Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: goodie2010 on May 14, 2010, 02:53:08 PM

Title: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 14, 2010, 02:53:08 PM

Good day, a couple of days ago my computer started acting a little different. I was trying to login to myspace and it never loads. Other sites were giving me some message about certificate. I can't log into gmail, paypal, etc...I ran malwarebytes and nothing came up. I ran spybot and it found 1 registry thing and it deleted, i just ran bitdefender and it found 1, its called ATAPI.SYS

On another note my documents and pictures folders are all out of wack. Meaning, when I click date created, or modified, it still arranges files in some other way, its not by name, size, type, etc....I can save a document right now and it'll be out of place, the setting i have is by date created, but its not putting files in that order. My clock changed, I keep getting a message about my yahoo toolbar certificate wont be until may 2009 or something.

I ran ccleaner, superantispyware, and malwarebytes, nothing found.

here's my hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:43:38 AM, on 1/5/2004
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\fsproflt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\OTL_2.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236394652509
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\WINDOWS\system32\emaudsv.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 8440 bytes

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 14, 2010, 02:57:58 PM

ComboFix 10-05-13.04 - Administrator 01/06/2004 2:00.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2681 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\My Documents\Downloads\Programs\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
((((((((((((((((((((((((( Files Created from 2003-12-06 to 2004-01-06 )))))))))))))))))))))))))))))))
.

2010-05-03 21:47 . 2008-03-21 17:57 14640 -c----w- c:\windows\system32\spmsgXP_2k3.dll
2010-05-03 13:39 . 2010-05-03 13:39 581192 -c--a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-05-03 13:39 . 2010-05-03 13:39 1112288 -c--a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-05-03 11:14 . 2010-05-03 11:39 -------- dc----w- C:\N1
2010-05-03 11:11 . 2010-02-09 15:36 -------- dc----w- C:\android-sdk-windows
2010-05-03 10:35 . 2010-01-07 16:42 96256 -c--a-w- C:\AdbWinApi.dll
2010-05-03 10:35 . 2010-01-07 16:42 60928 -c--a-w- C:\AdbWinUsbApi.dll
2010-05-03 10:35 . 2010-01-07 16:42 2530671 -c--a-w- C:\adb.exe
2010-05-03 10:35 . 2010-01-07 16:42 994279 -c--a-w- C:\fastboot.exe
2010-05-03 10:24 . 2010-05-04 14:01 -------- dc----w- C:\superboot
2010-05-03 10:05 . 2010-05-03 11:09 -------- dc----w- c:\documents and settings\Administrator\.android
2010-05-03 09:46 . 2010-01-04 00:22 -------- dc----w- C:\fastboot
2010-04-26 10:33 . 2006-11-02 20:39 90112 -c--a-w- c:\windows\system32\stacsv.exe
2010-04-24 16:31 . 2010-04-24 17:15 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\wgfhrgevm
2010-04-23 01:57 . 2002-01-05 15:16 737280 -c--a-w- c:\windows\system32\msvcp70d.dll
2010-04-23 01:57 . 2002-01-05 15:16 536576 -c--a-w- c:\windows\system32\msvcr70d.dll
2010-04-23 01:00 . 2010-04-23 01:03 -------- dc----w- c:\program files\Common Files\KORG
2010-04-23 01:00 . 2010-04-23 01:00 -------- dc----w- c:\program files\KORG
2010-04-23 00:45 . 2002-11-25 09:46 16896 -c--a-w- c:\windows\system32\drivers\synasUSB.sys
2010-04-23 00:45 . 2009-05-19 20:21 86016 -c--a-w- c:\windows\system32\SYNSOPOS.exe
2010-04-22 13:38 . 2010-04-22 13:38 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\eLicenser
2010-04-22 13:34 . 2010-04-22 13:34 -------- dc----w- c:\program files\Cakewalk
2010-04-22 13:34 . 2010-04-22 13:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Cakewalk
2010-04-22 12:38 . 2010-04-22 12:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\documents and settings\Administrator\Application Data\Audio Ease
2010-04-22 12:20 . 2007-09-12 16:51 491520 -c--a-w- c:\windows\system32\libencdec.dll
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\program files\Audio Ease
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Audio Ease
2010-04-22 10:51 . 2010-04-22 10:51 2892 -c--a-w- c:\windows\system32\audcon.sys
2010-04-22 10:51 . 2010-04-22 10:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Syncrosoft
2010-04-22 10:49 . 2010-04-22 14:13 -------- dc----w- c:\documents and settings\All Users\Application Data\eLicenser
2010-04-22 10:49 . 2010-04-24 15:48 -------- dc----w- c:\program files\eLicenser
2010-04-22 10:48 . 2009-09-09 22:56 163840 -c--a-w- c:\windows\system32\ArtFfct.dll
2010-04-22 10:48 . 2010-04-23 02:01 -------- dc----w- c:\program files\Arturia
2010-04-22 10:48 . 2010-04-22 13:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Arturia
2010-04-22 10:45 . 2010-04-22 10:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}
2010-04-22 10:29 . 2010-04-22 12:57 -------- dc----w- c:\program files\Native Instruments
2010-04-22 10:21 . 2010-04-22 10:21 -------- dc----w- c:\documents and settings\All Users\Application Data\Temporary
2010-04-22 10:20 . 2010-04-22 10:20 -------- dc----w- c:\program files\Common Files\Celemony
2010-04-22 10:20 . 2010-04-22 10:20 -------- dc----w- c:\program files\Celemony
2010-04-22 10:13 . 2003-06-20 16:28 1777664 -c--a-w- c:\windows\system32\gdiplus.dll
2010-04-22 10:11 . 2010-04-22 10:11 -------- dc----w- c:\documents and settings\nexus
2010-04-22 10:07 . 2010-04-22 10:07 -------- dc----w- c:\program files\Image-Line
2010-04-21 09:09 . 2010-04-21 09:10 -------- dc----w- c:\program files\ConvertHelper
2010-04-21 09:07 . 2010-04-21 09:10 -------- dc----w- c:\documents and settings\Administrator\dwhelper
2010-04-19 05:28 . 2010-04-19 05:37 -------- dc----w- c:\documents and settings\Administrator\Application Data\Digidesign
2010-04-19 05:28 . 2010-04-19 05:28 -------- dc----w- C:\Digidesign Databases
2010-04-19 05:12 . 2006-12-09 02:50 16384 -c--a-w- c:\windows\system32\drivers\DigiFilt.sys
2010-04-19 05:10 . 2002-01-05 09:48 974848 -c--a-w- c:\windows\system32\mfc70.dll
2010-04-19 05:10 . 2001-06-27 14:13 217088 -c--a-w- c:\windows\system32\qtmlClient.dll
2010-04-19 05:10 . 2007-09-05 15:43 630784 -c----w- c:\windows\system32\ilinet.dll
2010-04-19 05:10 . 2007-10-31 07:16 3683014 -c--a-w- c:\windows\system32\DirectIO.dll
2010-04-19 05:10 . 2007-10-31 04:36 15872 -c--a-w- c:\windows\system32\digicoin.dll
2010-04-19 05:10 . 2007-10-31 04:03 659456 -c--a-w- c:\windows\system32\DSI.dll
2010-04-19 05:10 . 2007-10-31 04:03 1362460 -c--a-w- c:\windows\system32\ExpansionHD_Firmware.bin
2010-04-19 05:10 . 2007-10-31 03:03 270336 -c--a-w- c:\windows\system32\DigiPlatformSupport.dll
2010-04-19 05:10 . 2006-12-09 03:21 90112 -c--a-w- c:\windows\system32\WinMMFix.dll
2010-04-18 22:35 . 2010-04-18 22:35 69632 -c--a-w- c:\windows\system32\com.fxpansion.fxshared.dll
2010-04-18 13:36 . 2008-04-14 04:15 60032 -c--a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-04-18 13:36 . 2008-04-14 04:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-04-17 10:34 . 2010-04-19 05:17 -------- dc----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-04-17 10:34 . 2010-04-17 10:34 -------- dc----w- c:\program files\Common Files\PACE Anti-Piracy
2010-03-04 02:00 . 2010-04-19 05:28 -------- dc-ha-w- c:\documents and settings\Administrator\Local Settings\Application Data\7v7mN9FuX
2010-02-20 06:41 . 2004-01-01 15:13 -------- dc----w- c:\documents and settings\Administrator\Application Data\QuickScan
2010-01-24 12:01 . 2010-01-24 12:01 -------- dc----w- c:\program files\LUXONIX
2010-01-24 11:01 . 2010-04-23 01:12 16 -c--a-w- c:\windows\msocreg32.dat
2010-01-24 11:00 . 2010-01-24 11:01 -------- dc----w- c:\program files\Sonik Synth 2
2010-01-24 01:43 . 2010-04-22 12:28 -------- dc----w- c:\program files\Common Files\Native Instruments
2010-01-24 01:43 . 2010-04-22 10:33 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Native Instruments
2010-01-24 01:43 . 2010-01-24 01:43 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2010-01-24 01:30 . 2010-01-24 01:30 -------- dc----w- c:\program files\Smart Projects
2010-01-23 23:05 . 2010-01-23 23:05 -------- dc----w- c:\windows\vocoder
2010-01-23 22:56 . 2010-04-23 01:22 -------- dc----w- c:\documents and settings\Administrator\Application Data\Antares
2010-01-23 22:56 . 2010-04-23 01:22 -------- dc----w- c:\program files\Antares Audio Technologies
2010-01-08 23:59 . 2000-01-19 00:45 401484 -c--a-w- c:\windows\system32\Msvcrtd.dll
2010-01-08 23:59 . 2010-01-09 00:01 -------- dc----w- c:\program files\FXpansion DR-008 v1.21
2010-01-08 04:49 . 2010-04-19 05:10 -------- dc----w- c:\program files\Digidesign
2010-01-08 04:49 . 2010-01-24 10:18 -------- dc----w- c:\program files\Garritan Personal Orchestra
2010-01-08 04:07 . 2010-01-08 04:07 -------- dc----w- c:\program files\Alcohol Soft
2010-01-08 03:48 . 2009-10-12 02:58 1177600 -c--a-w- c:\windows\system32\SYNSOEMU.DLL
2010-01-08 03:47 . 2010-01-08 03:47 -------- dc----w- c:\program files\rgcaudio software
2010-01-08 03:46 . 2010-04-18 22:35 69632 -c--a-w- c:\windows\system32\FxShared.dll
2010-01-08 03:46 . 2010-04-18 22:44 -------- dc----w- c:\program files\FXpansion
2010-01-08 03:45 . 2010-04-19 05:28 -------- dc----w- c:\documents and settings\Administrator\Application Data\FXpansion
2010-01-05 01:32 . 2010-01-05 01:32 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Spectrasonics
2010-01-03 21:51 . 2010-01-03 21:51 -------- dc----w- c:\program files\Trend Micro
2010-01-03 14:00 . 2010-04-19 05:10 -------- dc----w- c:\program files\Common Files\Digidesign
2010-01-03 14:00 . 2010-01-03 14:30 -------- dc----w- c:\program files\Spectrasonics
2009-12-27 02:14 . 2009-12-27 02:14 -------- dc----w- c:\program files\Seagate
2009-12-27 02:14 . 2009-12-27 02:14 -------- dc----w- c:\documents and settings\All Users\Application Data\Seagate
2009-12-27 02:13 . 2009-12-27 02:13 -------- dcsh--w- c:\windows\ftpcache
2009-12-27 02:09 . 2009-12-27 02:09 -------- dc----w- c:\documents and settings\Administrator\Application Data\Leadertech
2009-12-09 00:38 . 2009-12-09 00:38 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-09 00:38 . 2010-01-07 21:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 00:38 . 2009-12-09 00:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-09 00:38 . 2010-02-12 23:15 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 00:38 . 2010-01-07 21:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 23:15 . 2010-02-18 16:55 -------- dc----w- c:\program files\Ask.com
2009-11-22 23:14 . 2009-11-22 23:15 -------- dc----w- c:\program files\Common Files\DVDVideoSoft
2009-11-22 23:14 . 2009-11-22 23:14 -------- dc----w- c:\program files\DVDVideoSoft
2009-11-13 22:33 . 2010-04-19 05:17 -------- dc----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy
2009-11-13 22:33 . 2009-11-13 22:33 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy
2009-11-13 22:17 . 2009-11-13 22:17 -------- dc----w- c:\documents and settings\All Users\Application Data\Line 6
2009-11-13 22:17 . 2006-03-29 19:11 233472 -c--a-w- c:\windows\system32\REX Shared Library.dll
2009-11-13 22:17 . 2009-11-13 22:17 406528 -c--a-w- c:\windows\system32\ReWire.dll
2009-11-13 22:16 . 2009-11-13 22:16 -------- dc----w- c:\program files\CodeMeter
2009-11-12 02:43 . 2009-11-12 02:43 -------- dc----w- C:\spoolerlogs
2009-11-11 08:52 . 2009-11-11 08:52 -------- dc----w- c:\documents and settings\All Users\Application Data\kds_kodak
2009-11-10 10:33 . 2009-11-10 10:33 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-09 18:56 . 2009-11-09 18:56 643592 -c--a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2009-11-09 18:56 . 2009-11-09 18:56 32776 -c--a-w- c:\windows\system32\mausbasio.dll
2009-11-09 18:56 . 2009-11-09 18:56 2526185 -c--a-w- c:\windows\system32\madiousb.dll
2009-11-07 14:56 . 2009-11-07 14:56 -------- dc----w- c:\documents and settings\All Users\Application Data\Eastman Kodak Company
2009-11-07 14:53 . 2009-11-07 14:53 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eastman_Kodak_Company
2009-11-07 14:52 . 2009-11-07 15:04 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eastman Kodak Company
2009-11-07 14:52 . 2009-11-07 14:52 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\KODAK
2009-11-07 14:52 . 2009-11-07 14:52 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
2009-11-07 14:50 . 2009-08-03 14:33 192512 -c--a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2009-11-07 14:50 . 2009-08-03 14:33 405504 -c--a-w- c:\windows\system32\EKIJ5000MON.dll
2009-11-07 14:49 . 2009-11-07 14:52 -------- dc----w- c:\program files\Kodak
2009-11-07 11:04 . 2009-11-07 11:04 -------- dc----w- c:\program files\Bonjour
2009-11-07 11:04 . 2009-11-07 11:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-07 11:03 . 2009-11-07 14:48 -------- dc----w- c:\documents and settings\Administrator\Application Data\Temp
2009-11-07 10:58 . 2010-01-03 21:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Kodak
2009-11-07 10:57 . 2009-11-07 14:50 -------- dc----w- c:\windows\system32\kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 21:48 . 2010-05-03 21:48 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-05-03 21:47 . 2010-05-03 21:47 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-24 16:37 . 2010-04-24 16:37 0 -c--a-w- c:\documents and settings\Administrator\ntuser.tmp
2010-04-22 10:20 . 2009-03-07 02:21 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-01-08 23:59 . 2009-05-04 03:56 -------- dc----w- c:\program files\Steinberg
2010-01-08 02:49 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-11-09 18:56 . 2004-01-01 13:50 158600 -c--a-w- c:\windows\system32\drivers\MAudioFastTrackPro.sys
2009-08-22 18:11 . 2001-12-11 12:17 414272 -c--a-w- c:\windows\system32\DivXc32.dll
2009-08-22 18:11 . 2001-11-27 00:19 414272 -c--a-w- c:\windows\system32\DivXc32f.dll
2009-08-22 18:11 . 2001-12-08 20:20 33280 -c--a-w- c:\windows\system32\HUFFYUV.DLL
2009-06-16 14:36 . 2008-05-02 03:05 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-05-02 03:05 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2008-05-02 03:05 1291264 -c--a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2008-05-02 03:05 345600 -c--a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2008-05-02 03:05 827392 -c----w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-05-02 03:05 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-04-24 01:33 . 2009-03-07 02:21 -------- dc----w- c:\program files\Common Files\InstallShield
2009-04-17 12:26 . 2008-05-02 03:05 1847168 -c--a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-05-02 03:05 585216 -c--a-w- c:\windows\system32\rpcrt4.dll
2009-03-24 23:16 . 2009-03-22 10:32 -------- dc----w- c:\program files\ffdshow
2009-03-24 23:16 . 2009-03-22 10:32 -------- dc----w- c:\program files\AC3Filter
2009-03-24 23:16 . 2009-03-22 12:36 -------- dc----w- c:\program files\IrfanView
2009-03-24 23:16 . 2009-03-24 23:16 -------- dc----w- c:\program files\SigmaTel
2009-03-24 23:16 . 2009-03-22 22:11 -------- dc----w- c:\program files\GoldWave 5.20
2009-03-24 23:16 . 2009-03-23 22:58 -------- dc----w- c:\program files\IDT(2)
2009-03-24 23:13 . 2009-03-24 23:13 -------- dc----w- c:\program files\MSXML 4.0
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\program files\DAEMON Tools Lite
2009-03-24 09:34 . 2009-03-22 22:02 5072 -c--a-w- c:\windows\system32\drivers\sthdae.log
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-07 02:47 . 2009-03-07 01:58 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-07 01:59 . 2009-03-07 01:59 -------- dc----w- c:\program files\microsoft frontpage
2009-03-07 01:56 . 2009-03-07 01:56 21640 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-03-06 15:57 . 2009-03-06 15:57 83448 -c--a-w- c:\windows\system32\CddbLangJA.dll
2009-03-06 15:57 . 2009-03-06 15:57 808440 -c--a-w- c:\windows\system32\CDDBUI.dll
2009-03-06 15:57 . 2009-03-06 15:57 796152 -c--a-w- c:\windows\system32\CDDBControl.dll
2009-03-06 15:57 . 2009-03-06 15:57 108024 -c--a-w- c:\windows\system32\CddbLangIT.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangNL.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangFR.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangES.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangDE.dll
2009-03-06 14:22 . 2008-05-02 03:05 284160 -c--a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2008-05-02 03:05 729088 -c--a-w- c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2009-03-07 01:55 453120 -c--a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10 . 2009-03-07 01:54 473600 -c--a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10 . 2008-05-02 03:05 714752 -c--a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-05-02 03:05 617472 -c--a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-05-02 03:05 401408 -c----w- c:\windows\system32\rpcss.dll
2009-02-06 11:11 . 2008-05-02 03:05 110592 -c----w- c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-05-02 03:05 2145280 -c----w- c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-05-02 03:05 35328 -c--a-w- c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 -c----w- c:\windows\system32\ntkrnlpa.exe
2009-02-06 10:10 . 2009-03-07 01:55 227840 -c--a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-02-03 19:59 . 2008-05-02 03:05 56832 -c--a-w- c:\windows\system32\secur32.dll
2008-12-16 12:30 . 2008-05-02 03:05 354304 -c--a-w- c:\windows\system32\winhttp.dll
2008-12-12 16:18 . 2008-12-12 16:18 87336 -c--a-w- c:\windows\system32\dns-sd.exe
2008-12-12 16:11 . 2008-12-12 16:11 65536 -c--a-w- c:\windows\system32\jdns_sd.dll
2008-12-12 16:11 . 2008-12-12 16:11 61440 -c--a-w- c:\windows\system32\dnssd.dll
2008-12-11 10:57 . 2008-05-02 03:05 333952 -c--a-w- c:\windows\system32\drivers\srv.sys
2008-12-05 06:54 . 2008-05-02 03:05 144896 -c--a-w- c:\windows\system32\schannel.dll
2008-10-30 01:43 . 2008-10-30 01:43 1204128 -c--a-w- c:\windows\system32\drivers\AGRSM.sys
2008-10-24 11:21 . 2008-05-02 03:05 455296 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 . 2008-05-02 03:05 286720 -c--a-w- c:\windows\system32\gdi32.dll
2008-10-16 19:13 . 2009-03-07 01:57 1809944 -c--a-w- c:\windows\system32\wuaueng.dll
2008-10-16 19:12 . 2009-03-07 01:57 202776 -c--a-w- c:\windows\system32\wuweb.dll
2008-10-16 19:12 . 2009-03-07 01:57 323608 -c--a-w- c:\windows\system32\wucltui.dll
2008-10-16 19:12 . 2009-03-07 01:57 561688 -c--a-w- c:\windows\system32\wuapi.dll
2008-10-16 19:12 . 2009-03-07 01:57 561688 -c--a-w- c:\windows\system32\wuapi(2)(2).dll
2008-10-16 19:09 . 2009-03-07 01:57 51224 -c----w- c:\windows\system32\wuauclt.exe
2008-10-16 19:09 . 2008-05-02 03:05 92696 -c--a-w- c:\windows\system32\cdm.dll
2008-10-16 19:08 . 2009-03-07 01:57 34328 -c--a-w- c:\windows\system32\wups.dll
2008-10-16 19:08 . 2009-03-07 01:57 34328 -c--a-w- c:\windows\system32\wups(2)(2).dll
2008-10-03 10:02 . 2008-05-02 03:05 247326 -c--a-w- c:\windows\system32\strmdll.dll
2008-09-30 20:43 . 2008-09-30 20:43 1286152 -c--a-w- c:\windows\system32\msxml4.dll
2008-09-26 20:13 . 2008-09-26 20:13 55816 -c--a-w- c:\windows\agrsmdel.exe
2008-09-12 10:44 . 2008-12-04 11:42 206256 -c--a-w- c:\windows\system32\idmmbc.dll
2008-09-10 01:14 . 2008-05-02 03:05 1307648 -c--a-w- c:\windows\system32\msxml6.dll
2008-09-06 04:29 . 2008-09-06 04:29 917032 -c--a-w- c:\windows\system32\WgaTray.exeold.exe
2008-09-04 17:15 . 2008-05-02 03:05 1106944 -c--a-w- c:\windows\system32\msxml3.dll
2008-08-26 19:32 . 2008-08-26 19:32 13824 -c--a-w- c:\windows\system32\agrscoin.dll
2008-08-14 10:04 . 2008-05-02 03:05 138496 -c--a-w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:26 . 2008-05-02 03:05 253952 -c----w- c:\windows\system32\es.dll
2008-06-24 23:12 . 2006-10-19 02:47 295936 -c----w- c:\windows\system32\wmpeffects.dll
2008-06-24 20:06 . 2008-06-24 20:06 972072 -c--a-w- c:\windows\UNNeroMediaHome.exe
2008-06-24 16:43 . 2008-05-02 03:05 74240 -c--a-w- c:\windows\system32\mscms.dll
2008-06-20 17:46 . 2008-05-02 03:05 245248 -c----w- c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2008-05-02 03:05 361600 -c----w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08 . 2008-05-02 03:05 225856 -c--a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-18 10:03 . 2008-05-02 03:05 938496 -c--a-w- c:\windows\system32\WMNetmgr.dll
2008-06-18 06:09 . 2008-05-02 03:05 100864 -c--a-w- c:\windows\system32\logagent.exe
2008-06-12 14:23 . 2009-03-07 01:55 956928 -c--a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23 . 2009-03-07 01:55 91648 -c--a-w- c:\windows\system32\mtxoci.dll
2008-06-12 14:23 . 2009-03-07 01:55 58880 -c--a-w- c:\windows\system32\msdtclog.dll
2008-06-12 14:23 . 2009-03-07 01:55 428032 -c--a-w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:23 . 2009-03-07 01:55 161792 -c--a-w- c:\windows\system32\msdtcuiu.dll
2008-06-12 14:23 . 2008-05-02 03:05 66560 -c--a-w- c:\windows\system32\mtxclu.dll
2008-06-08 13:37 . 2008-06-08 13:37 132904 -c--a-w- c:\windows\system32\drivers\imagesrv.sys
.

------- Sigcheck -------

[7] 2008-05-02 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-14 05:10 . E9113D940039B84BB9FE49C0BA67FAB8 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-04-24_17.16.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-01-06 07:09 . 2004-01-06 07:09 16384 c:\windows\temp\Perflib_Perfdata_1c8.dat
+ 2006-11-02 11:00 . 2006-11-02 11:00 24136 c:\windows\system32\winusb.dll
+ 2004-01-01 13:50 . 2008-04-14 10:42 23552 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\wdmaud.drv
+ 2004-01-01 13:50 . 2008-04-14 04:15 60032 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\USBAUDIO.sys
+ 2004-01-01 13:50 . 2008-04-14 04:15 49408 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\stream.sys
+ 2004-01-01 13:50 . 2008-04-14 04:15 60160 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\drmk.sys
+ 2008-05-02 03:05 . 2004-01-01 04:09 77316 c:\windows\system32\perfc009.dat
- 2008-05-02 03:05 . 2010-04-22 13:10 77316 c:\windows\system32\perfc009.dat
+ 2006-11-02 11:00 . 2006-11-02 11:00 39368 c:\windows\system32\drivers\winusb.sys
+ 2006-11-02 12:22 . 2008-03-27 20:27 35040 c:\windows\system32\drivers\wdfldr.sys
+ 2008-04-14 00:15 . 2008-04-14 05:15 49408 c:\windows\system32\drivers\stream.sys
- 2008-04-14 00:15 . 2008-04-14 04:15 49408 c:\windows\system32\drivers\stream.sys
+ 2009-03-07 02:21 . 2008-04-14 05:15 60160 c:\windows\system32\drivers\drmk.sys
- 2009-03-07 02:21 . 2008-04-14 04:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2008-04-14 00:15 . 2008-04-14 05:15 49408 c:\windows\system32\dllcache\stream.sys
- 2008-04-14 00:15 . 2008-04-14 04:15 49408 c:\windows\system32\dllcache\stream.sys
+ 2009-03-07 02:21 . 2008-04-14 05:15 60160 c:\windows\system32\dllcache\drmk.sys
- 2009-03-07 02:21 . 2008-04-14 04:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2004-01-01 13:50 . 2008-04-14 09:41 4096 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\ksuser.dll
+ 2009-03-07 02:21 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser.dll
- 2009-03-07 02:21 . 2008-04-14 09:41 4096 c:\windows\system32\ksuser.dll
+ 2009-03-07 02:21 . 2008-04-14 10:41 4096 c:\windows\system32\dllcache\ksuser.dll
- 2009-03-07 02:21 . 2008-04-14 09:41 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2004-01-01 13:50 . 2008-04-14 04:49 146048 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\portcls.sys
+ 2004-01-01 13:50 . 2008-04-14 04:46 141056 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\ks.sys
+ 2008-05-02 03:05 . 2004-01-01 04:09 473296 c:\windows\system32\perfh009.dat
- 2008-05-02 03:05 . 2010-04-22 13:10 473296 c:\windows\system32\perfh009.dat
- 2010-04-18 13:34 . 2009-11-09 17:56 158600 c:\windows\system32\DRVSTORE\MAudioFast_05C7CD81B60E923B0D53011E91B8DD83902B13E7\MAudioFastTrackPro.sys
+ 2004-01-01 13:50 . 2009-11-09 18:56 158600 c:\windows\system32\DRVSTORE\MAudioFast_05C7CD81B60E923B0D53011E91B8DD83902B13E7\MAudioFastTrackPro.sys
+ 2006-11-02 12:22 . 2008-03-27 20:27 503008 c:\windows\system32\drivers\wdf01000.sys
+ 2009-03-07 02:21 . 2008-04-14 05:49 146048 c:\windows\system32\drivers\portcls.sys
- 2009-03-07 02:21 . 2008-04-14 04:49 146048 c:\windows\system32\drivers\portcls.sys
- 2008-04-14 00:46 . 2008-04-14 04:46 141056 c:\windows\system32\drivers\ks.sys
+ 2008-04-14 00:46 . 2008-04-14 05:46 141056 c:\windows\system32\drivers\ks.sys
- 2009-03-07 02:21 . 2008-04-14 04:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2009-03-07 02:21 . 2008-04-14 05:49 146048 c:\windows\system32\dllcache\portcls.sys
- 2008-04-14 00:46 . 2008-04-14 04:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2008-04-14 00:46 . 2008-04-14 05:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2004-01-05 12:43 . 2004-01-05 12:43 1094656 c:\windows\Installer\5334ec.msi
+ 2004-01-01 13:50 . 2004-01-01 13:50 1397760 c:\windows\Installer\1a9872d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 303104]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 643592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 -c--a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 -c--a-w- c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-05-02 03:05 27648 -c--a-w- c:\windows\system32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-05-02 03:05 15360 -c----w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 -c--a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-MU USB Audio Control Panel]
2007-11-26 19:03 274432 -c----w- c:\program files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2009-08-03 14:33 1626112 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 -c--a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2008-12-05 01:23 2745776 -c--a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06 1840424 -c--a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 08:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-01-07 21:07 429392 -c--a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-05-01 19:35 185640 -c--a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 -c----w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2009-03-05 04:44 1074352 -c--a-w- c:\program files\My Lockbox\mylbx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 13:31 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 13:53 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 -c--a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01 86016 -c--a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01 1630208 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-16 12:56 236016 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
2009-03-15 20:43 44832 -c--a-w- c:\program files\Sonique\SQStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Tracktion 3\\Tracktion.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/19/2010 12:12 AM 16384]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [3/15/2009 1:12 AM 43792]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/26/2009 8:10 PM 40560]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [6/7/2008 1:54 PM 84752]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [4/3/2009 4:01 AM 1680704]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [11/26/2007 2:10 PM 20992]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [3/15/2009 1:12 AM 73344]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/8/2009 7:38 PM 236368]
R2 NetBurnerService;Net Burner iSCSI Service;c:\program files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe [6/7/2008 1:54 PM 223248]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [5/3/2009 10:52 PM 33792]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [1/1/2004 8:50 AM 158600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/8/2009 7:38 PM 19160]
R3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [3/16/2009 7:58 PM 65794]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [4/10/2009 9:26 AM 127496]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 12:49 PM 284016]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [11/26/2007 2:14 PM 163352]
S3 SliceDisk5;SliceDisk5;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\slicedisk.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\slicedisk.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [4/22/2010 7:45 PM 16896]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/16/2009 5:47 PM 721904]
.
Contents of the 'Scheduled Tasks' folder

2004-01-05 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Administrator.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-09 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2004-01-06 02:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d8,7f,6c,0e,55,06,b5,10,b4,04,9a,39,b2,5d,1f,2e,d6,02,1f,bf,ec,
2e,ae,f7,be,5a,78,b4,25,18,53,d2,b6,67,fa,bd,8c,4b,a5,c4,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c204474a-cecf-41db-a1ce-9d8ca5632bd0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cb
"Therad"=dword:00000015
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2004-01-06 02:21:11 - machine was rebooted
ComboFix-quarantined-files.txt 2004-01-06 07:21
ComboFix2.txt 2004-01-06 06:38
ComboFix3.txt 2010-04-24 17:22
ComboFix4.txt 2010-02-20 06:34
ComboFix5.txt 2004-01-06 06:54

Pre-Run: 2,225,795,072 bytes free
Post-Run: 2,221,236,224 bytes free

- - End Of File - - 3E497F79D922DF03ECC7DBC27928C4E6

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 14, 2010, 03:45:34 PM

Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your desktop.

* Right click on the file and choose extract all extract the file to your desktop then run it.
* Once completed it will create a log in your C:\ drive with a name similar to 'TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt'.
* Please post the contents of that log.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 14, 2010, 03:54:14 PM

thanks for your response, i did a search and had previously found that tdsskiller, in the first run i found atapi.sys, i rebooted but my clock is still off, i still can't login in to gmail, myspace, paypal, and my folders are still out of wack. So I assume the tdss didn't get rid of atapi? but this second run it didn't list it, so i don't know.

here was the first log, when it found atapi.sys

04:51:45:093 0948   TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
04:51:45:093 0948   ================================================================================
04:51:45:093 0948   SystemInfo:

04:51:45:093 0948   OS Version: 5.1.2600 ServicePack: 3.0
04:51:45:093 0948   Product type: Workstation
04:51:45:093 0948   ComputerName: CS-B883B7E3273E
04:51:45:093 0948   UserName: Administrator
04:51:45:093 0948   Windows directory: C:\WINDOWS
04:51:45:093 0948   Processor architecture: Intel x86
04:51:45:093 0948   Number of processors: 2
04:51:45:093 0948   Page size: 0x1000
04:51:45:093 0948   Boot type: Normal boot
04:51:45:093 0948   ================================================================================
04:51:45:093 0948   UnloadDriverW: NtUnloadDriver error 2
04:51:45:093 0948   ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
04:51:45:125 0948   wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
04:51:45:125 0948   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
04:51:45:125 0948   wfopen_ex: Trying to KLMD file open
04:51:45:125 0948   wfopen_ex: File opened ok (Flags 2)
04:51:45:125 0948   wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
04:51:45:125 0948   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
04:51:45:125 0948   wfopen_ex: Trying to KLMD file open
04:51:45:125 0948   wfopen_ex: File opened ok (Flags 2)
04:51:45:125 0948   Initialize success
04:51:45:125 0948
04:51:45:125 0948   Scanning   Services ...
04:51:45:812 0948   Raw services enum returned 365 services
04:51:45:812 0948
04:51:45:828 0948   Scanning   Kernel memory ...
04:51:45:828 0948   Devices to scan: 14
04:51:45:828 0948
04:51:45:828 0948   Driver Name: Disk
04:51:45:828 0948   IRP_MJ_CREATE : BA90EBB0
04:51:45:828 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:828 0948   IRP_MJ_CLOSE : BA90EBB0
04:51:45:828 0948   IRP_MJ_READ : BA908D1F
04:51:45:828 0948   IRP_MJ_WRITE : BA908D1F
04:51:45:828 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:828 0948   IRP_MJ_FLUSH_BUFFERS : BA9092E2
04:51:45:828 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_DEVICE_CONTROL : BA9093BB
04:51:45:828 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
04:51:45:828 0948   IRP_MJ_SHUTDOWN : BA9092E2
04:51:45:828 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:828 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_POWER : BA90AC82
04:51:45:828 0948   IRP_MJ_SYSTEM_CONTROL : BA90F99E
04:51:45:828 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:828 0948   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
04:51:45:828 0948
04:51:45:828 0948   Driver Name: Disk
04:51:45:828 0948   IRP_MJ_CREATE : BA90EBB0
04:51:45:828 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:828 0948   IRP_MJ_CLOSE : BA90EBB0
04:51:45:828 0948   IRP_MJ_READ : BA908D1F
04:51:45:828 0948   IRP_MJ_WRITE : BA908D1F
04:51:45:828 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:828 0948   IRP_MJ_FLUSH_BUFFERS : BA9092E2
04:51:45:828 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_DEVICE_CONTROL : BA9093BB
04:51:45:828 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
04:51:45:828 0948   IRP_MJ_SHUTDOWN : BA9092E2
04:51:45:828 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:828 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_POWER : BA90AC82
04:51:45:828 0948   IRP_MJ_SYSTEM_CONTROL : BA90F99E
04:51:45:828 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:828 0948   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
04:51:45:828 0948
04:51:45:828 0948   Driver Name: Disk
04:51:45:828 0948   IRP_MJ_CREATE : BA90EBB0
04:51:45:828 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:828 0948   IRP_MJ_CLOSE : BA90EBB0
04:51:45:828 0948   IRP_MJ_READ : BA908D1F
04:51:45:828 0948   IRP_MJ_WRITE : BA908D1F
04:51:45:828 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:828 0948   IRP_MJ_FLUSH_BUFFERS : BA9092E2
04:51:45:828 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_DEVICE_CONTROL : BA9093BB
04:51:45:828 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
04:51:45:828 0948   IRP_MJ_SHUTDOWN : BA9092E2
04:51:45:828 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:828 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_POWER : BA90AC82
04:51:45:828 0948   IRP_MJ_SYSTEM_CONTROL : BA90F99E
04:51:45:828 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:828 0948   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
04:51:45:828 0948
04:51:45:828 0948   Driver Name: Disk
04:51:45:828 0948   IRP_MJ_CREATE : BA90EBB0
04:51:45:828 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:828 0948   IRP_MJ_CLOSE : BA90EBB0
04:51:45:828 0948   IRP_MJ_READ : BA908D1F
04:51:45:828 0948   IRP_MJ_WRITE : BA908D1F
04:51:45:828 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:828 0948   IRP_MJ_FLUSH_BUFFERS : BA9092E2
04:51:45:828 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_DEVICE_CONTROL : BA9093BB
04:51:45:828 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
04:51:45:828 0948   IRP_MJ_SHUTDOWN : BA9092E2
04:51:45:828 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:828 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_POWER : BA90AC82
04:51:45:828 0948   IRP_MJ_SYSTEM_CONTROL : BA90F99E
04:51:45:828 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:828 0948   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
04:51:45:828 0948
04:51:45:828 0948   Driver Name: Disk
04:51:45:828 0948   IRP_MJ_CREATE : BA90EBB0
04:51:45:828 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:828 0948   IRP_MJ_CLOSE : BA90EBB0
04:51:45:828 0948   IRP_MJ_READ : BA908D1F
04:51:45:828 0948   IRP_MJ_WRITE : BA908D1F
04:51:45:828 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:828 0948   IRP_MJ_FLUSH_BUFFERS : BA9092E2
04:51:45:828 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_DEVICE_CONTROL : BA9093BB
04:51:45:828 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
04:51:45:828 0948   IRP_MJ_SHUTDOWN : BA9092E2
04:51:45:828 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:828 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_POWER : BA90AC82
04:51:45:828 0948   IRP_MJ_SYSTEM_CONTROL : BA90F99E
04:51:45:828 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:828 0948   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
04:51:45:828 0948
04:51:45:828 0948   Driver Name: usbstor
04:51:45:828 0948   IRP_MJ_CREATE : BABA5218
04:51:45:828 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:828 0948   IRP_MJ_CLOSE : BABA5218
04:51:45:828 0948   IRP_MJ_READ : BABA523C
04:51:45:828 0948   IRP_MJ_WRITE : BABA523C
04:51:45:828 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:828 0948   IRP_MJ_FLUSH_BUFFERS : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:828 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_DEVICE_CONTROL : BABA5180
04:51:45:828 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BABA09E6
04:51:45:828 0948   IRP_MJ_SHUTDOWN : 804F4562
04:51:45:828 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:828 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:828 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:828 0948   IRP_MJ_POWER : BABA45F0
04:51:45:828 0948   IRP_MJ_SYSTEM_CONTROL : BABA2A6E
04:51:45:828 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:828 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:828 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:843 0948   C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
04:51:45:843 0948
04:51:45:843 0948   Driver Name: usbstor
04:51:45:843 0948   IRP_MJ_CREATE : BABA5218
04:51:45:843 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:843 0948   IRP_MJ_CLOSE : BABA5218
04:51:45:843 0948   IRP_MJ_READ : BABA523C
04:51:45:843 0948   IRP_MJ_WRITE : BABA523C
04:51:45:843 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:843 0948   IRP_MJ_FLUSH_BUFFERS : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_DEVICE_CONTROL : BABA5180
04:51:45:843 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BABA09E6
04:51:45:843 0948   IRP_MJ_SHUTDOWN : 804F4562
04:51:45:843 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:843 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_POWER : BABA45F0
04:51:45:843 0948   IRP_MJ_SYSTEM_CONTROL : BABA2A6E
04:51:45:843 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:843 0948   C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
04:51:45:843 0948
04:51:45:843 0948   Driver Name: usbstor
04:51:45:843 0948   IRP_MJ_CREATE : BABA5218
04:51:45:843 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:843 0948   IRP_MJ_CLOSE : BABA5218
04:51:45:843 0948   IRP_MJ_READ : BABA523C
04:51:45:843 0948   IRP_MJ_WRITE : BABA523C
04:51:45:843 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:843 0948   IRP_MJ_FLUSH_BUFFERS : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_DEVICE_CONTROL : BABA5180
04:51:45:843 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BABA09E6
04:51:45:843 0948   IRP_MJ_SHUTDOWN : 804F4562
04:51:45:843 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:843 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_POWER : BABA45F0
04:51:45:843 0948   IRP_MJ_SYSTEM_CONTROL : BABA2A6E
04:51:45:843 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:843 0948   C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
04:51:45:843 0948
04:51:45:843 0948   Driver Name: usbstor
04:51:45:843 0948   IRP_MJ_CREATE : BABA5218
04:51:45:843 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:843 0948   IRP_MJ_CLOSE : BABA5218
04:51:45:843 0948   IRP_MJ_READ : BABA523C
04:51:45:843 0948   IRP_MJ_WRITE : BABA523C
04:51:45:843 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:843 0948   IRP_MJ_FLUSH_BUFFERS : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_DEVICE_CONTROL : BABA5180
04:51:45:843 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BABA09E6
04:51:45:843 0948   IRP_MJ_SHUTDOWN : 804F4562
04:51:45:843 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:843 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_POWER : BABA45F0
04:51:45:843 0948   IRP_MJ_SYSTEM_CONTROL : BABA2A6E
04:51:45:843 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:843 0948   C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
04:51:45:843 0948
04:51:45:843 0948   Driver Name: usbstor
04:51:45:843 0948   IRP_MJ_CREATE : BABA5218
04:51:45:843 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:843 0948   IRP_MJ_CLOSE : BABA5218
04:51:45:843 0948   IRP_MJ_READ : BABA523C
04:51:45:843 0948   IRP_MJ_WRITE : BABA523C
04:51:45:843 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:843 0948   IRP_MJ_FLUSH_BUFFERS : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_DEVICE_CONTROL : BABA5180
04:51:45:843 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BABA09E6
04:51:45:843 0948   IRP_MJ_SHUTDOWN : 804F4562
04:51:45:843 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:843 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_POWER : BABA45F0
04:51:45:843 0948   IRP_MJ_SYSTEM_CONTROL : BABA2A6E
04:51:45:843 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:843 0948   C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
04:51:45:843 0948
04:51:45:843 0948   Driver Name: Disk
04:51:45:843 0948   IRP_MJ_CREATE : BA90EBB0
04:51:45:843 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:843 0948   IRP_MJ_CLOSE : BA90EBB0
04:51:45:843 0948   IRP_MJ_READ : BA908D1F
04:51:45:843 0948   IRP_MJ_WRITE : BA908D1F
04:51:45:843 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:843 0948   IRP_MJ_FLUSH_BUFFERS : BA9092E2
04:51:45:843 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_DEVICE_CONTROL : BA9093BB
04:51:45:843 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
04:51:45:843 0948   IRP_MJ_SHUTDOWN : BA9092E2
04:51:45:843 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:843 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_POWER : BA90AC82
04:51:45:843 0948   IRP_MJ_SYSTEM_CONTROL : BA90F99E
04:51:45:843 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:843 0948   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
04:51:45:843 0948
04:51:45:843 0948   Driver Name: Disk
04:51:45:843 0948   IRP_MJ_CREATE : BA90EBB0
04:51:45:843 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:843 0948   IRP_MJ_CLOSE : BA90EBB0
04:51:45:843 0948   IRP_MJ_READ : BA908D1F
04:51:45:843 0948   IRP_MJ_WRITE : BA908D1F
04:51:45:843 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:843 0948   IRP_MJ_FLUSH_BUFFERS : BA9092E2
04:51:45:843 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:843 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_DEVICE_CONTROL : BA9093BB
04:51:45:843 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
04:51:45:843 0948   IRP_MJ_SHUTDOWN : BA9092E2
04:51:45:843 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:843 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:843 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:843 0948   IRP_MJ_POWER : BA90AC82
04:51:45:843 0948   IRP_MJ_SYSTEM_CONTROL : BA90F99E
04:51:45:843 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:843 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:843 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:859 0948   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
04:51:45:859 0948
04:51:45:859 0948   Driver Name: atapi
04:51:45:859 0948   IRP_MJ_CREATE : BA7156F2
04:51:45:859 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:45:859 0948   IRP_MJ_CLOSE : BA7156F2
04:51:45:859 0948   IRP_MJ_READ : 804F4562
04:51:45:859 0948   IRP_MJ_WRITE : 804F4562
04:51:45:859 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:45:859 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:45:859 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:45:859 0948   IRP_MJ_SET_EA : 804F4562
04:51:45:859 0948   IRP_MJ_FLUSH_BUFFERS : 804F4562
04:51:45:859 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:45:859 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:45:859 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:45:859 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:45:859 0948   IRP_MJ_DEVICE_CONTROL : 846DA90A
04:51:45:859 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA711852
04:51:45:859 0948   IRP_MJ_SHUTDOWN : 804F4562
04:51:45:859 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:45:859 0948   IRP_MJ_CLEANUP : 804F4562
04:51:45:859 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:45:859 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:45:859 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:45:859 0948   IRP_MJ_POWER : BA71573C
04:51:45:859 0948   IRP_MJ_SYSTEM_CONTROL : BA71C336
04:51:45:859 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:45:859 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:45:859 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:45:859 0948   C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 2
04:51:45:859 0948   File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 04:51:45:859 0948   Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
04:51:45:859 0948   ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
04:51:46:718 0948   vfvi6
04:51:46:781 0948   !dsvbh1
04:51:47:156 0948   dsvbh2
04:51:47:156 0948   fdfb2
04:51:47:156 0948   Backup copy found, using it..
04:51:47:203 0948   will be cured on next reboot
04:51:47:203 0948
04:51:47:203 0948   Driver Name: atapi
04:51:47:203 0948   IRP_MJ_CREATE : BA7156F2
04:51:47:203 0948   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
04:51:47:203 0948   IRP_MJ_CLOSE : BA7156F2
04:51:47:203 0948   IRP_MJ_READ : 804F4562
04:51:47:203 0948   IRP_MJ_WRITE : 804F4562
04:51:47:203 0948   IRP_MJ_QUERY_INFORMATION : 804F4562
04:51:47:203 0948   IRP_MJ_SET_INFORMATION : 804F4562
04:51:47:203 0948   IRP_MJ_QUERY_EA : 804F4562
04:51:47:203 0948   IRP_MJ_SET_EA : 804F4562
04:51:47:203 0948   IRP_MJ_FLUSH_BUFFERS : 804F4562
04:51:47:203 0948   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
04:51:47:203 0948   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
04:51:47:203 0948   IRP_MJ_DIRECTORY_CONTROL : 804F4562
04:51:47:203 0948   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
04:51:47:203 0948   IRP_MJ_DEVICE_CONTROL : 846DA90A
04:51:47:203 0948   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA711852
04:51:47:203 0948   IRP_MJ_SHUTDOWN : 804F4562
04:51:47:203 0948   IRP_MJ_LOCK_CONTROL : 804F4562
04:51:47:203 0948   IRP_MJ_CLEANUP : 804F4562
04:51:47:203 0948   IRP_MJ_CREATE_MAILSLOT : 804F4562
04:51:47:203 0948   IRP_MJ_QUERY_SECURITY : 804F4562
04:51:47:203 0948   IRP_MJ_SET_SECURITY : 804F4562
04:51:47:203 0948   IRP_MJ_POWER : BA71573C
04:51:47:203 0948   IRP_MJ_SYSTEM_CONTROL : BA71C336
04:51:47:203 0948   IRP_MJ_DEVICE_CHANGE : 804F4562
04:51:47:203 0948   IRP_MJ_QUERY_QUOTA : 804F4562
04:51:47:203 0948   IRP_MJ_SET_QUOTA : 804F4562
04:51:47:203 0948   C:\WINDOWS\system32\drivers\tsk18.tmp - Verdict: 3
04:51:47:203 0948   Reboot required for cure complete..
04:51:47:218 0948   Cure on reboot scheduled successfully
04:51:47:218 0948
04:51:47:218 0948   Completed
04:51:47:218 0948
04:51:47:218 0948   Results:
04:51:47:218 0948   Memory objects infected / cured / cured on reboot:   0 / 0 / 0
04:51:47:218 0948   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
04:51:47:218 0948   File objects infected / cured / cured on reboot:   1 / 0 / 1
04:51:47:218 0948
04:51:47:218 0948   fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
04:51:47:218 0948   fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
04:51:47:218 0948   UnloadDriverW: NtUnloadDriver error 1
04:51:47:218 0948   KLMD(ARK) unloaded successfully

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 14, 2010, 03:54:50 PM

HERE is the second log, i just did when you responded.

05:56:00:953 3044   TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
05:56:00:953 3044   ================================================================================
05:56:00:953 3044   SystemInfo:

05:56:00:953 3044   OS Version: 5.1.2600 ServicePack: 3.0
05:56:00:953 3044   Product type: Workstation
05:56:00:953 3044   ComputerName: CS-B883B7E3273E
05:56:00:953 3044   UserName: Administrator
05:56:00:953 3044   Windows directory: C:\WINDOWS
05:56:00:953 3044   Processor architecture: Intel x86
05:56:00:953 3044   Number of processors: 2
05:56:00:953 3044   Page size: 0x1000
05:56:00:953 3044   Boot type: Normal boot
05:56:00:953 3044   ================================================================================
05:56:00:968 3044   UnloadDriverW: NtUnloadDriver error 2
05:56:00:968 3044   ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
05:56:00:984 3044   wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
05:56:00:984 3044   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
05:56:00:984 3044   wfopen_ex: Trying to KLMD file open
05:56:00:984 3044   wfopen_ex: File opened ok (Flags 2)
05:56:00:984 3044   wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
05:56:00:984 3044   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
05:56:00:984 3044   wfopen_ex: Trying to KLMD file open
05:56:00:984 3044   wfopen_ex: File opened ok (Flags 2)
05:56:00:984 3044   Initialize success
05:56:00:984 3044
05:56:00:984 3044   Scanning   Services ...
05:56:01:390 3044   Raw services enum returned 365 services
05:56:01:406 3044
05:56:01:406 3044   Scanning   Kernel memory ...
05:56:01:406 3044   Devices to scan: 14
05:56:01:406 3044
05:56:01:406 3044   Driver Name: Disk
05:56:01:406 3044   IRP_MJ_CREATE : BA90EBB0
05:56:01:406 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:406 3044   IRP_MJ_CLOSE : BA90EBB0
05:56:01:406 3044   IRP_MJ_READ : BA908D1F
05:56:01:406 3044   IRP_MJ_WRITE : BA908D1F
05:56:01:406 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:406 3044   IRP_MJ_FLUSH_BUFFERS : BA9092E2
05:56:01:406 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_DEVICE_CONTROL : BA9093BB
05:56:01:406 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
05:56:01:406 3044   IRP_MJ_SHUTDOWN : BA9092E2
05:56:01:406 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:406 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_POWER : BA90AC82
05:56:01:406 3044   IRP_MJ_SYSTEM_CONTROL : BA90F99E
05:56:01:406 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:406 3044   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:56:01:406 3044
05:56:01:406 3044   Driver Name: Disk
05:56:01:406 3044   IRP_MJ_CREATE : BA90EBB0
05:56:01:406 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:406 3044   IRP_MJ_CLOSE : BA90EBB0
05:56:01:406 3044   IRP_MJ_READ : BA908D1F
05:56:01:406 3044   IRP_MJ_WRITE : BA908D1F
05:56:01:406 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:406 3044   IRP_MJ_FLUSH_BUFFERS : BA9092E2
05:56:01:406 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_DEVICE_CONTROL : BA9093BB
05:56:01:406 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
05:56:01:406 3044   IRP_MJ_SHUTDOWN : BA9092E2
05:56:01:406 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:406 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_POWER : BA90AC82
05:56:01:406 3044   IRP_MJ_SYSTEM_CONTROL : BA90F99E
05:56:01:406 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:406 3044   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:56:01:406 3044
05:56:01:406 3044   Driver Name: Disk
05:56:01:406 3044   IRP_MJ_CREATE : BA90EBB0
05:56:01:406 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:406 3044   IRP_MJ_CLOSE : BA90EBB0
05:56:01:406 3044   IRP_MJ_READ : BA908D1F
05:56:01:406 3044   IRP_MJ_WRITE : BA908D1F
05:56:01:406 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:406 3044   IRP_MJ_FLUSH_BUFFERS : BA9092E2
05:56:01:406 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_DEVICE_CONTROL : BA9093BB
05:56:01:406 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
05:56:01:406 3044   IRP_MJ_SHUTDOWN : BA9092E2
05:56:01:406 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:406 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_POWER : BA90AC82
05:56:01:406 3044   IRP_MJ_SYSTEM_CONTROL : BA90F99E
05:56:01:406 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:406 3044   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:56:01:406 3044
05:56:01:406 3044   Driver Name: Disk
05:56:01:406 3044   IRP_MJ_CREATE : BA90EBB0
05:56:01:406 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:406 3044   IRP_MJ_CLOSE : BA90EBB0
05:56:01:406 3044   IRP_MJ_READ : BA908D1F
05:56:01:406 3044   IRP_MJ_WRITE : BA908D1F
05:56:01:406 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:406 3044   IRP_MJ_FLUSH_BUFFERS : BA9092E2
05:56:01:406 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_DEVICE_CONTROL : BA9093BB
05:56:01:406 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
05:56:01:406 3044   IRP_MJ_SHUTDOWN : BA9092E2
05:56:01:406 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:406 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_POWER : BA90AC82
05:56:01:406 3044   IRP_MJ_SYSTEM_CONTROL : BA90F99E
05:56:01:406 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:406 3044   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:56:01:406 3044
05:56:01:406 3044   Driver Name: Disk
05:56:01:406 3044   IRP_MJ_CREATE : BA90EBB0
05:56:01:406 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:406 3044   IRP_MJ_CLOSE : BA90EBB0
05:56:01:406 3044   IRP_MJ_READ : BA908D1F
05:56:01:406 3044   IRP_MJ_WRITE : BA908D1F
05:56:01:406 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:406 3044   IRP_MJ_FLUSH_BUFFERS : BA9092E2
05:56:01:406 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_DEVICE_CONTROL : BA9093BB
05:56:01:406 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
05:56:01:406 3044   IRP_MJ_SHUTDOWN : BA9092E2
05:56:01:406 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:406 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_POWER : BA90AC82
05:56:01:406 3044   IRP_MJ_SYSTEM_CONTROL : BA90F99E
05:56:01:406 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:406 3044   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:56:01:406 3044
05:56:01:406 3044   Driver Name: usbstor
05:56:01:406 3044   IRP_MJ_CREATE : B59AD218
05:56:01:406 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:406 3044   IRP_MJ_CLOSE : B59AD218
05:56:01:406 3044   IRP_MJ_READ : B59AD23C
05:56:01:406 3044   IRP_MJ_WRITE : B59AD23C
05:56:01:406 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:406 3044   IRP_MJ_FLUSH_BUFFERS : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:406 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_DEVICE_CONTROL : B59AD180
05:56:01:406 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : B59A89E6
05:56:01:406 3044   IRP_MJ_SHUTDOWN : 804F4562
05:56:01:406 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:406 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:406 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:406 3044   IRP_MJ_POWER : B59AC5F0
05:56:01:406 3044   IRP_MJ_SYSTEM_CONTROL : B59AAA6E
05:56:01:406 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:406 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:406 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:421 3044   C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
05:56:01:421 3044
05:56:01:421 3044   Driver Name: usbstor
05:56:01:421 3044   IRP_MJ_CREATE : B59AD218
05:56:01:421 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:421 3044   IRP_MJ_CLOSE : B59AD218
05:56:01:421 3044   IRP_MJ_READ : B59AD23C
05:56:01:421 3044   IRP_MJ_WRITE : B59AD23C
05:56:01:421 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:421 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:421 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:421 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:421 3044   IRP_MJ_FLUSH_BUFFERS : 804F4562
05:56:01:421 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:421 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:421 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:421 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:421 3044   IRP_MJ_DEVICE_CONTROL : B59AD180
05:56:01:421 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : B59A89E6
05:56:01:421 3044   IRP_MJ_SHUTDOWN : 804F4562
05:56:01:421 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:421 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:421 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:421 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:421 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:421 3044   IRP_MJ_POWER : B59AC5F0
05:56:01:421 3044   IRP_MJ_SYSTEM_CONTROL : B59AAA6E
05:56:01:421 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:421 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:421 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:421 3044   C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
05:56:01:421 3044
05:56:01:421 3044   Driver Name: usbstor
05:56:01:421 3044   IRP_MJ_CREATE : B59AD218
05:56:01:421 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:421 3044   IRP_MJ_CLOSE : B59AD218
05:56:01:421 3044   IRP_MJ_READ : B59AD23C
05:56:01:421 3044   IRP_MJ_WRITE : B59AD23C
05:56:01:421 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:421 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:421 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:421 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:421 3044   IRP_MJ_FLUSH_BUFFERS : 804F4562
05:56:01:421 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:421 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:421 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:421 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:421 3044   IRP_MJ_DEVICE_CONTROL : B59AD180
05:56:01:421 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : B59A89E6
05:56:01:421 3044   IRP_MJ_SHUTDOWN : 804F4562
05:56:01:421 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:421 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:421 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:421 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:421 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:421 3044   IRP_MJ_POWER : B59AC5F0
05:56:01:421 3044   IRP_MJ_SYSTEM_CONTROL : B59AAA6E
05:56:01:421 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:421 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:421 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:437 3044   C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
05:56:01:437 3044
05:56:01:437 3044   Driver Name: usbstor
05:56:01:437 3044   IRP_MJ_CREATE : B59AD218
05:56:01:437 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:437 3044   IRP_MJ_CLOSE : B59AD218
05:56:01:437 3044   IRP_MJ_READ : B59AD23C
05:56:01:437 3044   IRP_MJ_WRITE : B59AD23C
05:56:01:437 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:437 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:437 3044   IRP_MJ_FLUSH_BUFFERS : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_DEVICE_CONTROL : B59AD180
05:56:01:437 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : B59A89E6
05:56:01:437 3044   IRP_MJ_SHUTDOWN : 804F4562
05:56:01:437 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:437 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:437 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:437 3044   IRP_MJ_POWER : B59AC5F0
05:56:01:437 3044   IRP_MJ_SYSTEM_CONTROL : B59AAA6E
05:56:01:437 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:437 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:437 3044   C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
05:56:01:437 3044
05:56:01:437 3044   Driver Name: usbstor
05:56:01:437 3044   IRP_MJ_CREATE : B59AD218
05:56:01:437 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:437 3044   IRP_MJ_CLOSE : B59AD218
05:56:01:437 3044   IRP_MJ_READ : B59AD23C
05:56:01:437 3044   IRP_MJ_WRITE : B59AD23C
05:56:01:437 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:437 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:437 3044   IRP_MJ_FLUSH_BUFFERS : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_DEVICE_CONTROL : B59AD180
05:56:01:437 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : B59A89E6
05:56:01:437 3044   IRP_MJ_SHUTDOWN : 804F4562
05:56:01:437 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:437 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:437 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:437 3044   IRP_MJ_POWER : B59AC5F0
05:56:01:437 3044   IRP_MJ_SYSTEM_CONTROL : B59AAA6E
05:56:01:437 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:437 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:437 3044   C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
05:56:01:437 3044
05:56:01:437 3044   Driver Name: Disk
05:56:01:437 3044   IRP_MJ_CREATE : BA90EBB0
05:56:01:437 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:437 3044   IRP_MJ_CLOSE : BA90EBB0
05:56:01:437 3044   IRP_MJ_READ : BA908D1F
05:56:01:437 3044   IRP_MJ_WRITE : BA908D1F
05:56:01:437 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:437 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:437 3044   IRP_MJ_FLUSH_BUFFERS : BA9092E2
05:56:01:437 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_DEVICE_CONTROL : BA9093BB
05:56:01:437 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
05:56:01:437 3044   IRP_MJ_SHUTDOWN : BA9092E2
05:56:01:437 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:437 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:437 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:437 3044   IRP_MJ_POWER : BA90AC82
05:56:01:437 3044   IRP_MJ_SYSTEM_CONTROL : BA90F99E
05:56:01:437 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:437 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:437 3044   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:56:01:437 3044
05:56:01:437 3044   Driver Name: Disk
05:56:01:437 3044   IRP_MJ_CREATE : BA90EBB0
05:56:01:437 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:437 3044   IRP_MJ_CLOSE : BA90EBB0
05:56:01:437 3044   IRP_MJ_READ : BA908D1F
05:56:01:437 3044   IRP_MJ_WRITE : BA908D1F
05:56:01:437 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:437 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:437 3044   IRP_MJ_FLUSH_BUFFERS : BA9092E2
05:56:01:437 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_DEVICE_CONTROL : BA9093BB
05:56:01:437 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
05:56:01:437 3044   IRP_MJ_SHUTDOWN : BA9092E2
05:56:01:437 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:437 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:437 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:437 3044   IRP_MJ_POWER : BA90AC82
05:56:01:437 3044   IRP_MJ_SYSTEM_CONTROL : BA90F99E
05:56:01:437 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:437 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:437 3044   C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:56:01:437 3044
05:56:01:437 3044   Driver Name: atapi
05:56:01:437 3044   IRP_MJ_CREATE : BA7156F2
05:56:01:437 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:437 3044   IRP_MJ_CLOSE : BA7156F2
05:56:01:437 3044   IRP_MJ_READ : 804F4562
05:56:01:437 3044   IRP_MJ_WRITE : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:437 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:437 3044   IRP_MJ_FLUSH_BUFFERS : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:437 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_DEVICE_CONTROL : BA715712
05:56:01:437 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA711852
05:56:01:437 3044   IRP_MJ_SHUTDOWN : 804F4562
05:56:01:437 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:437 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:437 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:437 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:437 3044   IRP_MJ_POWER : BA71573C
05:56:01:437 3044   IRP_MJ_SYSTEM_CONTROL : BA71C336
05:56:01:437 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:437 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:437 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:453 3044   C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
05:56:01:453 3044
05:56:01:453 3044   Driver Name: atapi
05:56:01:453 3044   IRP_MJ_CREATE : BA7156F2
05:56:01:453 3044   IRP_MJ_CREATE_NAMED_PIPE : 804F4562
05:56:01:453 3044   IRP_MJ_CLOSE : BA7156F2
05:56:01:453 3044   IRP_MJ_READ : 804F4562
05:56:01:453 3044   IRP_MJ_WRITE : 804F4562
05:56:01:453 3044   IRP_MJ_QUERY_INFORMATION : 804F4562
05:56:01:453 3044   IRP_MJ_SET_INFORMATION : 804F4562
05:56:01:453 3044   IRP_MJ_QUERY_EA : 804F4562
05:56:01:453 3044   IRP_MJ_SET_EA : 804F4562
05:56:01:453 3044   IRP_MJ_FLUSH_BUFFERS : 804F4562
05:56:01:453 3044   IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
05:56:01:453 3044   IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
05:56:01:453 3044   IRP_MJ_DIRECTORY_CONTROL : 804F4562
05:56:01:453 3044   IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
05:56:01:453 3044   IRP_MJ_DEVICE_CONTROL : BA715712
05:56:01:453 3044   IRP_MJ_INTERNAL_DEVICE_CONTROL : BA711852
05:56:01:453 3044   IRP_MJ_SHUTDOWN : 804F4562
05:56:01:453 3044   IRP_MJ_LOCK_CONTROL : 804F4562
05:56:01:453 3044   IRP_MJ_CLEANUP : 804F4562
05:56:01:453 3044   IRP_MJ_CREATE_MAILSLOT : 804F4562
05:56:01:453 3044   IRP_MJ_QUERY_SECURITY : 804F4562
05:56:01:453 3044   IRP_MJ_SET_SECURITY : 804F4562
05:56:01:453 3044   IRP_MJ_POWER : BA71573C
05:56:01:453 3044   IRP_MJ_SYSTEM_CONTROL : BA71C336
05:56:01:453 3044   IRP_MJ_DEVICE_CHANGE : 804F4562
05:56:01:453 3044   IRP_MJ_QUERY_QUOTA : 804F4562
05:56:01:453 3044   IRP_MJ_SET_QUOTA : 804F4562
05:56:01:453 3044   C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
05:56:01:453 3044
05:56:01:453 3044   Completed
05:56:01:453 3044
05:56:01:453 3044   Results:
05:56:01:453 3044   Memory objects infected / cured / cured on reboot:   0 / 0 / 0
05:56:01:453 3044   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
05:56:01:453 3044   File objects infected / cured / cured on reboot:   0 / 0 / 0
05:56:01:453 3044
05:56:01:453 3044   fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
05:56:01:453 3044   fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
05:56:01:453 3044   KLMD(ARK) unloaded successfully

thanks

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 14, 2010, 03:58:38 PM

Open Malwarebytes' Anti-Malware.

* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Download DDS from |HERE| (http://download.bleepingcomputer.com/sUBs/dds.scr) or |HERE| (http://www.forospyware.com/sUBs/dds) and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 14, 2010, 04:21:30 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/6/2004 6:23:55 AM
mbam-log-2004-01-06 (06-23-55).txt

Scan type: Quick scan
Objects scanned: 115643
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\o.dat (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 14, 2010, 04:23:35 PM

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 6:29:12.15 on Tue 01/06/2004
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2311 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\fsproflt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\My Documents\Downloads\dds(4).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236394652509
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\l8r50sm9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\administrator\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2010-4-19 16384]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-3-15 43792]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-8-26 40560]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [2008-6-7 84752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2009-4-3 1680704]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2007-11-26 20992]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-3-15 73344]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-8 304464]
R2 NetBurnerService;Net Burner iSCSI Service;c:\program files\paragon software\drive backup 9 professional\net burner service\NetBurnerService.exe [2008-6-7 223248]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-5-3 33792]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [2004-1-1 158600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-8 20952]
R3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [2009-3-16 65794]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-4-10 127496]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [2007-11-26 163352]
S3 SliceDisk5;SliceDisk5;\??\c:\docume~1\admini~1\locals~1\temp\slicedisk.sys --> c:\docume~1\admini~1\locals~1\temp\slicedisk.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasusb.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]

=============== Created Last 30 ================

2010-05-03 21:48:23   0   -c-ha-w-   c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-05-03 21:47:43   0   -c-ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-03 21:47:39   14640   -c----w-   c:\windows\system32\spmsgXP_2k3.dll
2010-05-03 13:39:10   581192   -c--a-w-   c:\windows\system32\WinUSBCoInstaller.dll
2010-05-03 13:39:10   1112288   -c--a-w-   c:\windows\system32\WdfCoInstaller01007.dll
2010-05-03 11:14:02   0   dc----w-   C:\N1
2010-05-03 11:11:17   0   dc----w-   C:\android-sdk-windows
2010-05-03 10:35:14   994279   -c--a-w-   C:\fastboot.exe
2010-05-03 10:35:14   96256   -c--a-w-   C:\AdbWinApi.dll
2010-05-03 10:35:14   60928   -c--a-w-   C:\AdbWinUsbApi.dll
2010-05-03 10:35:14   2530671   -c--a-w-   C:\adb.exe
2010-05-03 10:24:33   0   dc----w-   C:\superboot
2010-05-03 10:05:03   0   dc----w-   c:\documents and settings\administrator\.android
2010-05-03 09:46:35   0   dc----w-   C:\fastboot
2010-04-26 10:33:19   90112   -c--a-w-   c:\windows\system32\stacsv.exe
2010-04-24 17:00:03   98816   -c--a-w-   c:\windows\sed.exe
2010-04-24 17:00:03   77312   -c--a-w-   c:\windows\MBR.exe
2010-04-24 17:00:03   256512   -c--a-w-   c:\windows\PEV.exe
2010-04-24 17:00:03   161792   -c--a-w-   c:\windows\SWREG.exe
2010-04-24 16:37:34   0   -c--a-w-   c:\documents and settings\administrator\ntuser.tmp
2010-04-23 01:57:50   737280   -c--a-w-   c:\windows\system32\msvcp70d.dll
2010-04-23 01:57:50   536576   -c--a-w-   c:\windows\system32\msvcr70d.dll
2010-04-23 01:00:38   0   dc----w-   c:\program files\KORG
2010-04-23 01:00:38   0   dc----w-   c:\program files\common files\KORG
2010-04-23 00:45:17   147425   -c--a-w-   c:\windows\system32\SYNSOACC-Aide.chm
2010-04-23 00:45:17   120468   -c--a-w-   c:\windows\system32\SYNSOACC-Hilfe.chm
2010-04-23 00:45:17   114279   -c--a-w-   c:\windows\system32\SYNSOACC-Help.chm
2010-04-23 00:45:07   86016   -c--a-w-   c:\windows\system32\SYNSOPOS.exe
2010-04-22 14:28:37   3090   -c--a-w-   c:\documents and settings\administrator\trk.ens
2010-04-22 13:34:49   0   dc----w-   c:\program files\Cakewalk
2010-04-22 13:34:49   0   dc----w-   c:\docume~1\alluse~1\applic~1\Cakewalk
2010-04-22 12:38:51   0   dc-h--w-   c:\docume~1\alluse~1\applic~1\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-04-22 12:20:37   491520   -c--a-w-   c:\windows\system32\libencdec.dll
2010-04-22 12:20:37   0   dc----w-   c:\docume~1\admini~1\applic~1\Audio Ease
2010-04-22 12:20:33   0   dc----w-   c:\program files\Audio Ease
2010-04-22 12:20:33   0   dc----w-   c:\docume~1\alluse~1\applic~1\Audio Ease
2010-04-22 10:51:25   2892   -c--a-w-   c:\windows\system32\audcon.sys
2010-04-22 10:51:24   0   dc----w-   c:\docume~1\alluse~1\applic~1\Syncrosoft
2010-04-22 10:49:22   0   dc----w-   c:\docume~1\alluse~1\applic~1\eLicenser
2010-04-22 10:49:20   0   dc----w-   c:\program files\eLicenser
2010-04-22 10:48:59   45   -c--a-w-   c:\windows\system32\SYNSOPOS.exe.cfg
2010-04-22 10:48:14   163840   -c--a-w-   c:\windows\system32\ArtFfct.dll
2010-04-22 10:48:06   0   dc----w-   c:\program files\Arturia
2010-04-22 10:48:06   0   dc----w-   c:\docume~1\alluse~1\applic~1\Arturia
2010-04-22 10:45:51   0   dc-h--w-   c:\docume~1\alluse~1\applic~1\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}
2010-04-22 10:29:13   0   dc----w-   c:\program files\Native Instruments
2010-04-22 10:21:08   0   dc----w-   c:\docume~1\alluse~1\applic~1\Temporary
2010-04-22 10:20:34   0   dc----w-   c:\program files\common files\Celemony
2010-04-22 10:20:13   0   dc----w-   c:\program files\Celemony
2010-04-22 10:13:40   1777664   -c--a-w-   c:\windows\system32\gdiplus.dll
2010-04-22 10:07:33   0   dc----w-   c:\program files\Image-Line
2010-04-21 09:09:59   0   dc----w-   c:\program files\ConvertHelper
2010-04-21 09:07:49   0   dc----w-   c:\documents and settings\administrator\dwhelper
2010-04-19 05:28:36   0   dc----w-   c:\docume~1\admini~1\applic~1\Digidesign
2010-04-19 05:28:09   0   dc----w-   C:\Digidesign Databases
2010-04-19 05:12:00   16384   -c--a-w-   c:\windows\system32\drivers\DigiFilt.sys
2010-04-19 05:10:29   974848   -c--a-w-   c:\windows\system32\mfc70.dll
2010-04-19 05:10:29   217088   -c--a-w-   c:\windows\system32\qtmlClient.dll
2010-04-19 05:10:27   630784   -c----w-   c:\windows\system32\ilinet.dll
2010-04-19 05:10:19   90112   -c--a-w-   c:\windows\system32\WinMMFix.dll
2010-04-19 05:10:19   659456   -c--a-w-   c:\windows\system32\DSI.dll
2010-04-19 05:10:19   3683014   -c--a-w-   c:\windows\system32\DirectIO.dll
2010-04-19 05:10:19   270336   -c--a-w-   c:\windows\system32\DigiPlatformSupport.dll
2010-04-19 05:10:19   15872   -c--a-w-   c:\windows\system32\digicoin.dll
2010-04-19 05:10:19   1362460   -c--a-w-   c:\windows\system32\ExpansionHD_Firmware.bin
2010-04-18 22:35:48   69632   -c--a-w-   c:\windows\system32\com.fxpansion.fxshared.dll
2010-04-18 13:36:32   60032   -c--a-w-   c:\windows\system32\drivers\USBAUDIO.sys
2010-04-18 13:36:32   60032   -c--a-w-   c:\windows\system32\dllcache\usbaudio.sys
2010-04-17 10:34:26   0   dc----w-   c:\program files\common files\PACE Anti-Piracy
2010-04-17 10:34:26   0   dc----w-   c:\docume~1\alluse~1\applic~1\PACE Anti-Piracy
2010-04-04 05:08:41   122   -c--a-w-   c:\windows\msmmdx9.ini
2010-02-20 06:41:34   0   dc----w-   c:\docume~1\admini~1\applic~1\QuickScan
2010-02-13 00:35:09   0   dcsha-r-   C:\cmdcons
2010-01-24 12:01:40   0   dc----w-   c:\program files\LUXONIX
2010-01-24 11:01:13   16   -c--a-w-   c:\windows\system32\w3data.vss
2010-01-24 11:01:13   16   -c--a-w-   c:\windows\msocreg32.dat
2010-01-24 11:00:38   0   dc----w-   c:\program files\Sonik Synth 2
2010-01-24 01:43:40   0   dc----w-   c:\program files\common files\Native Instruments
2010-01-24 01:43:11   0   dc-h--w-   c:\docume~1\alluse~1\applic~1\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2010-01-23 23:05:05   0   dc----w-   c:\windows\vocoder
2010-01-23 22:56:04   0   dc----w-   c:\docume~1\admini~1\applic~1\Antares
2010-01-23 22:56:03   0   dc----w-   c:\program files\Antares Audio Technologies
2010-01-08 23:59:59   401484   -c--a-w-   c:\windows\system32\Msvcrtd.dll
2010-01-08 23:59:57   0   dc----w-   c:\program files\FXpansion DR-008 v1.21
2010-01-08 05:31:20   471   -c--a-w-   c:\windows\system32\Datei4
2010-01-08 05:31:20   471   -c--a-w-   c:\windows\system32\Datei2
2010-01-08 05:31:20   470   -c--a-w-   c:\windows\system32\Datei3
2010-01-08 05:31:20   470   -c--a-w-   c:\windows\system32\Datei1
2010-01-08 05:31:20   469   -c--a-w-   c:\windows\system32\Datei7
2010-01-08 05:31:20   469   -c--a-w-   c:\windows\system32\Datei5
2010-01-08 05:31:20   468   -c--a-w-   c:\windows\system32\Datei0
2010-01-08 05:31:20   467   -c--a-w-   c:\windows\system32\Datei9
2010-01-08 05:31:20   467   -c--a-w-   c:\windows\system32\Datei8
2010-01-08 05:31:20   467   -c--a-w-   c:\windows\system32\Datei10
2010-01-08 05:31:20   465   -c--a-w-   c:\windows\system32\Datei6
2010-01-08 04:49:03   0   dc----w-   c:\program files\Digidesign
2010-01-08 04:49:00   0   dc----w-   c:\program files\Garritan Personal Orchestra
2010-01-08 04:07:52   0   dc----w-   c:\program files\Alcohol Soft
2010-01-08 03:48:52   1177600   -c--a-w-   c:\windows\system32\SYNSOEMU.DLL
2010-01-08 03:47:26   0   dc----w-   c:\program files\rgcaudio software
2010-01-08 03:46:36   69632   -c--a-w-   c:\windows\system32\FxShared.dll
2010-01-08 03:46:08   0   dc----w-   c:\program files\FXpansion
2010-01-08 03:45:41   0   dc----w-   c:\docume~1\admini~1\applic~1\FXpansion
2010-01-03 21:51:22   0   dc----w-   c:\program files\Trend Micro
2010-01-03 14:00:50   0   dc----w-   c:\program files\common files\Digidesign
2010-01-03 14:00:38   0   dc----w-   c:\program files\Spectrasonics
2009-12-27 02:14:42   0   dc----w-   c:\program files\Seagate
2009-12-27 02:14:42   0   dc----w-   c:\docume~1\alluse~1\applic~1\Seagate
2009-12-27 02:13:35   0   dcsh--w-   c:\windows\ftpcache
2009-12-09 00:38:35   0   dc----w-   c:\docume~1\admini~1\applic~1\Malwarebytes
2009-12-09 00:38:29   38224   -c--a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 00:38:28   0   dc----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-09 00:38:26   20952   -c--a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-09 00:38:26   0   dc----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-22 23:15:42   0   dc----w-   c:\program files\Ask.com
2009-11-22 23:14:51   0   dc----w-   c:\program files\DVDVideoSoft
2009-11-22 23:14:51   0   dc----w-   c:\program files\common files\DVDVideoSoft
2009-11-13 22:33:02   0   dc----w-   c:\docume~1\admini~1\applic~1\PACE Anti-Piracy
2009-11-13 22:17:41   0   dc----w-   c:\docume~1\alluse~1\applic~1\Line 6
2009-11-13 22:17:36   233472   -c--a-w-   c:\windows\system32\REX Shared Library.dll
2009-11-13 22:17:35   406528   -c--a-w-   c:\windows\system32\ReWire.dll
2009-11-13 22:16:07   0   dc----w-   c:\program files\CodeMeter
2009-11-12 02:43:21   0   dc----w-   C:\spoolerlogs
2009-11-11 08:52:55   0   dc----w-   c:\docume~1\alluse~1\applic~1\kds_kodak
2009-11-10 10:33:46   0   dc----w-   c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-09 18:56:38   643592   -c--a-w-   c:\windows\system32\M-AudioTaskBarIcon.exe
2009-11-09 18:56:32   253448   -c--a-w-   c:\windows\system32\M-AudioFastTrackProControlPanelApplet.cpl
2009-11-09 18:56:24   32776   -c--a-w-   c:\windows\system32\mausbasio.dll
2009-11-09 18:56:04   2526185   -c--a-w-   c:\windows\system32\madiousb.dll
2009-11-07 14:56:11   0   dc----w-   c:\docume~1\alluse~1\applic~1\Eastman Kodak Company
2009-11-07 14:50:05   405504   -c--a-w-   c:\windows\system32\EKIJ5000MON.dll
2009-11-07 14:49:09   0   dc----w-   c:\program files\Kodak
2009-11-07 11:04:54   0   dc----w-   c:\program files\Bonjour
2009-11-07 11:03:07   0   dc----w-   c:\docume~1\admini~1\applic~1\Temp
2009-11-07 10:58:44   0   dc----w-   c:\docume~1\alluse~1\applic~1\Kodak
2009-11-07 10:57:41   0   dc----w-   c:\windows\system32\kodak
2009-11-07 10:57:36   87040   -c--a-w-   c:\windows\system32\wiafbdrv.dll
2009-11-07 10:57:36   87040   -c--a-w-   c:\windows\system32\dllcache\wiafbdrv.dll
2009-09-21 22:38:48   0   dc----w-   c:\program files\att-prt22
2009-09-21 22:38:37   0   dc----w-   c:\program files\ATT-PRT22-WISE
2009-09-13 16:16:07   0   dc----w-   c:\program files\Motorola Tools
2009-09-11 21:03:45   73728   -c--a-w-   c:\windows\system32\javacpl.cpl
2009-09-11 21:03:45   411368   -c--a-w-   c:\windows\system32\deploytk.dll
2009-09-08 21:59:17   0   dc----w-   c:\docume~1\alluse~1\applic~1\deletepart
2009-09-03 01:08:31   0   dc----w-   c:\program files\RAR Password Recovery Magic
2009-08-28 04:52:39   0   dc----w-   c:\program files\Spybot - Search & Destroy
2009-08-28 04:52:39   0   dc----w-   c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-27 01:17:45   0   dc----w-   c:\docume~1\alluse~1\applic~1\redistpart
2009-08-27 01:15:17   0   dc----w-   c:\docume~1\alluse~1\applic~1\createpart
2009-08-27 01:15:07   0   dc----w-   c:\docume~1\alluse~1\applic~1\explauncher
2009-08-27 01:15:05   0   dc----w-   c:\docume~1\alluse~1\applic~1\launcher
2009-08-27 01:10:27   40560   -c--a-w-   c:\windows\system32\drivers\hotcore3.sys
2009-08-27 01:10:00   0   dc----w-   c:\program files\Paragon Software
2009-08-27 00:07:59   0   d-----w-   C:\ubuntu
2009-08-22 18:11:39   0   dc----w-   c:\program files\DivXCodec
2009-08-22 18:11:24   0   dc----w-   c:\program files\GordianKnot
2009-08-16 14:43:47   50   -c--a-w-   c:\windows\MegaManager.INI
2009-08-15 00:41:23   0   dc----w-   c:\program files\Nuclear Coffee
2009-08-14 23:55:54   299008   -c--a-w-   c:\windows\system32\TubeFinder.exe
2009-08-14 23:55:52   84512   -c--a-w-   c:\windows\system32\PICCLP32.OCX
2009-08-14 23:55:52   364544   -c--a-w-   c:\windows\system32\PropertyGrid.ocx
2009-08-14 23:55:52   208500   -c--a-w-   c:\windows\system32\ReyXpBasics.tlb
2009-08-14 23:55:52   119568   -c--a-w-   c:\windows\system32\VB6FR.DLL
2009-08-14 23:55:52   101888   -c--a-w-   c:\windows\system32\VB6STKIT.DLL
2009-08-14 23:55:51   9728   -c--a-w-   c:\windows\system32\PCCLPFR.DLL
2009-08-14 23:55:51   32768   -c--a-w-   c:\windows\system32\CMDLGFR.DLL
2009-08-14 23:55:51   24576   -c--a-w-   c:\windows\system32\ControlSubX.ocx
2009-08-14 23:55:51   141312   -c--a-w-   c:\windows\system32\MSCMCFR.DLL
2009-08-14 23:55:51   0   dc----w-   c:\program files\Free FLV Converter
2009-08-14 02:23:37   37026568   -c--a-w-   C:\Absynth 5.exe
2009-08-08 16:20:00   0   dc----w-   c:\docume~1\admini~1\applic~1\Megaupload
2009-08-08 16:19:30   0   dc----w-   c:\program files\Megaupload
2009-07-31 19:57:00   126976   -c--a-w-   c:\windows\system32\EKIJCOINST05.dll
2009-07-25 19:40:34   0   dc----w-   c:\docume~1\alluse~1\applic~1\GoldWave
2009-06-12 16:58:06   0   dc----w-   c:\program files\common files\Wise Installation Wizard
2009-05-31 04:32:19   306688   -c--a-w-   c:\windows\IsUninst.exe
2009-05-30 11:59:59   0   dc----w-   c:\program files\Sony
2009-05-30 11:55:42   0   dc----w-   c:\program files\Sony Setup
2009-05-30 11:47:48   0   dc----w-   c:\docume~1\admini~1\applic~1\Tracktion 3
2009-05-30 11:47:36   0   dc----w-   c:\program files\Tracktion 3
2009-05-30 11:09:02   0   dc----w-   c:\docume~1\admini~1\applic~1\REAPER
2009-05-30 11:05:59   0   dc----w-   c:\program files\REAPER
2009-05-11 23:44:20   0   dc----w-   c:\program files\GoldWave5.51
2009-05-11 23:41:08   0   dc----w-   c:\docume~1\alluse~1\applic~1\Tracktion 3
2009-05-11 23:34:20   0   dc----w-   c:\docume~1\admini~1\applic~1\Thinstall
2009-05-10 03:56:48   0   dc----w-   c:\docume~1\alluse~1\applic~1\vsosdk
2009-05-10 03:05:26   47360   -c--a-w-   c:\windows\system32\drivers\pcouffin.sys
2009-05-10 03:05:20   102439   -c--a-w-   c:\windows\system32\sipr3260.dll
2009-05-10 03:05:19   65602   -c--a-w-   c:\windows\system32\cook3260.dll
2009-05-10 03:05:19   626688   -c--a-w-   c:\windows\system32\vp7vfw.dll
2009-05-10 03:05:19   217127   -c--a-w-   c:\windows\system32\drv43260.dll
2009-05-10 03:05:19   208935   -c--a-w-   c:\windows\system32\drv33260.dll
2009-05-10 03:05:19   176165   -c--a-w-   c:\windows\system32\drv23260.dll
2009-05-10 03:05:19   1184984   -c--a-w-   c:\windows\system32\wvc1dmod.dll
2009-05-10 03:05:17   0   dc----w-   c:\program files\VSO
2009-05-10 02:53:10   0   dc----w-   c:\program files\Combined Community Codec Pack
2009-05-10 02:51:56   77824   -c--a-w-   c:\windows\system32\xvid.ax
2009-05-10 02:51:56   774144   -c--a-w-   c:\windows\system32\xvidcore.dll
2009-05-10 02:51:56   180224   -c--a-w-   c:\windows\system32\xvidvfw.dll
2009-05-10 02:40:18   719872   -c--a-w-   c:\windows\system32\devil.dll
2009-05-10 02:40:18   196608   -c--a-w-   c:\windows\system32\avisynth.dll
2009-05-10 02:40:18   0   dc----w-   c:\program files\Kingdia Software

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 14, 2010, 04:24:02 PM

2009-05-09 11:02:52   0   dc----w-   c:\program files\Ares
2009-05-06 02:47:10   0   dc----w-   c:\program files\Yahoo!
2009-05-06 00:54:46   0   dc-h--w-   c:\windows\PIF
2009-05-04 04:01:18   0   dc----w-   c:\docume~1\admini~1\applic~1\Steinberg
2009-05-04 03:56:11   0   dc----w-   c:\program files\Steinberg
2009-05-04 03:52:33   33792   -c--a-w-   c:\windows\system32\drivers\cledx.sys
2009-05-04 03:52:21   147456   -c----w-   c:\windows\system32\SynsoLChk.dll
2009-05-04 03:52:21   1261568   -c--a-w-   c:\windows\system32\SYNSOACC.dll
2009-05-04 03:52:21   0   dc----w-   c:\program files\Syncrosoft
2009-04-24 01:39:35   256   -c--a-w-   c:\windows\system32\pool.bin
2009-04-24 01:38:42   0   dc----w-   c:\docume~1\admini~1\applic~1\Research In Motion
2009-04-24 01:33:40   0   dc----w-   c:\program files\common files\Sonic Shared
2009-04-24 01:33:39   0   dc----w-   c:\program files\Roxio
2009-04-24 01:32:37   26496   -c--a-r-   c:\windows\system32\drivers\RimSerial.sys
2009-04-24 01:31:57   0   dc----w-   c:\program files\common files\Research In Motion
2009-04-24 01:31:56   0   dc----w-   c:\program files\Research In Motion
2009-04-23 01:31:22   0   dc----w-   c:\program files\ABBYY FineReader 6.0
2009-04-23 01:31:22   0   dc----w-   c:\program files\ABBYY FineReader 5.0 Sprint
2009-04-23 01:30:55   0   dc----w-   c:\program files\FaxTools
2009-04-23 01:28:52   236   -c--a-w-   c:\windows\lexstat.ini
2009-04-23 01:28:49   76   -c--a-w-   c:\windows\dellstat.ini
2009-04-23 01:26:18   25856   -c--a-w-   c:\windows\system32\drivers\usbprint.sys
2009-04-23 01:26:18   25856   -c--a-w-   c:\windows\system32\dllcache\usbprint.sys
2009-04-21 00:44:10   60416   -c--a-w-   c:\windows\ST4UNST.EXE
2009-04-21 00:44:10   37376   -c--a-w-   c:\windows\system32\ven2232.olb
2009-04-21 00:40:45   0   dc----w-   c:\program files\3CX VoIP Client
2009-04-19 05:06:47   0   dc----w-   c:\program files\Talking Caller ID
2009-04-19 04:39:22   0   dc----w-   c:\docume~1\alluse~1\applic~1\GrebleSoft
2009-04-18 19:30:46   0   dc----w-   c:\windows\$CrystalSetup
2009-04-18 19:30:37   0   dc----w-   C:\dell
2009-04-18 19:26:57   10624   -c--a-w-   c:\windows\system32\drivers\gameenum.sys
2009-04-18 19:26:57   10624   -c--a-w-   c:\windows\system32\dllcache\gameenum.sys
2009-04-18 19:26:48   93952   -c--a-w-   c:\windows\system32\drivers\cwcwdm.sys
2009-04-18 19:26:48   93952   -c--a-w-   c:\windows\system32\dllcache\cwcwdm.sys
2009-04-18 19:26:25   3584   -c--a-w-   c:\windows\system32\drivers\cwcos.sys
2009-04-18 19:26:25   3584   -c--a-w-   c:\windows\system32\dllcache\cwcosnt5.sys
2009-04-18 19:26:25   111872   -c--a-w-   c:\windows\system32\drivers\cwcspud.sys
2009-04-18 19:26:25   111872   -c--a-w-   c:\windows\system32\dllcache\cwcspud.sys
2009-04-18 19:26:23   0   dc----w-   c:\windows\cwcdata
2009-04-16 03:29:48   2560   -c----w-   c:\windows\system32\xpsp4res.dll
2009-04-12 11:59:36   5632   -c--a-w-   c:\windows\system32\ptpusb.dll
2009-04-12 11:59:35   159232   -c--a-w-   c:\windows\system32\ptpusd.dll
2009-04-12 11:59:35   15104   -c--a-w-   c:\windows\system32\drivers\usbscan.sys
2009-04-12 11:59:35   15104   -c--a-w-   c:\windows\system32\dllcache\usbscan.sys
2009-04-10 14:27:14   0   dc----w-   c:\docume~1\admini~1\applic~1\TotalRecorder
2009-04-10 14:26:42   127496   -c--a-w-   c:\windows\system32\drivers\TotRec7.sys
2009-04-10 14:26:41   61448   -c--a-w-   c:\windows\system32\DrvTrNTm.dll
2009-04-10 14:26:41   106496   -c--a-w-   c:\windows\system32\DrvTrNTl.dll
2009-04-10 14:26:41   0   dc----w-   c:\program files\HighCriteria
2009-04-01 01:17:42   503808   -c--a-w-   c:\windows\system32\MSVCP71.DLL
2009-04-01 01:17:42   348160   -c--a-w-   c:\windows\system32\msvcr71.dll
2009-04-01 01:17:42   1060864   -c--a-w-   c:\windows\system32\MFC71.DLL
2009-04-01 01:17:35   0   dc----w-   c:\program files\common files\Symantec Shared
2009-04-01 01:17:34   0   dc----w-   c:\docume~1\alluse~1\applic~1\Symantec
2009-04-01 01:08:39   0   dc----w-   c:\program files\FastStone Photo Resizer
2009-03-29 04:02:24   0   dc----w-   c:\program files\IrfanView3.99
2009-03-26 20:33:04   4248848   -c--a-w-   c:\windows\system32\qtp-mt334.dll
2009-03-26 20:32:46   248592   -c--a-w-   c:\windows\system32\prgiso.dll
2009-03-25 09:43:49   0   dc----w-   c:\windows\Motive
2009-03-25 09:43:44   0   dc----w-   c:\program files\BellSouth Application Management
2009-03-25 09:43:42   0   dc----w-   c:\program files\BellSouth
2009-03-25 09:42:48   0   dc----w-   c:\docume~1\alluse~1\applic~1\MotiveSysIDs
2009-03-24 23:56:19   87040   -c--a-w-   c:\windows\system32\WebFlowIDPersist.dll
2009-03-24 23:56:19   37376   -c--a-w-   c:\windows\system32\ReportReader.dll
2009-03-24 23:56:16   40448   -c--a-w-   c:\windows\system32\BJAXSecurityManager.dll
2009-03-24 23:56:16   1073152   -c--a-w-   c:\windows\system32\ActiveUtils.dll
2009-03-24 23:56:16   0   dc----w-   c:\program files\common files\Motive
2009-03-24 23:56:15   327680   -c--a-w-   c:\windows\system32\snmpaxctrl.dll
2009-03-24 23:56:14   86016   -c--a-w-   c:\windows\system32\BJInstaller.dll
2009-03-24 23:56:14   73728   -c--a-w-   c:\windows\system32\BinaryAggregator1.dll
2009-03-24 23:56:13   15733588   -c--a-w-   C:\BellSouthIW.re~
2009-03-24 23:56:05   6345   -c--a-r-   c:\windows\system32\DevMngr.vxd
2009-03-24 23:23:26   0   dc----w-   c:\windows\system32\wbem\Repository
2009-03-24 23:16:18   0   dc----w-   c:\program files\SigmaTel
2009-03-24 23:13:57   0   dc----w-   c:\program files\MSXML 4.0
2009-03-24 23:12:46   0   dc----w-   c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2009-03-24 23:12:44   0   dc----w-   c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-03-24 23:12:43   0   dc----w-   c:\program files\DAEMON Tools Lite
2009-03-24 23:07:04   0   dc----w-   c:\documents and settings\administrator\rzr
2009-03-24 23:07:04   0   dc----w-   c:\documents and settings\administrator\I LOVE LIFE
2009-03-24 23:07:04   0   dc----w-   c:\documents and settings\administrator\Firefox
2009-03-24 00:08:26   30600   -c--a-w-   c:\windows\system32\BMXStateBkp-{00000007-00000000-00000000-00001102-00000008-10211102}.rfx
2009-03-24 00:08:26   30600   -c--a-w-   c:\windows\system32\BMXState-{00000007-00000000-00000000-00001102-00000008-10211102}.rfx
2009-03-24 00:08:26   29604   -c--a-w-   c:\windows\system32\BMXCtrlState-{00000007-00000000-00000000-00001102-00000008-10211102}.rfx
2009-03-24 00:08:26   29604   -c--a-w-   c:\windows\system32\BMXBkpCtrlState-{00000007-00000000-00000000-00001102-00000008-10211102}.rfx
2009-03-24 00:08:26   11564   -c--a-w-   c:\windows\system32\DVCState-{00000007-00000000-00000000-00001102-00000008-10211102}.rfx
2009-03-24 00:08:26   1080   -c--a-w-   c:\windows\system32\settingsbkup.sfm
2009-03-24 00:08:26   1080   -c--a-w-   c:\windows\system32\settings.sfm
2009-03-24 00:06:16   4174814   -c----w-   c:\windows\system32\CT4MGM.SF2
2009-03-24 00:06:10   4958588   -c--a-w-   c:\windows\{00000007-00000000-00000000-00001102-00000008-10211102}.CDF
2009-03-23 22:58:40   0   dc----w-   c:\program files\IDT(2)
2009-03-22 22:11:07   0   dc----w-   c:\program files\GoldWave 5.20
2009-03-22 12:36:33   0   dc----w-   c:\program files\IrfanView
2009-03-22 10:32:48   0   dc----w-   c:\program files\ffdshow
2009-03-22 10:32:34   0   dc----w-   c:\program files\AC3Filter
2009-03-22 10:32:29   0   dc----w-   c:\program files\XviD
2009-03-22 10:32:09   0   dc----w-   c:\program files\DivX
2009-03-21 12:15:42   0   dc----w-   c:\program files\winLAME
2009-03-17 02:32:45   69   -c--a-w-   c:\windows\NeroDigital.ini
2009-03-17 02:13:27   1024   -c--a-w-   c:\documents and settings\administrator\.rnd
2009-03-17 02:11:53   0   dc----w-   c:\program files\Nero
2009-03-17 02:11:53   0   dc----w-   c:\docume~1\alluse~1\applic~1\Nero
2009-03-17 00:58:25   9799   -c--a-w-   c:\windows\system32\RdCi1009.dll
2009-03-17 00:58:25   65794   -c--a-w-   c:\windows\system32\drivers\Rdwm1009.sys
2009-03-17 00:58:25   57344   -c--a-w-   c:\windows\system32\RDCP1009.CPL
2009-03-17 00:58:25   4088   -c--a-w-   c:\windows\system32\Rd3t1009.DAT
2009-03-17 00:58:25   204800   -c--a-w-   c:\windows\system32\RDDP1009.DAT
2009-03-17 00:58:25   0   dc----w-   c:\program files\RdDrv001
2009-03-17 00:24:40   0   dc----w-   c:\program files\Propellerhead
2009-03-17 00:18:54   0   dc----w-   c:\docume~1\alluse~1\applic~1\Propellerhead Software
2009-03-17 00:18:53   0   dc----w-   c:\docume~1\admini~1\applic~1\Propellerhead Software
2009-03-16 22:47:37   721904   -c--a-w-   c:\windows\system32\drivers\sptd.sys
2009-03-16 22:47:34   0   dc----w-   c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
2009-03-16 04:30:43   0   dc----w-   c:\docume~1\admini~1\applic~1\IDM
2009-03-16 04:30:43   0   dc----w-   c:\docume~1\admini~1\applic~1\DMCache
2009-03-16 04:30:27   0   dc----w-   c:\program files\Internet Download Manager
2009-03-15 20:43:09   0   dc----w-   c:\program files\Sonique
2009-03-15 13:48:59   0   dc----w-   C:\1 NTFS
2009-03-15 07:27:35   0   dc----w-   c:\documents and settings\administrator\Propellerhead
2009-03-15 06:12:24   73344   -c--a-w-   c:\windows\system32\fsproflt.exe
2009-03-15 06:12:23   43792   -c--a-w-   c:\windows\system32\drivers\FSPFltd.sys
2009-03-15 06:12:23   0   dc----w-   c:\program files\My Lockbox
2009-03-15 03:01:24   41984   -c----w-   c:\windows\Ctregrun.exe
2009-03-15 03:01:23   90   -c--a-w-   c:\windows\setuplog
2009-03-15 03:01:15   90112   -c----w-   c:\windows\Updreg.EXE
2009-03-15 03:01:14   0   dc----w-   c:\program files\Creative
2009-03-15 03:01:08   35   -c--a-r-   c:\windows\system32\ctzapxx.ini
2009-03-15 03:01:08   2319   -c--a-r-   c:\windows\system32\emaud.ini
2009-03-15 03:01:08   11776   -c--a-w-   c:\windows\INRES.DLL
2009-03-15 03:01:08   0   dc----w-   c:\windows\system32\Data
2009-03-15 03:00:58   0   dc----w-   c:\program files\Creative Professional
2009-03-15 02:50:43   0   dc----w-   C:\Driver Backup 3-14-2009-225035
2009-03-14 23:22:52   0   dc----w-   c:\windows\system32\NtmsData
2009-03-14 23:20:35   0   dc----w-   c:\program files\common files\Logitech
2009-03-08 02:19:42   0   dc----w-   c:\program files\Active Data Recovery Software
2009-03-08 02:09:45   52224   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-08 02:09:45   459264   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 02:09:44   63488   -c----w-   c:\windows\system32\dllcache\icardie.dll
2009-03-08 02:09:44   383488   -c----w-   c:\windows\system32\dllcache\ieapfltr.dll
2009-03-08 02:09:44   268288   -c----w-   c:\windows\system32\dllcache\iertutil.dll
2009-03-08 02:09:44   13824   -c----w-   c:\windows\system32\dllcache\ieudinit.exe
2009-03-08 02:09:43   991232   -c----w-   c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-08 02:09:43   2455488   -c----w-   c:\windows\system32\dllcache\ieapfltr.dat
2009-03-08 02:09:40   6066176   -c----w-   c:\windows\system32\dllcache\ieframe.dll
2009-03-07 22:03:31   0   dc----w-   c:\program files\EASEUS
2009-03-07 21:45:39   0   dc----w-   c:\windows\pss
2009-03-07 18:30:55   0   dc----w-   c:\program files\Runtime Software
2009-03-07 17:40:26   0   -c-ha-w-   c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-07 17:40:13   0   -c-ha-w-   c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-07 17:40:10   0   -c-ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-07 17:39:44   301656   -c--a-w-   c:\windows\system32\BtCoreIf.dll
2009-03-07 17:39:43   84496   -c--a-w-   c:\windows\system32\KemXML.dll
2009-03-07 17:39:43   170512   -c--a-w-   c:\windows\system32\kemutb.dll
2009-03-07 17:39:43   145936   -c--a-w-   c:\windows\system32\KemUtil.dll
2009-03-07 17:39:43   117264   -c--a-w-   c:\windows\system32\KemWnd.dll
2009-03-07 17:38:51   18772   -c--a-w-   c:\windows\system32\nvapps.nvb
2009-03-07 17:38:16   0   dc----w-   C:\NVIDIA
2009-03-07 17:35:59   53248   -c--a-w-   c:\windows\system32\CSVer.dll
2009-03-07 17:35:35   0   dc----w-   C:\nv_gf175.19_whql_xp32
2009-03-07 17:35:33   0   dc----w-   C:\Logitech_setpoint460
2009-03-07 17:35:33   0   dc----w-   C:\intel_pro1000_124_xp32
2009-03-07 17:35:33   0   dc----w-   C:\intel_inf_9001008_office
2009-03-07 17:19:43   662288   -c--a-w-   c:\windows\system32\MSCOMCT2.OCX
2009-03-07 17:19:43   427864   -c--a-w-   c:\windows\system32\XceedZip.dll
2009-03-07 17:19:43   1686016   -c--a-w-   c:\windows\system32\clinetsuitex6.ocx
2009-03-07 17:19:43   1071088   -c--a-w-   c:\windows\system32\MSCOMCTL.OCX
2009-03-07 17:19:42   0   dc----w-   c:\program files\Driver-Soft
2009-03-07 17:13:15   0   dc----w-   c:\docume~1\admini~1\applic~1\Uniblue
2009-03-07 17:09:16   0   dc----w-   c:\windows\system32\CatRoot_bak
2009-03-07 17:09:14   0   dc----w-   c:\windows\system32\appmgmt
2009-03-07 17:08:35   0   dc----w-   c:\windows\system32\LogFiles
2009-03-07 16:44:48   0   dc----w-   c:\program files\PC Drivers HeadQuarters
2009-03-07 16:44:48   0   dc----w-   c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-03-07 11:27:05   0   dc----w-   C:\Intel
2009-03-07 04:41:29   21504   -c--a-w-   c:\windows\system32\hidserv.dll
2009-03-07 04:41:29   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2009-03-07 04:41:25   12160   -c--a-w-   c:\windows\system32\drivers\mouhid.sys
2009-03-07 04:41:25   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
2009-03-07 04:41:22   14592   -c--a-w-   c:\windows\system32\drivers\kbdhid.sys
2009-03-07 04:41:22   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2009-03-07 04:20:47   10368   -c--a-w-   c:\windows\system32\drivers\hidusb.sys
2009-03-07 04:20:47   10368   -c--a-w-   c:\windows\system32\dllcache\hidusb.sys
2009-03-07 04:20:36   32128   -c--a-w-   c:\windows\system32\drivers\usbccgp.sys
2009-03-07 04:20:36   32128   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2009-03-07 03:09:02   0   dc----w-   c:\program files\LSI SoftModem
2009-03-07 03:05:54   0   dc----w-   c:\program files\Windows Media Connect 2
2009-03-07 03:04:56   162159   -c--a-w-   c:\windows\system32\nvapps.xml
2009-03-07 03:04:56   0   dc----w-   c:\windows\nview
2009-03-07 03:04:55   446464   -c--a-w-   c:\windows\system32\nvudisp.exe
2009-03-07 03:04:55   18070   -c--a-w-   c:\windows\system32\nvdisp.nvu
2009-03-07 03:03:13   2189056   -c----w-   c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-07 03:03:12   2066048   -c----w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-07 03:02:20   272128   -c----w-   c:\windows\system32\drivers\bthport.sys
2009-03-07 03:02:20   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2009-03-07 02:58:42   26488   -c--a-w-   c:\windows\system32\spupdsvc.exe
2009-03-07 02:58:42   0   dc----w-   c:\windows\system32\PreInstall
2009-03-07 02:58:41   0   dc-h--w-   c:\windows\$hf_mig$
2009-03-07 02:57:53   31768   -c--a-w-   c:\windows\system32\wucltui.dll.mui
2009-03-07 02:57:53   23576   -c--a-w-   c:\windows\system32\wuaucpl.cpl.mui
2009-03-07 02:57:53   23576   -c--a-w-   c:\windows\system32\wuapi.dll.mui
2009-03-07 02:57:53   18456   -c--a-w-   c:\windows\system32\wuaueng.dll.mui
2009-03-07 02:57:53   0   dc----w-   c:\windows\system32\SoftwareDistribution
2009-03-07 02:57:31   0   dcsh--w-   c:\documents and settings\administrator\UserData
2009-03-07 02:54:30   446464   -c--a-w-   c:\windows\system32\NVUNINST.EXE
2009-03-07 02:52:14   1904   -c----w-   c:\windows\system32\SetupBD.din
2009-03-07 02:27:45   0   dc----w-   c:\program files\Digital Media Reader
2009-03-07 02:27:16   0   dc----w-   c:\windows\Downloaded Installations
2009-03-07 02:26:21   0   dc----w-   c:\windows\system32\ReinstallBackups
2009-03-07 02:25:10   0   dc----w-   c:\program files\AVerMedia
2009-03-07 02:19:23   0   dc----w-   C:\cabs
2009-03-07 01:58:07   0   dcsh--w-   c:\documents and settings\all users\DRM
2009-03-07 01:57:51   0   dc-h--w-   c:\program files\WindowsUpdate
2009-03-07 01:57:16   0   dc----w-   c:\program files\common files\MSSoap
2009-03-07 01:55:53   0   dc----w-   c:\program files\Online Services
2009-03-07 01:55:47   0   dc----w-   c:\program files\Messenger
2009-03-07 01:55:44   0   dc----w-   c:\program files\MSN Gaming Zone
2009-03-07 01:55:10   0   dc----w-   c:\program files\Windows NT
2004-01-06 09:32:22   0   dc----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2004-01-06 09:32:04   0   dc----w-   c:\program files\SUPERAntiSpyware
2004-01-06 09:32:04   0   dc----w-   c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2004-01-06 09:22:38   0   dc----w-   c:\program files\CCleaner
2004-01-01 13:50:26   0   dc----w-   c:\program files\M-Audio
2004-01-01 00:29:15   0   dc----w-   c:\program files\common files\ODBC
2004-01-01 00:29:12   0   dc----w-   c:\program files\common files\SpeechEngines
2004-01-01 00:28:51   0   dc----r-   c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-11-09 18:56:10   158600   -c--a-w-   c:\windows\system32\drivers\MAudioFastTrackPro.sys
2009-08-22 18:11:28   414272   -c--a-w-   c:\windows\system32\DivXc32f.dll
2009-08-22 18:11:28   414272   -c--a-w-   c:\windows\system32\DivXc32.dll
2009-08-22 18:11:24   33280   -c--a-w-   c:\windows\system32\HUFFYUV.DLL
2009-06-16 14:36:30   81920   -c--a-w-   c:\windows\system32\fontsub.dll
2009-06-16 14:36:30   119808   -c--a-w-   c:\windows\system32\t2embed.dll
2009-06-03 19:09:37   1291264   -c--a-w-   c:\windows\system32\quartz.dll
2009-05-07 15:32:35   345600   -c--a-w-   c:\windows\system32\localspl.dll
2009-04-29 04:56:02   827392   -c----w-   c:\windows\system32\wininet.dll
2009-04-29 04:55:56   78336   -c--a-w-   c:\windows\system32\ieencode.dll
2009-04-17 12:26:40   1847168   -c--a-w-   c:\windows\system32\win32k.sys
2009-04-15 14:51:25   585216   -c--a-w-   c:\windows\system32\rpcrt4.dll
2009-04-03 09:01:00   638976   -c--a-w-   c:\windows\system32\WibuCm32.dll
2009-04-03 09:01:00   561152   -c--a-w-   c:\windows\system32\WibuCmWeb32.dll
2009-04-03 09:01:00   385024   -c--a-w-   c:\windows\system32\WibuXpm4J32.dll
2009-04-03 09:01:00   143360   -c--a-w-   c:\windows\system32\wibucmJNI.dll
2009-03-07 01:56:10   21640   -c--a-w-   c:\windows\system32\emptyregdb.dat
2009-03-06 15:57:30   83448   -c--a-w-   c:\windows\system32\CddbLangJA.dll
2009-03-06 15:57:30   808440   -c--a-w-   c:\windows\system32\CDDBUI.dll
2009-03-06 15:57:30   796152   -c--a-w-   c:\windows\system32\CDDBControl.dll
2009-03-06 15:57:30   108024   -c--a-w-   c:\windows\system32\CddbLangIT.dll
2009-03-06 15:57:30   103928   -c--a-w-   c:\windows\system32\CddbLangNL.dll
2009-03-06 15:57:30   103928   -c--a-w-   c:\windows\system32\CddbLangFR.dll
2009-03-06 15:57:30   103928   -c--a-w-   c:\windows\system32\CddbLangES.dll
2009-03-06 15:57:30   103928   -c--a-w-   c:\windows\system32\CddbLangDE.dll
2009-03-06 14:22:18   284160   -c--a-w-   c:\windows\system32\pdh.dll
2009-02-09 12:10:49   729088   -c--a-w-   c:\windows\system32\lsasrv.dll
2009-02-09 12:10:48   714752   -c--a-w-   c:\windows\system32\ntdll.dll
2009-02-09 12:10:48   617472   -c--a-w-   c:\windows\system32\advapi32.dll
2009-02-09 12:10:48   473600   -c--a-w-   c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10:48   453120   -c--a-w-   c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10:48   401408   -c----w-   c:\windows\system32\rpcss.dll
2009-02-06 11:11:05   110592   -c----w-   c:\windows\system32\services.exe
2009-02-06 11:06:41   2145280   -c----w-   c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39:08   35328   -c--a-w-   c:\windows\system32\sc.exe
2009-02-06 10:32:56   2023936   -c----w-   c:\windows\system32\ntkrnlpa.exe
2009-02-06 10:10:02   227840   -c--a-w-   c:\windows\system32\wbem\wmiprvse.exe
2009-02-03 19:59:07   56832   -c--a-w-   c:\windows\system32\secur32.dll
2008-12-16 12:30:34   354304   -c--a-w-   c:\windows\system32\winhttp.dll
2008-12-12 16:18:16   87336   -c--a-w-   c:\windows\system32\dns-sd.exe
2008-12-12 16:11:46   65536   -c--a-w-   c:\windows\system32\jdns_sd.dll
2008-12-12 16:11:46   61440   -c--a-w-   c:\windows\system32\dnssd.dll
2008-12-11 10:57:09   333952   -c--a-w-   c:\windows\system32\drivers\srv.sys
2008-12-05 06:54:55   144896   -c--a-w-   c:\windows\system32\schannel.dll
2008-10-30 01:43:44   1204128   -c--a-w-   c:\windows\system32\drivers\AGRSM.sys
2008-10-24 11:21:09   455296   -c--a-w-   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36:14   286720   -c--a-w-   c:\windows\system32\gdi32.dll
2008-10-16 19:12:20   561688   -c--a-w-   c:\windows\system32\wuapi(2)(2).dll
2008-10-16 19:08:58   34328   -c--a-w-   c:\windows\system32\wups(2)(2).dll
2008-10-03 10:02:42   247326   -c--a-w-   c:\windows\system32\strmdll.dll
2008-09-30 20:43:34   1286152   -c--a-w-   c:\windows\system32\msxml4.dll
2008-09-26 20:13:08   55816   -c--a-w-   c:\windows\agrsmdel.exe
2008-09-12 10:44:38   206256   -c--a-w-   c:\windows\system32\idmmbc.dll
2008-09-10 01:14:56   1307648   -c--a-w-   c:\windows\system32\msxml6.dll
2008-09-06 04:29:58   917032   -c--a-w-   c:\windows\system32\WgaTray.exeold.exe
2008-09-04 17:15:04   1106944   -c--a-w-   c:\windows\system32\msxml3.dll
2008-08-26 19:32:48   13824   -c--a-w-   c:\windows\system32\agrscoin.dll
2008-08-14 10:04:36   138496   -c--a-w-   c:\windows\system32\drivers\afd.sys
2008-07-07 20:26:58   253952   -c----w-   c:\windows\system32\es.dll
2008-06-24 23:12:58   295936   -c----w-   c:\windows\system32\wmpeffects.dll
2008-06-24 20:06:56   972072   -c--a-w-   c:\windows\UNNeroMediaHome.exe
2008-06-24 16:43:16   74240   -c--a-w-   c:\windows\system32\mscms.dll
2008-06-20 17:46:57   245248   -c----w-   c:\windows\system32\mswsock.dll
2008-06-20 11:51:12   361600   -c----w-   c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08:27   225856   -c--a-w-   c:\windows\system32\drivers\tcpip6.sys
2008-06-18 10:03:08   938496   -c--a-w-   c:\windows\system32\WMNetmgr.dll
2008-06-18 06:09:22   100864   -c--a-w-   c:\windows\system32\logagent.exe
2008-06-12 14:23:32   956928   -c--a-w-   c:\windows\system32\msdtctm.dll
2008-06-12 14:23:32   91648   -c--a-w-   c:\windows\system32\mtxoci.dll
2008-06-12 14:23:32   66560   -c--a-w-   c:\windows\system32\mtxclu.dll
2008-06-12 14:23:32   58880   -c--a-w-   c:\windows\system32\msdtclog.dll
2008-06-12 14:23:32   428032   -c--a-w-   c:\windows\system32\msdtcprx.dll
2008-06-12 14:23:32   161792   -c--a-w-   c:\windows\system32\msdtcuiu.dll
2008-06-08 13:37:56   132904   -c--a-w-   c:\windows\system32\drivers\imagesrv.sys
2008-06-08 13:37:46   11304   -c--a-w-   c:\windows\system32\drivers\imagedrv.sys
2008-06-07 18:54:28   84752   -c--a-w-   c:\windows\system32\drivers\NetBurn.sys
2008-06-07 18:53:04   33072   -c--a-w-   c:\windows\system32\drivers\UimBus.sys
2008-06-07 18:53:04   217152   -c--a-w-   c:\windows\system32\drivers\UimFIO.sys
2008-06-07 18:53:04   130688   -c--a-w-   c:\windows\system32\drivers\Uim_IM.sys
2008-06-07 18:53:02   13576   -c--a-w-   c:\windows\system32\wnaspi32.dll
2008-06-06 18:54:26   95600   -c--a-w-   c:\windows\system32\NeroCo.dll
2008-06-06 18:54:16   972072   -c--a-w-   c:\windows\UNRecode.exe
2008-05-09 10:53:40   90112   -c--a-w-   c:\windows\system32\wshext.dll
2008-05-09 10:53:40   430080   -c--a-w-   c:\windows\system32\vbscript.dll
2008-05-09 10:53:40   172032   -c--a-w-   c:\windows\system32\scrrun.dll
2008-05-09 10:53:39   180224   -c--a-w-   c:\windows\system32\scrobj.dll
2008-05-08 14:02:52   203136   -c--a-w-   c:\windows\system32\drivers\rmcast.sys
2008-05-08 11:24:44   155648   -c--a-w-   c:\windows\system32\wscript.exe
2008-05-07 09:07:23   135168   -c--a-w-   c:\windows\system32\cscript.exe
2008-04-14 10:43:22   40840   -c--a-w-   c:\windows\system32\drivers\termdd.sys
2008-04-14 10:41:58   4096   -c--a-w-   c:\windows\system32\ksuser.dll
2008-04-14 05:49:42   146048   -c--a-w-   c:\windows\system32\drivers\portcls.sys
2008-04-14 05:47:20   83072   -c--a-w-   c:\windows\system32\drivers\wdmaud.sys
2008-04-14 05:46:38   141056   -c--a-w-   c:\windows\system32\drivers\ks.sys
2008-04-14 05:45:56   60800   -c--a-w-   c:\windows\system32\drivers\sysaudio.sys
2008-04-14 05:42:08   74752   -c--a-w-   c:\windows\system32\storprop.dll
2008-04-14 05:15:38   59520   -c--a-w-   c:\windows\system32\drivers\usbhub.sys
2008-04-14 05:15:38   143872   -c--a-w-   c:\windows\system32\drivers\usbport.sys
2008-04-14 05:15:36   30208   -c--a-w-   c:\windows\system32\drivers\usbehci.sys
2008-04-14 05:15:36   20608   -c--a-w-   c:\windows\system32\drivers\usbuhci.sys

============= FINISH: 6:29:56.57 ===============

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 14, 2010, 04:24:51 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/6/2009 9:00:30 PM
System Uptime: 1/6/2004 6:25:47 AM (0 hours ago)

Motherboard: Intel Corporation | | D945GCF
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | LGA 775 | 1999/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 1.945 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 9.642 GiB free.
F: is FIXED (NTFS) - 1397 GiB total, 975.293 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48B81043&REV_00\4&30224E63&0&00E3
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48B81043&REV_00\4&30224E63&0&00E3
Service:

Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Device ID: PCI\VEN_104C&DEV_8020&SUBSYS_00000000&REV_00\4&1E46F438&0&28F0
Manufacturer: Texas Instruments
Name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
PNP Device ID: PCI\VEN_104C&DEV_8020&SUBSYS_00000000&REV_00\4&1E46F438&0&28F0
Service: ohci1394

==== System Restore Points ===================

RP63: 5/3/2010 5:47:31 PM - Unsigned driver install
RP64: 5/3/2010 5:59:32 PM - Unsigned driver install
RP65: 5/4/2010 10:08:55 AM - Update to an unsigned driver
RP66: 1/1/2004 4:53:09 AM - System Checkpoint
RP67: 1/1/2004 8:49:29 AM - Removed M-Audio FastTrackPro Driver 6.0.2 (x86)
RP68: 1/1/2004 8:50:24 AM - Installed M-Audio FastTrackPro Driver 6.0.2 (x86)
RP69: 1/5/2004 1:42:39 AM - System Checkpoint
RP70: 1/5/2004 7:43:01 AM - Installed HiJackThis
RP71: 1/6/2004 4:32:01 AM - Installed SUPERAntiSpyware Free Edition
RP72: 1/6/2004 4:36:49 AM - Uninstall

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint
Acrobat.com
Active@ Partition Recovery Enterprise
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
aiofw
aioprnt
aioscnnr
Antares Auto-Tune Evo VST
Antares Autotune VST v5.09
Ares 2.1.1
ARP2600 V2 2.0
Arturia Arp2600 V VSTi RTAS v1.6
Arturia CS-80V v1.6
AudioEase Speakersphone VST RTAS v1.03
Authorizer 1.0
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.0.5
BellSouth Application Management
BlackBerry Desktop Software 4.3
BlackBerry Device Software v4.5.0 for the BlackBerry 8100 smartphone
Bonjour
Brass 2.0.1
CCleaner
CDDRV_Installer
center
CodeMeter Runtime Kit v4.01
ConvertHelper 2.2
Critical Update for Windows Media Player 11 (KB959772)
CS-80V2 2.0
Digidesign Free Bomb Factory Plug-Ins 7.4
Digidesign Pro Tools M-Powered 7.4
Digidesign Shared Plug-Ins 7.4
Digital Media Reader
DivX 4.11 Codec
Driver Genius Professional Edition
E-MU USB Audio
EASEUS Data Recovery Wizard Professional 3.3.4
EASEUS Data Recovery Wizard Professional 4.3.6
FastStone Photo Resizer 2.7
FaxTools
Free 3GP Video Converter version 3.2
Free FLV Converter V 6.6.3
FXpansion DR-008 v1.10
FXpansion DR-008 v1.21
Garritan Personal Orchestra
GetDataBack for FAT and GetDataBack for NTFS
GetDataBack for NTFS
GoldWave v5.51
Google Talk (remove only)
HiJackThis
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Huffyuv AVI lossless video codec (Remove Only)
IL Vocodex
Intel(R) Network Connections 12.4.38.0
Internet Download Manager
IsoBuster 2.2
Java(TM) 6 Update 16
Jupiter-8V2 2.0
KhalInstallWrapper
KODAK AiO Home Center
KORG Legacy Collection - DIGITAL EDITION
KORG Legacy Collection - DIGITAL EDITION RTAS
KORG Legacy Collection - DIGITAL EDITION VST
ksDIP
Logitech SetPoint
Logitech Updater
LUXONIX Purity
M-Audio FastTrackPro Driver 6.0.2 (x86)
Malwarebytes' Anti-Malware
Mega Manager
Melodyne plugin
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
minimoog V2 2.0
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
My Lockbox 1.3 for Windows 2000/XP
Native Instruments Absynth 5
Native Instruments FM8
Native Instruments Massive
Native Instruments Pro-53
Native Instruments Traktor DJ Studio 3
Nero 8 Ultra Edition HD
neroxml
NVIDIA Drivers
OrangeVocoder v2.0-OxYGeN
Paragon Drive Backup™ 9 Professional
Paragon Partition Manager™ 9.5 Professional
PreReq
Prophet-V2 2.0
Rapture 1.1
RAR Password Recovery Magic v6.1.1.21
Reason 4.0
Record 1.0
reFX Vanguard 1.7.2
Roxio Media Manager
Seagate Manager Installer
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SigmaTel Audio
Sonik Synth 2
Sonique
Spybot - Search & Destroy
Steinberg HALion VSTi DXi v3.5
Steinberg Hypersonic 2
SUPERAntiSpyware Free Edition
Tracktion 3.0.2.6
Uninstall 1.0.0.1
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoGet
VobSub v2.05 (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
winLAME prerelease4
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/5/2010 5:16:26 AM, error: Service Control Manager [7034] - The CodeMeter Runtime Server service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:16:23 AM, error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:16:18 AM, error: Service Control Manager [7034] - The E-MU Audio Service service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:16:10 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:16:02 AM, error: Service Control Manager [7034] - The Nero BackItUp Scheduler 3 service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:15:57 AM, error: Service Control Manager [7034] - The Net Burner iSCSI Service service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 5:15:47 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ohci1394
4/5/2010 5:15:47 AM, error: Service Control Manager [7001] - The Kodak AiO Network Discovery Service service depends on the Bonjour Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/5/2010 5:15:47 AM, error: Service Control Manager [7000] - The Nsynas32 service failed to start due to the following error: The system cannot find the file specified.
4/4/2010 5:57:42 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
4/4/2010 5:19:01 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll. Reference error message: The operation completed successfully. .
4/4/2010 5:19:01 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\msa.dll. Reference error message: The operation completed successfully. .
4/4/2010 5:19:01 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll" on line 9.
4/4/2010 5:19:01 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Common Files\Nero\AudioPlugins\msa.dll" on line 9.
4/30/2010 4:42:19 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215974 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
4/29/2010 9:20:03 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215972 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
4/22/2010 9:20:00 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215970 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
4/19/2010 1:47:39 AM, error: Service Control Manager [7034] - The Digidesign MME Refresh Service service terminated unexpectedly. It has done this 1 time(s).
4/15/2010 9:21:15 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215968 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
4/14/2010 7:15:03 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215964 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.197.32:123) is working properly.
3/4/2010 6:54:52 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215214 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.197.32:123) is working properly.
3/31/2010 1:40:58 PM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 5 time(s).
3/3/2010 10:43:09 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +172779 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.197.32:123) is working properly.
3/29/2010 9:11:52 AM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 4 time(s).
3/28/2010 9:01:28 AM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 3 time(s).
3/26/2010 9:05:01 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215958 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.197.32:123) is working properly.
3/24/2010 9:53:49 AM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 2 time(s).
3/22/2010 6:05:08 PM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
3/18/2010 7:53:21 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215962 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
3/11/2010 6:53:20 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +215959 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.197.32:123) is working properly.
2/26/2010 6:05:12 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +172780 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The FSPro Filter Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:33 AM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 1:13:13 AM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
2/19/2010 6:05:03 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +172784 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.232.182:123) is working properly.
2/18/2010 12:46:23 PM, error: System Error [1003] - Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.
2/18/2010 12:46:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

==== End Of File ===========================

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 14, 2010, 04:40:14 PM

Delete your current version of ComboFix and download it again!

Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop.

Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>

FCopy::
c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

Folder::
c:\program files\Messenger

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

(http://img249.imageshack.us/img249/1218/cfscript1.gif)

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 14, 2010, 05:59:26 PM

sorry for this late response, had to run twice.

ComboFix 10-05-14.06 - Administrator 01/06/2004 7:38.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2710 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf
.
---- Previous Run -------
.
c:\program files\Messenger
c:\program files\Messenger\custsat.dll
c:\program files\Messenger\logowin.gif
c:\program files\Messenger\lvback.gif
c:\program files\Messenger\msgsc.dll
c:\program files\Messenger\msgslang.dll
c:\program files\Messenger\msmsgs.exe
c:\program files\Messenger\newalert.wav
c:\program files\Messenger\newemail.wav
c:\program files\Messenger\online.wav
c:\program files\Messenger\type.wav
c:\program files\Messenger\xpmsgr.chm
F:\autorun.inf

-- Previous Run --

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

--------

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
--------------- FCopy ---------------

c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2003-12-06 to 2004-01-06 )))))))))))))))))))))))))))))))
.

2010-05-03 21:47 . 2008-03-21 17:57   14640   -c----w-   c:\windows\system32\spmsgXP_2k3.dll
2010-05-03 13:39 . 2010-05-03 13:39   581192   -c--a-w-   c:\windows\system32\WinUSBCoInstaller.dll
2010-05-03 13:39 . 2010-05-03 13:39   1112288   -c--a-w-   c:\windows\system32\WdfCoInstaller01007.dll
2010-05-03 11:14 . 2010-05-03 11:39   --------   dc----w-   C:\N1
2010-05-03 11:11 . 2010-02-09 15:36   --------   dc----w-   C:\android-sdk-windows
2010-05-03 10:35 . 2010-01-07 16:42   96256   -c--a-w-   C:\AdbWinApi.dll
2010-05-03 10:35 . 2010-01-07 16:42   60928   -c--a-w-   C:\AdbWinUsbApi.dll
2010-05-03 10:35 . 2010-01-07 16:42   2530671   -c--a-w-   C:\adb.exe
2010-05-03 10:35 . 2010-01-07 16:42   994279   -c--a-w-   C:\fastboot.exe
2010-05-03 10:24 . 2010-05-04 14:01   --------   dc----w-   C:\superboot
2010-05-03 10:05 . 2010-05-03 11:09   --------   dc----w-   c:\documents and settings\Administrator\.android
2010-05-03 09:46 . 2010-01-04 00:22   --------   dc----w-   C:\fastboot
2010-04-26 10:33 . 2006-11-02 20:39   90112   -c--a-w-   c:\windows\system32\stacsv.exe
2010-04-24 16:31 . 2010-04-24 17:15   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\wgfhrgevm
2010-04-23 01:57 . 2002-01-05 15:16   737280   -c--a-w-   c:\windows\system32\msvcp70d.dll
2010-04-23 01:57 . 2002-01-05 15:16   536576   -c--a-w-   c:\windows\system32\msvcr70d.dll
2010-04-23 01:00 . 2010-04-23 01:03   --------   dc----w-   c:\program files\Common Files\KORG
2010-04-23 01:00 . 2010-04-23 01:00   --------   dc----w-   c:\program files\KORG
2010-04-23 00:45 . 2009-05-19 20:21   86016   -c--a-w-   c:\windows\system32\SYNSOPOS.exe
2010-04-22 13:38 . 2010-04-22 13:38   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\eLicenser
2010-04-22 13:34 . 2010-04-22 13:34   --------   dc----w-   c:\program files\Cakewalk
2010-04-22 13:34 . 2010-04-22 13:34   --------   dc----w-   c:\documents and settings\All Users\Application Data\Cakewalk
2010-04-22 12:38 . 2010-04-22 12:38   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-04-22 12:20 . 2010-04-22 12:20   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Audio Ease
2010-04-22 12:20 . 2007-09-12 16:51   491520   -c--a-w-   c:\windows\system32\libencdec.dll
2010-04-22 12:20 . 2010-04-22 12:20   --------   dc----w-   c:\program files\Audio Ease
2010-04-22 12:20 . 2010-04-22 12:20   --------   dc----w-   c:\documents and settings\All Users\Application Data\Audio Ease
2010-04-22 10:51 . 2010-04-22 10:51   2892   -c--a-w-   c:\windows\system32\audcon.sys
2010-04-22 10:51 . 2010-04-22 10:51   --------   dc----w-   c:\documents and settings\All Users\Application Data\Syncrosoft
2010-04-22 10:49 . 2004-01-06 09:36   --------   dc----w-   c:\documents and settings\All Users\Application Data\eLicenser
2010-04-22 10:49 . 2004-01-06 09:36   --------   dc----w-   c:\program files\eLicenser
2010-04-22 10:48 . 2009-09-09 22:56   163840   -c--a-w-   c:\windows\system32\ArtFfct.dll
2010-04-22 10:48 . 2010-04-23 02:01   --------   dc----w-   c:\program files\Arturia
2010-04-22 10:48 . 2010-04-22 13:09   --------   dc----w-   c:\documents and settings\All Users\Application Data\Arturia
2010-04-22 10:45 . 2010-04-22 10:45   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}
2010-04-22 10:29 . 2010-04-22 12:57   --------   dc----w-   c:\program files\Native Instruments
2010-04-22 10:21 . 2010-04-22 10:21   --------   dc----w-   c:\documents and settings\All Users\Application Data\Temporary
2010-04-22 10:20 . 2010-04-22 10:20   --------   dc----w-   c:\program files\Common Files\Celemony
2010-04-22 10:20 . 2010-04-22 10:20   --------   dc----w-   c:\program files\Celemony
2010-04-22 10:13 . 2003-06-20 16:28   1777664   -c--a-w-   c:\windows\system32\gdiplus.dll
2010-04-22 10:11 . 2010-04-22 10:11   --------   dc----w-   c:\documents and settings\nexus
2010-04-22 10:07 . 2010-04-22 10:07   --------   dc----w-   c:\program files\Image-Line
2010-04-21 09:09 . 2010-04-21 09:10   --------   dc----w-   c:\program files\ConvertHelper
2010-04-21 09:07 . 2010-04-21 09:10   --------   dc----w-   c:\documents and settings\Administrator\dwhelper
2010-04-19 05:28 . 2010-04-19 05:37   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Digidesign
2010-04-19 05:28 . 2010-04-19 05:28   --------   dc----w-   C:\Digidesign Databases
2010-04-19 05:12 . 2006-12-09 02:50   16384   -c--a-w-   c:\windows\system32\drivers\DigiFilt.sys
2010-04-19 05:10 . 2002-01-05 09:48   974848   -c--a-w-   c:\windows\system32\mfc70.dll
2010-04-19 05:10 . 2001-06-27 14:13   217088   -c--a-w-   c:\windows\system32\qtmlClient.dll
2010-04-19 05:10 . 2007-09-05 15:43   630784   -c----w-   c:\windows\system32\ilinet.dll
2010-04-19 05:10 . 2007-10-31 07:16   3683014   -c--a-w-   c:\windows\system32\DirectIO.dll
2010-04-19 05:10 . 2007-10-31 04:36   15872   -c--a-w-   c:\windows\system32\digicoin.dll
2010-04-19 05:10 . 2007-10-31 04:03   659456   -c--a-w-   c:\windows\system32\DSI.dll
2010-04-19 05:10 . 2007-10-31 04:03   1362460   -c--a-w-   c:\windows\system32\ExpansionHD_Firmware.bin
2010-04-19 05:10 . 2007-10-31 03:03   270336   -c--a-w-   c:\windows\system32\DigiPlatformSupport.dll
2010-04-19 05:10 . 2006-12-09 03:21   90112   -c--a-w-   c:\windows\system32\WinMMFix.dll
2010-04-18 22:35 . 2010-04-18 22:35   69632   -c--a-w-   c:\windows\system32\com.fxpansion.fxshared.dll
2010-04-18 13:36 . 2008-04-14 04:15   60032   -c--a-w-   c:\windows\system32\drivers\USBAUDIO.sys
2010-04-18 13:36 . 2008-04-14 04:15   60032   -c--a-w-   c:\windows\system32\dllcache\usbaudio.sys
2010-04-17 10:34 . 2010-04-19 05:17   --------   dc----w-   c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-04-17 10:34 . 2010-04-17 10:34   --------   dc----w-   c:\program files\Common Files\PACE Anti-Piracy
2010-03-04 02:00 . 2010-04-19 05:28   --------   dc-ha-w-   c:\documents and settings\Administrator\Local Settings\Application Data\7v7mN9FuX
2010-02-20 06:41 . 2004-01-01 15:13   --------   dc----w-   c:\documents and settings\Administrator\Application Data\QuickScan
2010-01-24 12:01 . 2010-01-24 12:01   --------   dc----w-   c:\program files\LUXONIX
2010-01-24 11:01 . 2010-04-23 01:12   16   -c--a-w-   c:\windows\msocreg32.dat
2010-01-24 11:00 . 2010-01-24 11:01   --------   dc----w-   c:\program files\Sonik Synth 2
2010-01-24 01:43 . 2010-04-22 12:28   --------   dc----w-   c:\program files\Common Files\Native Instruments
2010-01-24 01:43 . 2010-04-22 10:33   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Native Instruments
2010-01-24 01:43 . 2010-01-24 01:43   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2010-01-24 01:30 . 2010-01-24 01:30   --------   dc----w-   c:\program files\Smart Projects
2010-01-23 23:05 . 2010-01-23 23:05   --------   dc----w-   c:\windows\vocoder
2010-01-23 22:56 . 2010-04-23 01:22   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Antares
2010-01-23 22:56 . 2010-04-23 01:22   --------   dc----w-   c:\program files\Antares Audio Technologies
2010-01-08 23:59 . 2000-01-19 00:45   401484   -c--a-w-   c:\windows\system32\Msvcrtd.dll
2010-01-08 23:59 . 2010-01-09 00:01   --------   dc----w-   c:\program files\FXpansion DR-008 v1.21
2010-01-08 04:49 . 2010-04-19 05:10   --------   dc----w-   c:\program files\Digidesign
2010-01-08 04:49 . 2010-01-24 10:18   --------   dc----w-   c:\program files\Garritan Personal Orchestra
2010-01-08 04:07 . 2010-01-08 04:07   --------   dc----w-   c:\program files\Alcohol Soft
2010-01-08 03:48 . 2009-10-12 02:58   1177600   -c--a-w-   c:\windows\system32\SYNSOEMU.DLL
2010-01-08 03:47 . 2010-01-08 03:47   --------   dc----w-   c:\program files\rgcaudio software
2010-01-08 03:46 . 2010-04-18 22:35   69632   -c--a-w-   c:\windows\system32\FxShared.dll
2010-01-08 03:46 . 2010-04-18 22:44   --------   dc----w-   c:\program files\FXpansion
2010-01-08 03:45 . 2010-04-19 05:28   --------   dc----w-   c:\documents and settings\Administrator\Application Data\FXpansion
2010-01-05 01:32 . 2010-01-05 01:32   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Spectrasonics
2010-01-03 21:51 . 2010-01-03 21:51   --------   dc----w-   c:\program files\Trend Micro
2010-01-03 14:00 . 2010-04-19 05:10   --------   dc----w-   c:\program files\Common Files\Digidesign
2010-01-03 14:00 . 2010-01-03 14:30   --------   dc----w-   c:\program files\Spectrasonics
2009-12-27 02:14 . 2009-12-27 02:14   --------   dc----w-   c:\program files\Seagate
2009-12-27 02:14 . 2009-12-27 02:14   --------   dc----w-   c:\documents and settings\All Users\Application Data\Seagate
2009-12-27 02:13 . 2009-12-27 02:13   --------   dcsh--w-   c:\windows\ftpcache
2009-12-27 02:09 . 2009-12-27 02:09   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Leadertech
2009-12-09 00:38 . 2009-12-09 00:38   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-09 00:38 . 2010-04-29 20:39   38224   -c--a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 00:38 . 2009-12-09 00:38   --------   dc----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-09 00:38 . 2010-04-29 20:39   20952   -c--a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-09 00:38 . 2004-01-06 11:16   --------   dc----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-22 23:15 . 2010-02-18 16:55   --------   dc----w-   c:\program files\Ask.com
2009-11-22 23:14 . 2009-11-22 23:15   --------   dc----w-   c:\program files\Common Files\DVDVideoSoft
2009-11-22 23:14 . 2009-11-22 23:14   --------   dc----w-   c:\program files\DVDVideoSoft
2009-11-13 22:33 . 2010-04-19 05:17   --------   dc----w-   c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy
2009-11-13 22:33 . 2009-11-13 22:33   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy
2009-11-13 22:17 . 2009-11-13 22:17   --------   dc----w-   c:\documents and settings\All Users\Application Data\Line 6
2009-11-13 22:17 . 2006-03-29 19:11   233472   -c--a-w-   c:\windows\system32\REX Shared Library.dll
2009-11-13 22:17 . 2009-11-13 22:17   406528   -c--a-w-   c:\windows\system32\ReWire.dll
2009-11-13 22:16 . 2009-11-13 22:16   --------   dc----w-   c:\program files\CodeMeter
2009-11-12 02:43 . 2009-11-12 02:43   --------   dc----w-   C:\spoolerlogs
2009-11-11 08:52 . 2009-11-11 08:52   --------   dc----w-   c:\documents and settings\All Users\Application Data\kds_kodak
2009-11-10 10:33 . 2009-11-10 10:33   --------   dc----w-   c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-09 18:56 . 2009-11-09 18:56   643592   -c--a-w-   c:\windows\system32\M-AudioTaskBarIcon.exe
2009-11-09 18:56 . 2009-11-09 18:56   32776   -c--a-w-   c:\windows\system32\mausbasio.dll
2009-11-09 18:56 . 2009-11-09 18:56   2526185   -c--a-w-   c:\windows\system32\madiousb.dll
2009-11-07 14:56 . 2009-11-07 14:56   --------   dc----w-   c:\documents and settings\All Users\Application Data\Eastman Kodak Company
2009-11-07 14:53 . 2009-11-07 14:53   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Eastman_Kodak_Company
2009-11-07 14:52 . 2009-11-07 15:04   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Eastman Kodak Company
2009-11-07 14:52 . 2009-11-07 14:52   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\KODAK
2009-11-07 14:52 . 2009-11-07 14:52   --------   dc----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
2009-11-07 14:50 . 2009-08-03 14:33   192512   -c--a-w-   c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2009-11-07 14:50 . 2009-08-03 14:33   405504   -c--a-w-   c:\windows\system32\EKIJ5000MON.dll
2009-11-07 14:49 . 2009-11-07 14:52   --------   dc----w-   c:\program files\Kodak
2009-11-07 11:04 . 2009-11-07 11:04   --------   dc----w-   c:\program files\Bonjour
2009-11-07 11:04 . 2009-11-07 11:04   --------   dc----w-   c:\documents and settings\All Users\Application Data\Apple
2009-11-07 11:03 . 2009-11-07 14:48   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Temp
2009-11-07 10:58 . 2010-01-03 21:43   --------   dc----w-   c:\documents and settings\All Users\Application Data\Kodak
2009-11-07 10:57 . 2009-11-07 14:50   --------   dc----w-   c:\windows\system32\kodak
2009-11-07 10:57 . 2001-08-18 03:36   87040   -c--a-w-   c:\windows\system32\wiafbdrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 21:48 . 2010-05-03 21:48   0   -c-ha-w-   c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-05-03 21:47 . 2010-05-03 21:47   0   -c-ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-24 16:37 . 2010-04-24 16:37   0   -c--a-w-   c:\documents and settings\Administrator\ntuser.tmp
2010-04-22 10:20 . 2009-03-07 02:21   --------   dc-h--w-   c:\program files\InstallShield Installation Information
2010-01-08 23:59 . 2009-05-04 03:56   --------   dc----w-   c:\program files\Steinberg
2010-01-08 02:49 . 2009-03-24 23:12   --------   dc----w-   c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-11-09 18:56 . 2004-01-01 13:50   158600   -c--a-w-   c:\windows\system32\drivers\MAudioFastTrackPro.sys
2009-08-22 18:11 . 2001-12-11 12:17   414272   -c--a-w-   c:\windows\system32\DivXc32.dll
2009-08-22 18:11 . 2001-11-27 00:19   414272   -c--a-w-   c:\windows\system32\DivXc32f.dll
2009-08-22 18:11 . 2001-12-08 20:20   33280   -c--a-w-   c:\windows\system32\HUFFYUV.DLL
2009-06-16 14:36 . 2008-05-02 03:05   81920   -c--a-w-   c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-05-02 03:05   119808   -c--a-w-   c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2008-05-02 03:05   1291264   -c--a-w-   c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2008-05-02 03:05   345600   -c--a-w-   c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2008-05-02 03:05   827392   -c----w-   c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-05-02 03:05   78336   -c--a-w-   c:\windows\system32\ieencode.dll
2009-04-24 01:33 . 2009-03-07 02:21   --------   dc----w-   c:\program files\Common Files\InstallShield
2009-04-17 12:26 . 2008-05-02 03:05   1847168   -c--a-w-   c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-05-02 03:05   585216   -c--a-w-   c:\windows\system32\rpcrt4.dll
2009-03-24 23:16 . 2009-03-22 10:32   --------   dc----w-   c:\program files\ffdshow
2009-03-24 23:16 . 2009-03-22 10:32   --------   dc----w-   c:\program files\AC3Filter
2009-03-24 23:16 . 2009-03-22 12:36   --------   dc----w-   c:\program files\IrfanView
2009-03-24 23:16 . 2009-03-24 23:16   --------   dc----w-   c:\program files\SigmaTel
2009-03-24 23:16 . 2009-03-22 22:11   --------   dc----w-   c:\program files\GoldWave 5.20
2009-03-24 23:16 . 2009-03-23 22:58   --------   dc----w-   c:\program files\IDT(2)
2009-03-24 23:13 . 2009-03-24 23:13   --------   dc----w-   c:\program files\MSXML 4.0
2009-03-24 23:12 . 2009-03-24 23:12   --------   dc----w-   c:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-03-24 23:12 . 2009-03-24 23:12   --------   dc----w-   c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-24 23:12 . 2009-03-24 23:12   --------   dc----w-   c:\program files\DAEMON Tools Lite
2009-03-24 09:34 . 2009-03-22 22:02   5072   -c--a-w-   c:\windows\system32\drivers\sthdae.log
2009-03-07 17:40 . 2009-03-07 17:40   0   -c-ha-w-   c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-07 17:40 . 2009-03-07 17:40   0   -c-ha-w-   c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-07 17:40 . 2009-03-07 17:40   0   -c-ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-07 02:47 . 2009-03-07 01:58   86327   -c--a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-07 01:59 . 2009-03-07 01:59   --------   dc----w-   c:\program files\microsoft frontpage
2009-03-07 01:56 . 2009-03-07 01:56   21640   -c--a-w-   c:\windows\system32\emptyregdb.dat
2009-03-06 15:57 . 2009-03-06 15:57   83448   -c--a-w-   c:\windows\system32\CddbLangJA.dll
2009-03-06 15:57 . 2009-03-06 15:57   808440   -c--a-w-   c:\windows\system32\CDDBUI.dll
2009-03-06 15:57 . 2009-03-06 15:57   796152   -c--a-w-   c:\windows\system32\CDDBControl.dll
2009-03-06 15:57 . 2009-03-06 15:57   108024   -c--a-w-   c:\windows\system32\CddbLangIT.dll
2009-03-06 15:57 . 2009-03-06 15:57   103928   -c--a-w-   c:\windows\system32\CddbLangNL.dll
2009-03-06 15:57 . 2009-03-06 15:57   103928   -c--a-w-   c:\windows\system32\CddbLangFR.dll
2009-03-06 15:57 . 2009-03-06 15:57   103928   -c--a-w-   c:\windows\system32\CddbLangES.dll
2009-03-06 15:57 . 2009-03-06 15:57   103928   -c--a-w-   c:\windows\system32\CddbLangDE.dll
2009-03-06 14:22 . 2008-05-02 03:05   284160   -c--a-w-   c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2008-05-02 03:05   729088   -c--a-w-   c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2009-03-07 01:55   453120   -c--a-w-   c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10 . 2009-03-07 01:54   473600   -c--a-w-   c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10 . 2008-05-02 03:05   714752   -c--a-w-   c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-05-02 03:05   617472   -c--a-w-   c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-05-02 03:05   401408   -c----w-   c:\windows\system32\rpcss.dll
2009-02-06 11:11 . 2008-05-02 03:05   110592   -c----w-   c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-05-02 03:05   2145280   -c----w-   c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-05-02 03:05   35328   -c--a-w-   c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01   2023936   -c----w-   c:\windows\system32\ntkrnlpa.exe
2009-02-06 10:10 . 2009-03-07 01:55   227840   -c--a-w-   c:\windows\system32\wbem\wmiprvse.exe
2009-02-03 19:59 . 2008-05-02 03:05   56832   -c--a-w-   c:\windows\system32\secur32.dll
2008-12-16 12:30 . 2008-05-02 03:05   354304   -c--a-w-   c:\windows\system32\winhttp.dll
2008-12-12 16:18 . 2008-12-12 16:18   87336   -c--a-w-   c:\windows\system32\dns-sd.exe
2008-12-12 16:11 . 2008-12-12 16:11   65536   -c--a-w-   c:\windows\system32\jdns_sd.dll
2008-12-12 16:11 . 2008-12-12 16:11   61440   -c--a-w-   c:\windows\system32\dnssd.dll
2008-12-11 10:57 . 2008-05-02 03:05   333952   -c--a-w-   c:\windows\system32\drivers\srv.sys
2008-12-05 06:54 . 2008-05-02 03:05   144896   -c--a-w-   c:\windows\system32\schannel.dll
2008-10-30 01:43 . 2008-10-30 01:43   1204128   -c--a-w-   c:\windows\system32\drivers\AGRSM.sys
2008-10-24 11:21 . 2008-05-02 03:05   455296   -c--a-w-   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 . 2008-05-02 03:05   286720   -c--a-w-   c:\windows\system32\gdi32.dll
2008-10-16 19:13 . 2009-03-07 01:57   1809944   -c--a-w-   c:\windows\system32\wuaueng.dll
2008-10-16 19:12 . 2009-03-07 01:57   202776   -c--a-w-   c:\windows\system32\wuweb.dll
2008-10-16 19:12 . 2009-03-07 01:57   323608   -c--a-w-   c:\windows\system32\wucltui.dll
2008-10-16 19:12 . 2009-03-07 01:57   561688   -c--a-w-   c:\windows\system32\wuapi.dll
2008-10-16 19:12 . 2009-03-07 01:57   561688   -c--a-w-   c:\windows\system32\wuapi(2)(2).dll
2008-10-16 19:09 . 2009-03-07 01:57   51224   -c----w-   c:\windows\system32\wuauclt.exe
2008-10-16 19:09 . 2008-05-02 03:05   92696   -c--a-w-   c:\windows\system32\cdm.dll
2008-10-16 19:08 . 2009-03-07 01:57   34328   -c--a-w-   c:\windows\system32\wups.dll
2008-10-16 19:08 . 2009-03-07 01:57   34328   -c--a-w-   c:\windows\system32\wups(2)(2).dll
2008-10-03 10:02 . 2008-05-02 03:05   247326   -c--a-w-   c:\windows\system32\strmdll.dll
2008-09-30 20:43 . 2008-09-30 20:43   1286152   -c--a-w-   c:\windows\system32\msxml4.dll
2008-09-26 20:13 . 2008-09-26 20:13   55816   -c--a-w-   c:\windows\agrsmdel.exe
2008-09-12 10:44 . 2008-12-04 11:42   206256   -c--a-w-   c:\windows\system32\idmmbc.dll
2008-09-10 01:14 . 2008-05-02 03:05   1307648   -c--a-w-   c:\windows\system32\msxml6.dll
2008-09-06 04:29 . 2008-09-06 04:29   917032   -c--a-w-   c:\windows\system32\WgaTray.exeold.exe
2008-09-04 17:15 . 2008-05-02 03:05   1106944   -c--a-w-   c:\windows\system32\msxml3.dll
2008-08-26 19:32 . 2008-08-26 19:32   13824   -c--a-w-   c:\windows\system32\agrscoin.dll
2008-08-14 10:04 . 2008-05-02 03:05   138496   -c--a-w-   c:\windows\system32\drivers\afd.sys
2008-07-07 20:26 . 2008-05-02 03:05   253952   -c----w-   c:\windows\system32\es.dll
2008-06-24 23:12 . 2006-10-19 02:47   295936   -c----w-   c:\windows\system32\wmpeffects.dll
2008-06-24 20:06 . 2008-06-24 20:06   972072   -c--a-w-   c:\windows\UNNeroMediaHome.exe
2008-06-24 16:43 . 2008-05-02 03:05   74240   -c--a-w-   c:\windows\system32\mscms.dll
2008-06-20 17:46 . 2008-05-02 03:05   245248   -c----w-   c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2008-05-02 03:05   361600   -c----w-   c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08 . 2008-05-02 03:05   225856   -c--a-w-   c:\windows\system32\drivers\tcpip6.sys
2008-06-18 10:03 . 2008-05-02 03:05   938496   -c--a-w-   c:\windows\system32\WMNetmgr.dll
2008-06-18 06:09 . 2008-05-02 03:05   100864   -c--a-w-   c:\windows\system32\logagent.exe
2008-06-12 14:23 . 2009-03-07 01:55   956928   -c--a-w-   c:\windows\system32\msdtctm.dll
2008-06-12 14:23 . 2009-03-07 01:55   91648   -c--a-w-   c:\windows\system32\mtxoci.dll
2008-06-12 14:23 . 2009-03-07 01:55   58880   -c--a-w-   c:\windows\system32\msdtclog.dll
2008-06-12 14:23 . 2009-03-07 01:55   428032   -c--a-w-   c:\windows\system32\msdtcprx.dll
2008-06-12 14:23 . 2009-03-07 01:55   161792   -c--a-w-   c:\windows\system32\msdtcuiu.dll
2008-06-12 14:23 . 2008-05-02 03:05   66560   -c--a-w-   c:\windows\system32\mtxclu.dll
2008-06-08 13:37 . 2008-06-08 13:37   132904   -c--a-w-   c:\windows\system32\drivers\imagesrv.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-04-24_17.16.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-01-06 12:51 . 2004-01-06 12:51   16384 c:\windows\temp\Perflib_Perfdata_1dc.dat
+ 2006-11-02 11:00 . 2006-11-02 11:00   24136 c:\windows\system32\winusb.dll
+ 2004-01-01 13:50 . 2008-04-14 10:42   23552 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\wdmaud.drv
+ 2004-01-01 13:50 . 2008-04-14 04:15   60032 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\USBAUDIO.sys
+ 2004-01-01 13:50 . 2008-04-14 04:15   49408 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\stream.sys
+ 2004-01-01 13:50 . 2008-04-14 04:15   60160 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\drmk.sys
- 2008-05-02 03:05 . 2010-04-22 13:10   77316 c:\windows\system32\perfc009.dat
+ 2008-05-02 03:05 . 2004-01-01 04:09   77316 c:\windows\system32\perfc009.dat
+ 2006-11-02 11:00 . 2006-11-02 11:00   39368 c:\windows\system32\drivers\winusb.sys
+ 2006-11-02 12:22 . 2008-03-27 20:27   35040 c:\windows\system32\drivers\wdfldr.sys
+ 2008-04-14 00:15 . 2008-04-14 05:15   49408 c:\windows\system32\drivers\stream.sys
- 2008-04-14 00:15 . 2008-04-14 04:15   49408 c:\windows\system32\drivers\stream.sys
- 2009-03-07 02:21 . 2008-04-14 04:15   60160 c:\windows\system32\drivers\drmk.sys
+ 2009-03-07 02:21 . 2008-04-14 05:15   60160 c:\windows\system32\drivers\drmk.sys
- 2008-04-14 00:15 . 2008-04-14 04:15   49408 c:\windows\system32\dllcache\stream.sys
+ 2008-04-14 00:15 . 2008-04-14 05:15   49408 c:\windows\system32\dllcache\stream.sys
+ 2009-03-07 02:21 . 2008-04-14 05:15   60160 c:\windows\system32\dllcache\drmk.sys
- 2009-03-07 02:21 . 2008-04-14 04:15   60160 c:\windows\system32\dllcache\drmk.sys
+ 2008-05-02 03:05 . 2008-05-02 03:05   96512 c:\windows\system32\dllcache\atapi.sys
- 2008-05-02 03:05 . 2008-04-14 05:10   96512 c:\windows\system32\dllcache\atapi.sys
+ 2004-01-06 09:32 . 2004-01-06 09:32   65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2004-01-06 09:32 . 2004-01-06 09:32   18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2004-01-01 13:50 . 2008-04-14 09:41   4096 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\ksuser.dll
- 2009-03-07 02:21 . 2008-04-14 09:41   4096 c:\windows\system32\ksuser.dll
+ 2009-03-07 02:21 . 2008-04-14 10:41   4096 c:\windows\system32\ksuser.dll
- 2009-03-07 02:21 . 2008-04-14 09:41   4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-03-07 02:21 . 2008-04-14 10:41   4096 c:\windows\system32\dllcache\ksuser.dll
+ 2004-01-06 09:32 . 2004-01-06 09:32   5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2004-01-01 13:50 . 2008-04-14 04:49   146048 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\portcls.sys
+ 2004-01-01 13:50 . 2008-04-14 04:46   141056 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\ks.sys
+ 2008-05-02 03:05 . 2004-01-01 04:09   473296 c:\windows\system32\perfh009.dat
- 2008-05-02 03:05 . 2010-04-22 13:10   473296 c:\windows\system32\perfh009.dat
- 2010-04-18 13:34 . 2009-11-09 17:56   158600 c:\windows\system32\DRVSTORE\MAudioFast_05C7CD81B60E923B0D53011E91B8DD83902B13E7\MAudioFastTrackPro.sys
+ 2004-01-01 13:50 . 2009-11-09 18:56   158600 c:\windows\system32\DRVSTORE\MAudioFast_05C7CD81B60E923B0D53011E91B8DD83902B13E7\MAudioFastTrackPro.sys
+ 2006-11-02 12:22 . 2008-03-27 20:27   503008 c:\windows\system32\drivers\wdf01000.sys
- 2009-03-07 02:21 . 2008-04-14 04:49   146048 c:\windows\system32\drivers\portcls.sys
+ 2009-03-07 02:21 . 2008-04-14 05:49   146048 c:\windows\system32\drivers\portcls.sys
- 2008-04-14 00:46 . 2008-04-14 04:46   141056 c:\windows\system32\drivers\ks.sys
+ 2008-04-14 00:46 . 2008-04-14 05:46   141056 c:\windows\system32\drivers\ks.sys
- 2009-03-07 02:21 . 2008-04-14 04:49   146048 c:\windows\system32\dllcache\portcls.sys
+ 2009-03-07 02:21 . 2008-04-14 05:49   146048 c:\windows\system32\dllcache\portcls.sys
- 2008-04-14 00:46 . 2008-04-14 04:46   141056 c:\windows\system32\dllcache\ks.sys
+ 2008-04-14 00:46 . 2008-04-14 05:46   141056 c:\windows\system32\dllcache\ks.sys
+ 2004-01-05 12:43 . 2004-01-05 12:43   1094656 c:\windows\Installer\5334ec.msi
+ 2004-01-01 13:50 . 2004-01-01 13:50   1397760 c:\windows\Installer\1a9872d.msi
+ 2004-01-06 09:32 . 2004-01-06 09:32   1583616 c:\windows\Installer\17a125.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 303104]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 643592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   -c--a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42   72208   -c--a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10   35696   -c--a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22   1004544   -c--a-w-   c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-05-02 03:05   27648   -c--a-w-   c:\windows\system32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-05-02 03:05   15360   -c----w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40   687560   -c--a-w-   c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-MU USB Audio Control Panel]
2007-11-26 19:03   274432   -c----w-   c:\program files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2009-08-03 14:33   1626112   -c--a-w-   c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22   3739648   -c--a-w-   c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2008-12-05 01:23   2745776   -c--a-w-   c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06   1840424   -c--a-w-   c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 08:12   76304   -c--a-w-   c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 20:39   437584   -c--a-w-   c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-05-01 19:35   185640   -c--a-w-   c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50   4363504   -c--a-w-   c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2009-03-05 04:44   1074352   -c--a-w-   c:\program files\My Lockbox\mylbx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 13:31   2221352   -c--a-w-   c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 13:53   570664   -c--a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01   13529088   -c--a-w-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01   86016   -c--a-w-   c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01   1630208   -c--a-w-   c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-16 12:56   236016   -c--a-w-   c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
2009-03-15 20:43   44832   -c--a-w-   c:\program files\Sonique\SQStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Tracktion 3\\Tracktion.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/19/2010 12:12 AM 16384]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [3/15/2009 1:12 AM 43792]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/26/2009 8:10 PM 40560]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [6/7/2008 1:54 PM 84752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [4/3/2009 4:01 AM 1680704]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [11/26/2007 2:10 PM 20992]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [3/15/2009 1:12 AM 73344]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/8/2009 7:38 PM 304464]
R2 NetBurnerService;Net Burner iSCSI Service;c:\program files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe [6/7/2008 1:54 PM 223248]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [5/3/2009 10:52 PM 33792]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [1/1/2004 8:50 AM 158600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/8/2009 7:38 PM 20952]
R3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [3/16/2009 7:58 PM 65794]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [4/10/2009 9:26 AM 127496]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 12:49 PM 284016]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [11/26/2007 2:14 PM 163352]
S3 SliceDisk5;SliceDisk5;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\slicedisk.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\slicedisk.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/16/2009 5:47 PM 721904]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2004-01-06 07:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d8,7f,6c,0e,55,06,b5,10,b4,04,9a,39,b2,5d,1f,2e,d6,02,1f,bf,ec,
2e,ae,f7,be,5a,78,b4,25,18,53,d2,b6,67,fa,bd,8c,4b,a5,c4,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c204474a-cecf-41db-a1ce-9d8ca5632bd0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cb
"Therad"=dword:00000015
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2004-01-06 08:04:03 - machine was rebooted
ComboFix-quarantined-files.txt 2004-01-06 13:03
ComboFix2.txt 2004-01-06 07:21
ComboFix3.txt 2004-01-06 06:38
ComboFix4.txt 2010-04-24 17:22
ComboFix5.txt 2004-01-06 11:56

Pre-Run: 2,050,674,688 bytes free
Post-Run: 2,036,826,112 bytes free

- - End Of File - - 9BEF6681B7D0A7F12FCE049D5BDD824E

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 14, 2010, 09:10:29 PM

That looks better.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 03:48:35 AM

well, its been 6 hours and eset is only 11% through the scan.........Its found 405 infected files so far. When you say reset clock, hide file ext. and things was that suppose to be done automatic?

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 09:26:54 AM

this scan has been running for 12 hours......can i click stop and still get a report, is it suppose to run this long? Its found 752 infections so far, its been 99% complete for over 2 hours now and my computer is acting a little buggy. Will this scan let me clean the infected files or does it just show me results and I post them here? I hope this is clean soon, I really need my computer. Thanks for all your help buddy!

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 15, 2010, 10:20:02 AM

Is it still running?

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 10:28:58 AM

Yes it's still running.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 15, 2010, 10:31:08 AM

Go ahead and stop it. It shouldn't take that long to finish up.

If you can get the report then please post it.

Download the latest version of Kaspersky GetSystemInfo (GSI) (http://www.getsysteminfo.com/download/GetSystemInfo.exe) and save it to your desktop.

* Close all other applications running on your system.
* Double click GetSystemInfo.exe to open it.
* Click the Settings button and set it to Maximum then click OK
* IMPORTANT! Click Customize and then choose the Driver / Ports tab and uncheck Scan Ports then click OK and then click OK again.
* Next click the Create Report to run GetSystemInfo.

* When the scan is finished it will create a zip archive called GetSystemInfo_xxxxxxxxxxxxxxx.zip on your desktop.
* This ZIP archive will be automatically submitted for analysis to the Kaspersky GSI Parser website.
* The GSI Parser website will open.
* Copy the link from the GSI Parser website and post it in your next reply.

Note: If the auto-submission fails you will receive a message "The file can´t be uploaded automatically, Please try to upload the file manually from your browser".

* In that case please open the by clicking GSI Parser website (http://www.getsysteminfo.com/).
* Click Browse and find the GetSystemInfo_xxxxxxxxxxxxxxx.zip on your desktop
* Click Submit and wait until a green tabbed report appears.
* Copy the link from the GSI Parser website and post it in your next reply.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 10:36:24 AM

I stopped it, here's the report

C:\Documents and Settings\Administrator\Desktop\OLD COMPUTER DATA\$software trials\IDM_5.11.8-Lapaka\IDM 5.11.8\idman511f.exe   probably a variant of Win32/Rbot trojan   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\PACE.iLok.Generic.Trial.Patcher.1.0.tool-SND.zip   probably a variant of Win32/Agent trojan   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\Alcohol120_Retail_1.9.8.7612\Alcohol120 Retail 1.9.8.7612\Alcohol120 Retail 1.9.8.7612.exe   a variant of Win32/PSW.Fignotok.E trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\PACE.iLok.Generic.Trial.Patcher.1.0.tool-SND\snd.nfo.viewer.exe   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\SOUp104f_MegaRapidshare.com\OmniUp104f\Keygen.exe   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\BINA486.exe   probably a variant of Win32/Spy.Bancos.IV trojan   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\megamanager.exe   probably a variant of Win32/TrojanDropper.Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ10D1.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1110.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1125.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1164.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1512.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1516.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1517.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1518.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1519.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1527.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1531.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1538.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1542.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1548.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ154C.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ154D.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1551.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1555.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1556.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ155F.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1561.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1564.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1568.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ156F.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1577.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1578.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ157C.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1583.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ159C.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15A6.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15A9.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15AB.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15B3.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15B4.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15B7.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15B9.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15BB.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15C3.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15C5.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15CD.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15D0.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15D8.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ15E4.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ16C4.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1737.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1803.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1805.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1812.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ18FC.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1901.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1911.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1914.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1915.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1918.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ191B.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ191E.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1928.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1930.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1939.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ193B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1945.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ194A.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ194B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1950.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1951.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ195F.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1971.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1981.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1994.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1998.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ199B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19A2.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19AA.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19AC.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19AD.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19B1.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19B3.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19BB.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19BC.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19D5.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19E0.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19E1.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ19E2.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A01.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A08.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A10.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A14.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A1D.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A23.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A28.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A2A.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A2D.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A3E.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A4F.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A5C.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A63.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A66.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A7B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A83.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A84.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A8D.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1A8E.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AA4.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AAD.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AB4.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AB8.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AC8.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1ACC.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1ACF.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AD0.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AE1.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AE2.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AE3.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AE5.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AEA.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AFB.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1AFE.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B0B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B0E.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B1A.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B28.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B2D.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B34.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B3A.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B3D.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B47.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B4E.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B4F.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B51.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B52.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B55.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B56.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B68.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B75.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B76.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B77.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B7C.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1B85.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BA0.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BB8.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BBB.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BC2.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BC3.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BC6.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BC9.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BCE.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BDE.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BE1.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BE4.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BEA.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BEE.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BF1.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BF5.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1BFF.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C00.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C07.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C08.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C0A.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C12.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C13.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C22.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C26.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C28.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C29.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C32.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C35.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C36.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C3B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C3D.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C3E.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C4C.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C4F.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C54.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C56.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C5F.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C60.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C63.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C69.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C6C.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C6E.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C75.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C77.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C78.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C7D.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C91.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C94.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C9A.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1C9C.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1CC2.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1CCB.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1CD0.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1CD1.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1CDD.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1CE2.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1CF8.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1CFF.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D00.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D05.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D06.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D08.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D0D.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D14.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D18.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D26.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D27.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D2A.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D34.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D37.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D39.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D4E.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D55.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D56.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D64.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D6F.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D7F.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D81.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D82.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D83.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D88.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D89.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D92.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D9D.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1D9E.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DAB.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DAF.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DB3.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DB7.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DB8.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DBA.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DBC.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DD0.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DD2.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DDA.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DDD.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DE4.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DE7.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DEA.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DF0.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DF3.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DF6.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DF7.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1DFD.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E01.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 15, 2010, 10:38:57 AM

Those are all either already quarantined or are old cracks.

To change military time to standard time

Go to Start > Control Panel > Regional and Language Options
Click the Customize button
Select the Time tab
In the Time Format area use the down arrow to select: h:mm:ss tt
Click Apply
Click OK
Click Apply
Click OK

Restart the computer.

Let's see the GetSystemInfo link please.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 10:40:03 AM

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E09.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E0E.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E0F.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E15.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E1B.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E28.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E2E.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E34.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E3C.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E42.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E4F.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E51.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E58.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E59.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E67.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E6B.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E6E.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E82.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E85.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E86.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E8B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E8E.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E92.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E94.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1E9A.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EA0.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EB4.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EB6.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EBE.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EC6.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EC8.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EC9.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1ED4.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1ED8.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EE0.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EE6.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EEA.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EF0.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EF1.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EFD.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1EFF.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F09.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F0A.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F0B.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F12.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F14.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F18.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F1F.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F20.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F23.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F27.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F29.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F2A.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F2D.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F31.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F3F.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F40.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F43.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F46.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F48.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F4E.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F4F.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F54.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F5A.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F5D.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F5E.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F64.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F65.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F70.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F75.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F77.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F79.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F7D.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F7E.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F7F.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F8B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F8F.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F92.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F9A.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1F9C.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FA2.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FA4.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FAA.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FAD.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FAF.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FB3.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FB7.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FBB.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FBD.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FD3.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FD6.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FD9.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FE2.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FEC.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FF3.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FFD.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ1FFE.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2003.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2009.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ200A.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2013.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ201D.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ201F.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2028.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ202B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2032.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2035.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2037.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2038.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ203B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2041.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2043.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ204D.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ204F.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2057.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ205A.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ205F.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2068.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ20DA.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ20E3.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ20E4.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ20E5.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ20E9.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ20ED.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ20F5.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ20FA.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ20FE.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2109.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2115.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2116.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ211C.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ212E.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ21B5.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ21B6.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ21BC.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ21C2.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ238A.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2395.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ239B.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ239D.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ23FB.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2407.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2409.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ240F.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2433.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2439.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ243B.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2D86.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2D8D.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2D93.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2D99.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DA7.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DA8.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DAA.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DC2.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DCD.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DD9.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DDE.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DE8.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DEC.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DF8.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DF9.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DFA.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2DFF.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E02.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E08.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E11.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E13.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E14.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E41.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E43.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E4D.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E51.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E56.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E61.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E69.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E71.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E76.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E85.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E8E.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E94.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E98.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E9A.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E9C.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E9E.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2EA8.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2EB3.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2EC8.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2ECF.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2ED7.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2EE5.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2EEE.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F04.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F06.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F33.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F40.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F42.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F45.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F46.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F47.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F48.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F4C.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F5F.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F69.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F6C.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F77.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F7C.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F84.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F8C.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F8F.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F9B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2FA0.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2FA2.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2FB6.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2FBC.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2FC8.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2FCB.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2FD8.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2FDC.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2FDF.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2FF0.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2FF7.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3004.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ300B.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ300F.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3011.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3014.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3017.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3019.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ301F.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3023.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3031.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3032.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3039.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ303D.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ303E.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ304F.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ305C.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 10:40:23 AM

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ305D.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ305E.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ306A.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3099.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ309B.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ30A1.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ30A3.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ30BC.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ30C3.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ30CE.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ30D1.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ30D6.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ30DC.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ30E7.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ30F5.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3119.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ311C.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ311D.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3123.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3125.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3128.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3148.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ314A.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ314B.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ314C.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3154.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ315C.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3161.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3162.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3165.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3167.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ316C.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3181.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3188.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3198.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3199.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31A0.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31A3.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31A5.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31A9.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31AC.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31B0.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31B6.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31B9.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31CA.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31D1.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31D4.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31D7.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31D9.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31E1.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31E7.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31E9.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31EC.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31FD.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3202.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3203.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ320F.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3214.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3215.tmp   probably a variant of Win32/TrojanDownloader.Small trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3217.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ321F.tmp   PDF/Exploit.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3228.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ322D.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3C98.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ4612.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQDEB.tmp   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4B2F694A.TMP   probably a variant of Win32/Agent trojan   deleted - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4B2F69D9.TMP   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4B2F6A24.TMP   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4B2F7023.TMP   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4b31910e.tmp   PDF/Exploit.Pidief.OJS.Gen trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 15, 2010, 10:41:50 AM

C:\Documents and Settings\All Users\Application Data\Symantec <- Delete this folder.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 10:50:00 AM

here's the GSI Parser link

http://www.getsysteminfo.com/read.php?file=4a44c00dfc50732c586afc2d01feed0e

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 15, 2010, 10:58:51 AM

Logical Disk Name type File system
(C:) Local Fixed Disk space NTFS 465.75 Gb
Free space 1.9 Gb

Your hard drive is nearly full. That is likely the source of your performance issues.

Are there any other malware issues that you can tell?

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 11:09:39 AM

Wow I can actually log into my accounts!

I had to manually change the date from January 2004 to May 2010, also when i go to c documents and settings, all users, there isn't a folder thats called applications data there's 4 folders one desktop, favorites, shared documents, and start menu.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 15, 2010, 11:11:48 AM

Enable viewing of hidden system files & folders XP

Go to My Computer->Tools->Folder Options->View tab:

Under the Hidden files and folders heading:
Select Show hidden files and folders.
Uncheck Hide protected operating system files (recommended) option.
Also, make sure there is no checkmark beside Hide file extensions for known file types.
Click OK

.

Now see if you can find it.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 11:17:54 AM

i found the folder then clicked delete, i noticed it didn't seem to be making any progress after like 3 minutes, i got this message....can't delete quarantined access denied.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 15, 2010, 11:20:47 AM

Download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) to your desktop.

Note: If you are using Vista or Windows 7, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:files
C:\Documents and Settings\All Users\Application Data\Symantec

:Commands
[purity]
[createrestorepoint]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

* Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 11:59:58 AM

the list is pretty long, so i cut it short, because i'd have to make about 5 or 6 post to copy all of it.

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4003B folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4003A folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40039 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40038 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40037 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40036 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40035 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40034 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40033 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40032 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40031 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40030 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4002F folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4002E folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4002D folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4002C folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4002B folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4002A folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40029 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40028 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40027 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40026 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40025 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40024 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40023 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40022 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40021 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40020 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4001F folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4001E folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4001D folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4001C folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4001B folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4001A folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40019 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40018 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40017 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40016 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40015 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40014 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40013 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40012 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40011 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40010 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4000F folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4000E folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4000D folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4000C folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4000B folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D4000A folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40009 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40008 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40007 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40006 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40005 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40004 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40003 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40002 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40001 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10D40000 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900002 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900000 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F640002 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F640001 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F640000 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE40000 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D2C0008 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D2C0006 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D2C0005 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D2C0004 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D2C0003 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D2C0002 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D2C0001 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D2C0000 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D040000 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD80019 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD80018 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD80017 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD80016 folder moved successfully.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 15, 2010, 12:03:51 PM

How is the computer running now?

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 12:09:56 PM

things seem fine! Thank you so much!!!!!

So i'm clean? I never experienced a rootkit before, is there a particular program you'd recommend for me to prevent this happening again?

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 15, 2010, 12:15:11 PM

Quote from: goodie2010 on May 15, 2010, 12:09:56 PM

is there a particular program you'd recommend for me to prevent this happening again?

An antivirus will be a very good start to defending any form of malware.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) Microsoft Security Essentials for Windows XP (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_XP_d6243.html)

----------

If there are no more malware issues we can finish up now.

Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.

* Click Start Scanner
* Check the box next to Enable thorough system inspection.
* Click Start
* Allow the scan to finish and scroll down to see if any updates are needed.
* Update anything listed.

----------

Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

----------

If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page (http://www.microsoft.com/windows/ie/).

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I also suggest keeping CCleaner Slim (http://majorgeeks.com/download4191.html). It is an excellent and safe disk cleaner. Running CCleaner on a daily basis helps to protect your privacy and make your computer faster and more secure.

I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html).
* Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)

Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: goodie2010 on May 15, 2010, 12:17:32 PM

have to go to work for 5 hours, are you going to be available later or tomorrow? I really appreciate your help. If I don't respond, I will tonight or tomorrow, THANKS

Title: Re: atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..
Post by: evilfantasy on May 15, 2010, 12:18:01 PM

No problem. I'll be around.