01-01 13:50 . 2008-04-14 04:46 141056 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\ks.sys
+ 2008-05-02 03:05 . 2004-01-01 04:09 473296 c:\windows\system32\perfh009.dat
- 2008-05-02 03:05 . 2010-04-22 13:10 473296 c:\windows\system32\perfh009.dat
- 2010-04-18 13:34 . 2009-11-09 17:56 158600 c:\windows\system32\DRVSTORE\MAudioFast_05C7CD81B60E923B0D53011E91B8DD83902B13E7\MAudioFastTrackPro.sys
+ 2004-01-01 13:50 . 2009-11-09 18:56 158600 c:\windows\system32\DRVSTORE\MAudioFast_05C7CD81B60E923B0D53011E91B8DD83902B13E7\MAudioFastTrackPro.sys
+ 2006-11-02 12:22 . 2008-03-27 20:27 503008 c:\windows\system32\drivers\wdf01000.sys
+ 2009-03-07 02:21 . 2008-04-14 05:49 146048 c:\windows\system32\drivers\portcls.sys
- 2009-03-07 02:21 . 2008-04-14 04:49 146048 c:\windows\system32\drivers\portcls.sys
- 2008-04-14 00:46 . 2008-04-14 04:46 141056 c:\windows\system32\drivers\ks.sys
+ 2008-04-14 00:46 . 2008-04-14 05:46 141056 c:\windows\system32\drivers\ks.sys
- 2009-03-07 02:21 . 2008-04-14 04:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2009-03-07 02:21 . 2008-04-14 05:49 146048 c:\windows\system32\dllcache\portcls.sys
- 2008-04-14 00:46 . 2008-04-14 04:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2008-04-14 00:46 . 2008-04-14 05:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2004-01-05 12:43 . 2004-01-05 12:43 1094656 c:\windows\Installer\5334ec.msi
+ 2004-01-01 13:50 . 2004-01-01 13:50 1397760 c:\windows\Installer\1a9872d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 303104]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 643592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 -c--a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 -c--a-w- c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-05-02 03:05 27648 -c--a-w- c:\windows\system32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-05-02 03:05 15360 -c----w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 -c--a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-MU USB Audio Control Panel]
2007-11-26 19:03 274432 -c----w- c:\program files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2009-08-03 14:33 1626112 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 -c--a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2008-12-05 01:23 2745776 -c--a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06 1840424 -c--a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 08:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-01-07 21:07 429392 -c--a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-05-01 19:35 185640 -c--a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 -c----w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2009-03-05 04:44 1074352 -c--a-w- c:\program files\My Lockbox\mylbx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 13:31 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 13:53 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 -c--a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01 86016 -c--a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01 1630208 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-16 12:56 236016 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
2009-03-15 20:43 44832 -c--a-w- c:\program files\Sonique\SQStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Tracktion 3\\Tracktion.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/19/2010 12:12 AM 16384]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [3/15/2009 1:12 AM 43792]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/26/2009 8:10 PM 40560]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [6/7/2008 1:54 PM 84752]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [4/3/2009 4:01 AM 1680704]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [11/26/2007 2:10 PM 20992]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [3/15/2009 1:12 AM 73344]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/8/2009 7:38 PM 236368]
R2 NetBurnerService;Net Burner iSCSI Service;c:\program files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe [6/7/2008 1:54 PM 223248]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [5/3/2009 10:52 PM 33792]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [1/1/2004 8:50 AM 158600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/8/2009 7:38 PM 19160]
R3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [3/16/2009 7:58 PM 65794]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [4/10/2009 9:26 AM 127496]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 12:49 PM 284016]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [11/26/2007 2:14 PM 163352]
S3 SliceDisk5;SliceDisk5;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\slicedisk.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\slicedisk.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [4/22/2010 7:45 PM 16896]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/16/2009 5:47 PM 721904]
.
Contents of the 'Scheduled Tasks' folder

2004-01-05 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Administrator.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-09 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2004-01-06 02:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d8,7f,6c,0e,55,06,b5,10,b4,04,9a,39,b2,5d,1f,2e,d6,02,1f,bf,ec,
2e,ae,f7,be,5a,78,b4,25,18,53,d2,b6,67,fa,bd,8c,4b,a5,c4,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c204474a-cecf-41db-a1ce-9d8ca5632bd0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cb
"Therad"=dword:00000015
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2004-01-06 02:21:11 - machine was rebooted
ComboFix-quarantined-files.txt 2004-01-06 07:21
ComboFix2.txt 2004-01-06 06:38
ComboFix3.txt 2010-04-24 17:22
ComboFix4.txt 2010-02-20 06:34
ComboFix5.txt 2004-01-06 06:54

Pre-Run: 2,225,795,072 bytes free
Post-Run: 2,221,236,224 bytes free

- - End Of File - - 3E497F79D922DF03ECC7DBC27928C4E6


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:05 PM

Posted 14 May 2010 - 02:30 PM

Hello again, thats one stubborn rootkit!
  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start
  3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  4. You must enter which Windows installation to log onto. Type 1 and press enter.
  5. At the C:\Windows prompt, type the following bolded text, and press Enter:

    cd system32\drivers

    ren atapi.sys atapi.vir

    copy c:\windows\system32\dllcache\atapi.sys atapi.sys


  6. The command should then show 1 file(s) copied.
  7. At the next prompt type the following bolded text, and press Enter:

    exit
Windows will now begin loading.

When done, please rerun Combofix and post me the log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 goodie2010

goodie2010
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 14 May 2010 - 03:03 PM

After I click windows recovery it says NTLDR compressed.

#15 goodie2010

goodie2010
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 14 May 2010 - 03:12 PM

i just did a search on ntldr compressed (ctrl alt del) and i don't have xp cd anymore, also i've read some horror stories on people having to reinstall there windows, getting blank screens, etc.... Is there any way I can get rid of this rootkit without this process? thanks for your help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users