sorry for this late response, had to run twice.
ComboFix 10-05-14.06 - Administrator 01/06/2004 7:38.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2710 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Autorun.inf
.
---- Previous Run -------
.
c:\program files\Messenger
c:\program files\Messenger\custsat.dll
c:\program files\Messenger\logowin.gif
c:\program files\Messenger\lvback.gif
c:\program files\Messenger\msgsc.dll
c:\program files\Messenger\msgslang.dll
c:\program files\Messenger\msmsgs.exe
c:\program files\Messenger\newalert.wav
c:\program files\Messenger\newemail.wav
c:\program files\Messenger\online.wav
c:\program files\Messenger\type.wav
c:\program files\Messenger\xpmsgr.chm
F:\autorun.inf
-- Previous Run --
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
--------
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
--------------- FCopy ---------------
c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2003-12-06 to 2004-01-06 )))))))))))))))))))))))))))))))
.
2010-05-03 21:47 . 2008-03-21 17:57 14640 -c----w- c:\windows\system32\spmsgXP_2k3.dll
2010-05-03 13:39 . 2010-05-03 13:39 581192 -c--a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-05-03 13:39 . 2010-05-03 13:39 1112288 -c--a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-05-03 11:14 . 2010-05-03 11:39 -------- dc----w- C:\N1
2010-05-03 11:11 . 2010-02-09 15:36 -------- dc----w- C:\android-sdk-windows
2010-05-03 10:35 . 2010-01-07 16:42 96256 -c--a-w- C:\AdbWinApi.dll
2010-05-03 10:35 . 2010-01-07 16:42 60928 -c--a-w- C:\AdbWinUsbApi.dll
2010-05-03 10:35 . 2010-01-07 16:42 2530671 -c--a-w- C:\adb.exe
2010-05-03 10:35 . 2010-01-07 16:42 994279 -c--a-w- C:\fastboot.exe
2010-05-03 10:24 . 2010-05-04 14:01 -------- dc----w- C:\superboot
2010-05-03 10:05 . 2010-05-03 11:09 -------- dc----w- c:\documents and settings\Administrator\.android
2010-05-03 09:46 . 2010-01-04 00:22 -------- dc----w- C:\fastboot
2010-04-26 10:33 . 2006-11-02 20:39 90112 -c--a-w- c:\windows\system32\stacsv.exe
2010-04-24 16:31 . 2010-04-24 17:15 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\wgfhrgevm
2010-04-23 01:57 . 2002-01-05 15:16 737280 -c--a-w- c:\windows\system32\msvcp70d.dll
2010-04-23 01:57 . 2002-01-05 15:16 536576 -c--a-w- c:\windows\system32\msvcr70d.dll
2010-04-23 01:00 . 2010-04-23 01:03 -------- dc----w- c:\program files\Common Files\KORG
2010-04-23 01:00 . 2010-04-23 01:00 -------- dc----w- c:\program files\KORG
2010-04-23 00:45 . 2009-05-19 20:21 86016 -c--a-w- c:\windows\system32\SYNSOPOS.exe
2010-04-22 13:38 . 2010-04-22 13:38 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\eLicenser
2010-04-22 13:34 . 2010-04-22 13:34 -------- dc----w- c:\program files\Cakewalk
2010-04-22 13:34 . 2010-04-22 13:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Cakewalk
2010-04-22 12:38 . 2010-04-22 12:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\documents and settings\Administrator\Application Data\Audio Ease
2010-04-22 12:20 . 2007-09-12 16:51 491520 -c--a-w- c:\windows\system32\libencdec.dll
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\program files\Audio Ease
2010-04-22 12:20 . 2010-04-22 12:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Audio Ease
2010-04-22 10:51 . 2010-04-22 10:51 2892 -c--a-w- c:\windows\system32\audcon.sys
2010-04-22 10:51 . 2010-04-22 10:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Syncrosoft
2010-04-22 10:49 . 2004-01-06 09:36 -------- dc----w- c:\documents and settings\All Users\Application Data\eLicenser
2010-04-22 10:49 . 2004-01-06 09:36 -------- dc----w- c:\program files\eLicenser
2010-04-22 10:48 . 2009-09-09 22:56 163840 -c--a-w- c:\windows\system32\ArtFfct.dll
2010-04-22 10:48 . 2010-04-23 02:01 -------- dc----w- c:\program files\Arturia
2010-04-22 10:48 . 2010-04-22 13:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Arturia
2010-04-22 10:45 . 2010-04-22 10:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}
2010-04-22 10:29 . 2010-04-22 12:57 -------- dc----w- c:\program files\Native Instruments
2010-04-22 10:21 . 2010-04-22 10:21 -------- dc----w- c:\documents and settings\All Users\Application Data\Temporary
2010-04-22 10:20 . 2010-04-22 10:20 -------- dc----w- c:\program files\Common Files\Celemony
2010-04-22 10:20 . 2010-04-22 10:20 -------- dc----w- c:\program files\Celemony
2010-04-22 10:13 . 2003-06-20 16:28 1777664 -c--a-w- c:\windows\system32\gdiplus.dll
2010-04-22 10:11 . 2010-04-22 10:11 -------- dc----w- c:\documents and settings\nexus
2010-04-22 10:07 . 2010-04-22 10:07 -------- dc----w- c:\program files\Image-Line
2010-04-21 09:09 . 2010-04-21 09:10 -------- dc----w- c:\program files\ConvertHelper
2010-04-21 09:07 . 2010-04-21 09:10 -------- dc----w- c:\documents and settings\Administrator\dwhelper
2010-04-19 05:28 . 2010-04-19 05:37 -------- dc----w- c:\documents and settings\Administrator\Application Data\Digidesign
2010-04-19 05:28 . 2010-04-19 05:28 -------- dc----w- C:\Digidesign Databases
2010-04-19 05:12 . 2006-12-09 02:50 16384 -c--a-w- c:\windows\system32\drivers\DigiFilt.sys
2010-04-19 05:10 . 2002-01-05 09:48 974848 -c--a-w- c:\windows\system32\mfc70.dll
2010-04-19 05:10 . 2001-06-27 14:13 217088 -c--a-w- c:\windows\system32\qtmlClient.dll
2010-04-19 05:10 . 2007-09-05 15:43 630784 -c----w- c:\windows\system32\ilinet.dll
2010-04-19 05:10 . 2007-10-31 07:16 3683014 -c--a-w- c:\windows\system32\DirectIO.dll
2010-04-19 05:10 . 2007-10-31 04:36 15872 -c--a-w- c:\windows\system32\digicoin.dll
2010-04-19 05:10 . 2007-10-31 04:03 659456 -c--a-w- c:\windows\system32\DSI.dll
2010-04-19 05:10 . 2007-10-31 04:03 1362460 -c--a-w- c:\windows\system32\ExpansionHD_Firmware.bin
2010-04-19 05:10 . 2007-10-31 03:03 270336 -c--a-w- c:\windows\system32\DigiPlatformSupport.dll
2010-04-19 05:10 . 2006-12-09 03:21 90112 -c--a-w- c:\windows\system32\WinMMFix.dll
2010-04-18 22:35 . 2010-04-18 22:35 69632 -c--a-w- c:\windows\system32\com.fxpansion.fxshared.dll
2010-04-18 13:36 . 2008-04-14 04:15 60032 -c--a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-04-18 13:36 . 2008-04-14 04:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-04-17 10:34 . 2010-04-19 05:17 -------- dc----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-04-17 10:34 . 2010-04-17 10:34 -------- dc----w- c:\program files\Common Files\PACE Anti-Piracy
2010-03-04 02:00 . 2010-04-19 05:28 -------- dc-ha-w- c:\documents and settings\Administrator\Local Settings\Application Data\7v7mN9FuX
2010-02-20 06:41 . 2004-01-01 15:13 -------- dc----w- c:\documents and settings\Administrator\Application Data\QuickScan
2010-01-24 12:01 . 2010-01-24 12:01 -------- dc----w- c:\program files\LUXONIX
2010-01-24 11:01 . 2010-04-23 01:12 16 -c--a-w- c:\windows\msocreg32.dat
2010-01-24 11:00 . 2010-01-24 11:01 -------- dc----w- c:\program files\Sonik Synth 2
2010-01-24 01:43 . 2010-04-22 12:28 -------- dc----w- c:\program files\Common Files\Native Instruments
2010-01-24 01:43 . 2010-04-22 10:33 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Native Instruments
2010-01-24 01:43 . 2010-01-24 01:43 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2010-01-24 01:30 . 2010-01-24 01:30 -------- dc----w- c:\program files\Smart Projects
2010-01-23 23:05 . 2010-01-23 23:05 -------- dc----w- c:\windows\vocoder
2010-01-23 22:56 . 2010-04-23 01:22 -------- dc----w- c:\documents and settings\Administrator\Application Data\Antares
2010-01-23 22:56 . 2010-04-23 01:22 -------- dc----w- c:\program files\Antares Audio Technologies
2010-01-08 23:59 . 2000-01-19 00:45 401484 -c--a-w- c:\windows\system32\Msvcrtd.dll
2010-01-08 23:59 . 2010-01-09 00:01 -------- dc----w- c:\program files\FXpansion DR-008 v1.21
2010-01-08 04:49 . 2010-04-19 05:10 -------- dc----w- c:\program files\Digidesign
2010-01-08 04:49 . 2010-01-24 10:18 -------- dc----w- c:\program files\Garritan Personal Orchestra
2010-01-08 04:07 . 2010-01-08 04:07 -------- dc----w- c:\program files\Alcohol Soft
2010-01-08 03:48 . 2009-10-12 02:58 1177600 -c--a-w- c:\windows\system32\SYNSOEMU.DLL
2010-01-08 03:47 . 2010-01-08 03:47 -------- dc----w- c:\program files\rgcaudio software
2010-01-08 03:46 . 2010-04-18 22:35 69632 -c--a-w- c:\windows\system32\FxShared.dll
2010-01-08 03:46 . 2010-04-18 22:44 -------- dc----w- c:\program files\FXpansion
2010-01-08 03:45 . 2010-04-19 05:28 -------- dc----w- c:\documents and settings\Administrator\Application Data\FXpansion
2010-01-05 01:32 . 2010-01-05 01:32 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Spectrasonics
2010-01-03 21:51 . 2010-01-03 21:51 -------- dc----w- c:\program files\Trend Micro
2010-01-03 14:00 . 2010-04-19 05:10 -------- dc----w- c:\program files\Common Files\Digidesign
2010-01-03 14:00 . 2010-01-03 14:30 -------- dc----w- c:\program files\Spectrasonics
2009-12-27 02:14 . 2009-12-27 02:14 -------- dc----w- c:\program files\Seagate
2009-12-27 02:14 . 2009-12-27 02:14 -------- dc----w- c:\documents and settings\All Users\Application Data\Seagate
2009-12-27 02:13 . 2009-12-27 02:13 -------- dcsh--w- c:\windows\ftpcache
2009-12-27 02:09 . 2009-12-27 02:09 -------- dc----w- c:\documents and settings\Administrator\Application Data\Leadertech
2009-12-09 00:38 . 2009-12-09 00:38 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-09 00:38 . 2010-04-29 20:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 00:38 . 2009-12-09 00:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-09 00:38 . 2010-04-29 20:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-09 00:38 . 2004-01-06 11:16 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 23:15 . 2010-02-18 16:55 -------- dc----w- c:\program files\Ask.com
2009-11-22 23:14 . 2009-11-22 23:15 -------- dc----w- c:\program files\Common Files\DVDVideoSoft
2009-11-22 23:14 . 2009-11-22 23:14 -------- dc----w- c:\program files\DVDVideoSoft
2009-11-13 22:33 . 2010-04-19 05:17 -------- dc----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy
2009-11-13 22:33 . 2009-11-13 22:33 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy
2009-11-13 22:17 . 2009-11-13 22:17 -------- dc----w- c:\documents and settings\All Users\Application Data\Line 6
2009-11-13 22:17 . 2006-03-29 19:11 233472 -c--a-w- c:\windows\system32\REX Shared Library.dll
2009-11-13 22:17 . 2009-11-13 22:17 406528 -c--a-w- c:\windows\system32\ReWire.dll
2009-11-13 22:16 . 2009-11-13 22:16 -------- dc----w- c:\program files\CodeMeter
2009-11-12 02:43 . 2009-11-12 02:43 -------- dc----w- C:\spoolerlogs
2009-11-11 08:52 . 2009-11-11 08:52 -------- dc----w- c:\documents and settings\All Users\Application Data\kds_kodak
2009-11-10 10:33 . 2009-11-10 10:33 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-09 18:56 . 2009-11-09 18:56 643592 -c--a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2009-11-09 18:56 . 2009-11-09 18:56 32776 -c--a-w- c:\windows\system32\mausbasio.dll
2009-11-09 18:56 . 2009-11-09 18:56 2526185 -c--a-w- c:\windows\system32\madiousb.dll
2009-11-07 14:56 . 2009-11-07 14:56 -------- dc----w- c:\documents and settings\All Users\Application Data\Eastman Kodak Company
2009-11-07 14:53 . 2009-11-07 14:53 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eastman_Kodak_Company
2009-11-07 14:52 . 2009-11-07 15:04 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eastman Kodak Company
2009-11-07 14:52 . 2009-11-07 14:52 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\KODAK
2009-11-07 14:52 . 2009-11-07 14:52 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
2009-11-07 14:50 . 2009-08-03 14:33 192512 -c--a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2009-11-07 14:50 . 2009-08-03 14:33 405504 -c--a-w- c:\windows\system32\EKIJ5000MON.dll
2009-11-07 14:49 . 2009-11-07 14:52 -------- dc----w- c:\program files\Kodak
2009-11-07 11:04 . 2009-11-07 11:04 -------- dc----w- c:\program files\Bonjour
2009-11-07 11:04 . 2009-11-07 11:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-07 11:03 . 2009-11-07 14:48 -------- dc----w- c:\documents and settings\Administrator\Application Data\Temp
2009-11-07 10:58 . 2010-01-03 21:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Kodak
2009-11-07 10:57 . 2009-11-07 14:50 -------- dc----w- c:\windows\system32\kodak
2009-11-07 10:57 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\wiafbdrv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 21:48 . 2010-05-03 21:48 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-05-03 21:47 . 2010-05-03 21:47 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-24 16:37 . 2010-04-24 16:37 0 -c--a-w- c:\documents and settings\Administrator\ntuser.tmp
2010-04-22 10:20 . 2009-03-07 02:21 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-01-08 23:59 . 2009-05-04 03:56 -------- dc----w- c:\program files\Steinberg
2010-01-08 02:49 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-11-09 18:56 . 2004-01-01 13:50 158600 -c--a-w- c:\windows\system32\drivers\MAudioFastTrackPro.sys
2009-08-22 18:11 . 2001-12-11 12:17 414272 -c--a-w- c:\windows\system32\DivXc32.dll
2009-08-22 18:11 . 2001-11-27 00:19 414272 -c--a-w- c:\windows\system32\DivXc32f.dll
2009-08-22 18:11 . 2001-12-08 20:20 33280 -c--a-w- c:\windows\system32\HUFFYUV.DLL
2009-06-16 14:36 . 2008-05-02 03:05 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-05-02 03:05 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2008-05-02 03:05 1291264 -c--a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2008-05-02 03:05 345600 -c--a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2008-05-02 03:05 827392 -c----w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-05-02 03:05 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-04-24 01:33 . 2009-03-07 02:21 -------- dc----w- c:\program files\Common Files\InstallShield
2009-04-17 12:26 . 2008-05-02 03:05 1847168 -c--a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-05-02 03:05 585216 -c--a-w- c:\windows\system32\rpcrt4.dll
2009-03-24 23:16 . 2009-03-22 10:32 -------- dc----w- c:\program files\ffdshow
2009-03-24 23:16 . 2009-03-22 10:32 -------- dc----w- c:\program files\AC3Filter
2009-03-24 23:16 . 2009-03-22 12:36 -------- dc----w- c:\program files\IrfanView
2009-03-24 23:16 . 2009-03-24 23:16 -------- dc----w- c:\program files\SigmaTel
2009-03-24 23:16 . 2009-03-22 22:11 -------- dc----w- c:\program files\GoldWave 5.20
2009-03-24 23:16 . 2009-03-23 22:58 -------- dc----w- c:\program files\IDT(2)
2009-03-24 23:13 . 2009-03-24 23:13 -------- dc----w- c:\program files\MSXML 4.0
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-24 23:12 . 2009-03-24 23:12 -------- dc----w- c:\program files\DAEMON Tools Lite
2009-03-24 09:34 . 2009-03-22 22:02 5072 -c--a-w- c:\windows\system32\drivers\sthdae.log
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-07 17:40 . 2009-03-07 17:40 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-07 02:47 . 2009-03-07 01:58 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-07 01:59 . 2009-03-07 01:59 -------- dc----w- c:\program files\microsoft frontpage
2009-03-07 01:56 . 2009-03-07 01:56 21640 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-03-06 15:57 . 2009-03-06 15:57 83448 -c--a-w- c:\windows\system32\CddbLangJA.dll
2009-03-06 15:57 . 2009-03-06 15:57 808440 -c--a-w- c:\windows\system32\CDDBUI.dll
2009-03-06 15:57 . 2009-03-06 15:57 796152 -c--a-w- c:\windows\system32\CDDBControl.dll
2009-03-06 15:57 . 2009-03-06 15:57 108024 -c--a-w- c:\windows\system32\CddbLangIT.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangNL.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangFR.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangES.dll
2009-03-06 15:57 . 2009-03-06 15:57 103928 -c--a-w- c:\windows\system32\CddbLangDE.dll
2009-03-06 14:22 . 2008-05-02 03:05 284160 -c--a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2008-05-02 03:05 729088 -c--a-w- c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2009-03-07 01:55 453120 -c--a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10 . 2009-03-07 01:54 473600 -c--a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10 . 2008-05-02 03:05 714752 -c--a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-05-02 03:05 617472 -c--a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-05-02 03:05 401408 -c----w- c:\windows\system32\rpcss.dll
2009-02-06 11:11 . 2008-05-02 03:05 110592 -c----w- c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-05-02 03:05 2145280 -c----w- c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-05-02 03:05 35328 -c--a-w- c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 -c----w- c:\windows\system32\ntkrnlpa.exe
2009-02-06 10:10 . 2009-03-07 01:55 227840 -c--a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-02-03 19:59 . 2008-05-02 03:05 56832 -c--a-w- c:\windows\system32\secur32.dll
2008-12-16 12:30 . 2008-05-02 03:05 354304 -c--a-w- c:\windows\system32\winhttp.dll
2008-12-12 16:18 . 2008-12-12 16:18 87336 -c--a-w- c:\windows\system32\dns-sd.exe
2008-12-12 16:11 . 2008-12-12 16:11 65536 -c--a-w- c:\windows\system32\jdns_sd.dll
2008-12-12 16:11 . 2008-12-12 16:11 61440 -c--a-w- c:\windows\system32\dnssd.dll
2008-12-11 10:57 . 2008-05-02 03:05 333952 -c--a-w- c:\windows\system32\drivers\srv.sys
2008-12-05 06:54 . 2008-05-02 03:05 144896 -c--a-w- c:\windows\system32\schannel.dll
2008-10-30 01:43 . 2008-10-30 01:43 1204128 -c--a-w- c:\windows\system32\drivers\AGRSM.sys
2008-10-24 11:21 . 2008-05-02 03:05 455296 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 . 2008-05-02 03:05 286720 -c--a-w- c:\windows\system32\gdi32.dll
2008-10-16 19:13 . 2009-03-07 01:57 1809944 -c--a-w- c:\windows\system32\wuaueng.dll
2008-10-16 19:12 . 2009-03-07 01:57 202776 -c--a-w- c:\windows\system32\wuweb.dll
2008-10-16 19:12 . 2009-03-07 01:57 323608 -c--a-w- c:\windows\system32\wucltui.dll
2008-10-16 19:12 . 2009-03-07 01:57 561688 -c--a-w- c:\windows\system32\wuapi.dll
2008-10-16 19:12 . 2009-03-07 01:57 561688 -c--a-w- c:\windows\system32\wuapi(2)(2).dll
2008-10-16 19:09 . 2009-03-07 01:57 51224 -c----w- c:\windows\system32\wuauclt.exe
2008-10-16 19:09 . 2008-05-02 03:05 92696 -c--a-w- c:\windows\system32\cdm.dll
2008-10-16 19:08 . 2009-03-07 01:57 34328 -c--a-w- c:\windows\system32\wups.dll
2008-10-16 19:08 . 2009-03-07 01:57 34328 -c--a-w- c:\windows\system32\wups(2)(2).dll
2008-10-03 10:02 . 2008-05-02 03:05 247326 -c--a-w- c:\windows\system32\strmdll.dll
2008-09-30 20:43 . 2008-09-30 20:43 1286152 -c--a-w- c:\windows\system32\msxml4.dll
2008-09-26 20:13 . 2008-09-26 20:13 55816 -c--a-w- c:\windows\agrsmdel.exe
2008-09-12 10:44 . 2008-12-04 11:42 206256 -c--a-w- c:\windows\system32\idmmbc.dll
2008-09-10 01:14 . 2008-05-02 03:05 1307648 -c--a-w- c:\windows\system32\msxml6.dll
2008-09-06 04:29 . 2008-09-06 04:29 917032 -c--a-w- c:\windows\system32\WgaTray.exeold.exe
2008-09-04 17:15 . 2008-05-02 03:05 1106944 -c--a-w- c:\windows\system32\msxml3.dll
2008-08-26 19:32 . 2008-08-26 19:32 13824 -c--a-w- c:\windows\system32\agrscoin.dll
2008-08-14 10:04 . 2008-05-02 03:05 138496 -c--a-w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:26 . 2008-05-02 03:05 253952 -c----w- c:\windows\system32\es.dll
2008-06-24 23:12 . 2006-10-19 02:47 295936 -c----w- c:\windows\system32\wmpeffects.dll
2008-06-24 20:06 . 2008-06-24 20:06 972072 -c--a-w- c:\windows\UNNeroMediaHome.exe
2008-06-24 16:43 . 2008-05-02 03:05 74240 -c--a-w- c:\windows\system32\mscms.dll
2008-06-20 17:46 . 2008-05-02 03:05 245248 -c----w- c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2008-05-02 03:05 361600 -c----w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08 . 2008-05-02 03:05 225856 -c--a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-18 10:03 . 2008-05-02 03:05 938496 -c--a-w- c:\windows\system32\WMNetmgr.dll
2008-06-18 06:09 . 2008-05-02 03:05 100864 -c--a-w- c:\windows\system32\logagent.exe
2008-06-12 14:23 . 2009-03-07 01:55 956928 -c--a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23 . 2009-03-07 01:55 91648 -c--a-w- c:\windows\system32\mtxoci.dll
2008-06-12 14:23 . 2009-03-07 01:55 58880 -c--a-w- c:\windows\system32\msdtclog.dll
2008-06-12 14:23 . 2009-03-07 01:55 428032 -c--a-w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:23 . 2009-03-07 01:55 161792 -c--a-w- c:\windows\system32\msdtcuiu.dll
2008-06-12 14:23 . 2008-05-02 03:05 66560 -c--a-w- c:\windows\system32\mtxclu.dll
2008-06-08 13:37 . 2008-06-08 13:37 132904 -c--a-w- c:\windows\system32\drivers\imagesrv.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-04-24_17.16.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-01-06 12:51 . 2004-01-06 12:51 16384 c:\windows\temp\Perflib_Perfdata_1dc.dat
+ 2006-11-02 11:00 . 2006-11-02 11:00 24136 c:\windows\system32\winusb.dll
+ 2004-01-01 13:50 . 2008-04-14 10:42 23552 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\wdmaud.drv
+ 2004-01-01 13:50 . 2008-04-14 04:15 60032 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\USBAUDIO.sys
+ 2004-01-01 13:50 . 2008-04-14 04:15 49408 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\stream.sys
+ 2004-01-01 13:50 . 2008-04-14 04:15 60160 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\drmk.sys
- 2008-05-02 03:05 . 2010-04-22 13:10 77316 c:\windows\system32\perfc009.dat
+ 2008-05-02 03:05 . 2004-01-01 04:09 77316 c:\windows\system32\perfc009.dat
+ 2006-11-02 11:00 . 2006-11-02 11:00 39368 c:\windows\system32\drivers\winusb.sys
+ 2006-11-02 12:22 . 2008-03-27 20:27 35040 c:\windows\system32\drivers\wdfldr.sys
+ 2008-04-14 00:15 . 2008-04-14 05:15 49408 c:\windows\system32\drivers\stream.sys
- 2008-04-14 00:15 . 2008-04-14 04:15 49408 c:\windows\system32\drivers\stream.sys
- 2009-03-07 02:21 . 2008-04-14 04:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2009-03-07 02:21 . 2008-04-14 05:15 60160 c:\windows\system32\drivers\drmk.sys
- 2008-04-14 00:15 . 2008-04-14 04:15 49408 c:\windows\system32\dllcache\stream.sys
+ 2008-04-14 00:15 . 2008-04-14 05:15 49408 c:\windows\system32\dllcache\stream.sys
+ 2009-03-07 02:21 . 2008-04-14 05:15 60160 c:\windows\system32\dllcache\drmk.sys
- 2009-03-07 02:21 . 2008-04-14 04:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2008-05-02 03:05 . 2008-05-02 03:05 96512 c:\windows\system32\dllcache\atapi.sys
- 2008-05-02 03:05 . 2008-04-14 05:10 96512 c:\windows\system32\dllcache\atapi.sys
+ 2004-01-06 09:32 . 2004-01-06 09:32 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2004-01-06 09:32 . 2004-01-06 09:32 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2004-01-01 13:50 . 2008-04-14 09:41 4096 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\ksuser.dll
- 2009-03-07 02:21 . 2008-04-14 09:41 4096 c:\windows\system32\ksuser.dll
+ 2009-03-07 02:21 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser.dll
- 2009-03-07 02:21 . 2008-04-14 09:41 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-03-07 02:21 . 2008-04-14 10:41 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2004-01-06 09:32 . 2004-01-06 09:32 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2004-01-01 13:50 . 2008-04-14 04:49 146048 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\portcls.sys
+ 2004-01-01 13:50 . 2008-04-14 04:46 141056 c:\windows\system32\ReinstallBackups\0031\DriverFiles\i386\ks.sys
+ 2008-05-02 03:05 . 2004-01-01 04:09 473296 c:\windows\system32\perfh009.dat
- 2008-05-02 03:05 . 2010-04-22 13:10 473296 c:\windows\system32\perfh009.dat
- 2010-04-18 13:34 . 2009-11-09 17:56 158600 c:\windows\system32\DRVSTORE\MAudioFast_05C7CD81B60E923B0D53011E91B8DD83902B13E7\MAudioFastTrackPro.sys
+ 2004-01-01 13:50 . 2009-11-09 18:56 158600 c:\windows\system32\DRVSTORE\MAudioFast_05C7CD81B60E923B0D53011E91B8DD83902B13E7\MAudioFastTrackPro.sys
+ 2006-11-02 12:22 . 2008-03-27 20:27 503008 c:\windows\system32\drivers\wdf01000.sys
- 2009-03-07 02:21 . 2008-04-14 04:49 146048 c:\windows\system32\drivers\portcls.sys
+ 2009-03-07 02:21 . 2008-04-14 05:49 146048 c:\windows\system32\drivers\portcls.sys
- 2008-04-14 00:46 . 2008-04-14 04:46 141056 c:\windows\system32\drivers\ks.sys
+ 2008-04-14 00:46 . 2008-04-14 05:46 141056 c:\windows\system32\drivers\ks.sys
- 2009-03-07 02:21 . 2008-04-14 04:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2009-03-07 02:21 . 2008-04-14 05:49 146048 c:\windows\system32\dllcache\portcls.sys
- 2008-04-14 00:46 . 2008-04-14 04:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2008-04-14 00:46 . 2008-04-14 05:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2004-01-05 12:43 . 2004-01-05 12:43 1094656 c:\windows\Installer\5334ec.msi
+ 2004-01-01 13:50 . 2004-01-01 13:50 1397760 c:\windows\Installer\1a9872d.msi
+ 2004-01-06 09:32 . 2004-01-06 09:32 1583616 c:\windows\Installer\17a125.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 303104]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 643592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 -c--a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 -c--a-w- c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-05-02 03:05 27648 -c--a-w- c:\windows\system32\conime.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-05-02 03:05 15360 -c----w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 -c--a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-MU USB Audio Control Panel]
2007-11-26 19:03 274432 -c----w- c:\program files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2009-08-03 14:33 1626112 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 -c--a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2008-12-05 01:23 2745776 -c--a-w- c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06 1840424 -c--a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 08:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 20:39 437584 -c--a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-05-01 19:35 185640 -c--a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2009-03-05 04:44 1074352 -c--a-w- c:\program files\My Lockbox\mylbx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 13:31 2221352 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 13:53 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 -c--a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01 86016 -c--a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01 1630208 -c--a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-16 12:56 236016 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
2009-03-15 20:43 44832 -c--a-w- c:\program files\Sonique\SQStart.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Tracktion 3\\Tracktion.exe"=
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/19/2010 12:12 AM 16384]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [3/15/2009 1:12 AM 43792]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/26/2009 8:10 PM 40560]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [6/7/2008 1:54 PM 84752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [4/3/2009 4:01 AM 1680704]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [11/26/2007 2:10 PM 20992]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [3/15/2009 1:12 AM 73344]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/8/2009 7:38 PM 304464]
R2 NetBurnerService;Net Burner iSCSI Service;c:\program files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe [6/7/2008 1:54 PM 223248]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [5/3/2009 10:52 PM 33792]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [1/1/2004 8:50 AM 158600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/8/2009 7:38 PM 20952]
R3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [3/16/2009 7:58 PM 65794]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [4/10/2009 9:26 AM 127496]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 12:49 PM 284016]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [11/26/2007 2:14 PM 163352]
S3 SliceDisk5;SliceDisk5;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\slicedisk.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\slicedisk.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/16/2009 5:47 PM 721904]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l8r50sm9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-klmdb.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2004-01-06 07:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d8,7f,6c,0e,55,06,b5,10,b4,04,9a,39,b2,5d,1f,2e,d6,02,1f,bf,ec,
2e,ae,f7,be,5a,78,b4,25,18,53,d2,b6,67,fa,bd,8c,4b,a5,c4,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c204474a-cecf-41db-a1ce-9d8ca5632bd0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cb
"Therad"=dword:00000015
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2004-01-06 08:04:03 - machine was rebooted
ComboFix-quarantined-files.txt 2004-01-06 13:03
ComboFix2.txt 2004-01-06 07:21
ComboFix3.txt 2004-01-06 06:38
ComboFix4.txt 2010-04-24 17:22
ComboFix5.txt 2004-01-06 11:56
Pre-Run: 2,050,674,688 bytes free
Post-Run: 2,036,826,112 bytes free
- - End Of File - - 9BEF6681B7D0A7F12FCE049D5BDD824E