malwarebytes snippet:
c:\WINDOWS\winlogon.exe (Trojan.Backdoor) -> 1936 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Backdoor) -> Value: winlogon ->
I am currently using usb antivirus. i only ever used symantec before, but i strangely see references to every AV in history on the OLT log. i dont understand much but i found that weird. i wish i could clean up the registry a bit at least all the references to symantec. meanwhile the malware appears to be aping symantec or using traces of it...
this computer i dont use on the net, its pretty much for music, so i try to keep turned off most things that could be running in the background.
kind regards.
_________________________________________________________________
__________________________OLT LOG file___________________________
OTL logfile created on: 5/14/2012 11:32:01 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = J:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 87.82% Memory free
7.08 Gb Paging File | 6.89 Gb Available in Paging File | 97.26% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.87 Gb Total Space | 30.25 Gb Free Space | 20.88% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 72.22 Gb Free Space | 24.23% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 213.98 Gb Free Space | 45.94% Space Free | Partition Type: NTFS
Drive J: | 249.77 Mb Total Space | 227.99 Mb Free Space | 91.28% Space Free | Partition Type: FAT32
Computer Name: D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/14 11:18:08 | 000,595,456 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
PRC - [2010/04/27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/04 08:35:54 | 001,632,776 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
PRC - [2008/10/29 12:13:08 | 000,372,384 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/10/23 01:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
========== Modules (No Company Name) ==========
MOD - [2008/10/29 12:13:08 | 000,372,384 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
MOD - [2002/05/14 18:22:34 | 000,122,880 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/04 08:35:54 | 001,632,776 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe -- (OxygenAudioDevMon)
SRV - [2010/01/25 13:06:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/17 23:04:00 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/10/29 12:13:08 | 000,372,384 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\usbkt1x1.sys -- (USBKT1X1)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\sthda.sys -- (STHDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys -- (EraserUtilDrv11110)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys -- (EraserUtilDrv10920)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/09 15:23:21 | 000,107,256 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Local Settings\Temp\esihdrv.sys -- (esihdrv)
DRV - [2010/09/30 13:59:16 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/09/30 13:59:16 | 000,061,824 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/03/04 08:35:52 | 000,112,136 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MAudioOxygen.sys -- (OXYGEN)
DRV - [2009/05/06 00:37:52 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2007/10/30 18:43:24 | 000,131,672 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/10/30 18:43:24 | 000,032,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2007/10/30 18:43:22 | 000,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/05/16 14:34:54 | 000,059,264 | ---- | M] (Echo Digital Audio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\echo1394.sys -- (echo1394)
DRV - [2007/05/11 19:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/03/16 14:59:40 | 000,054,272 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/05/09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2003/07/02 17:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\axwhisky.sys -- (axwhisky)
DRV - [2003/07/02 16:49:52 | 000,124,160 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\axwskbus.sys -- (axwskbus)
DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O1 HOSTS File: ([2009/04/13 09:19:00 | 000,002,114 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 16 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1204220996812 (WUWebControl Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/15 00:14:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0e2a9b88-14c7-11df-a077-001cc0219165}\Shell\AutoRun\command - "" = J:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{0e2a9b88-14c7-11df-a077-001cc0219165}\Shell\Install\command - "" = J:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{239c4dc0-ce26-11de-a026-001cc0219165}\Shell - "" = AutoRun
O33 - MountPoints2\{239c4dc0-ce26-11de-a026-001cc0219165}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{239c4dc0-ce26-11de-a026-001cc0219165}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{802352ac-d916-11de-a035-001cc0219165}\Shell - "" = AutoRun
O33 - MountPoints2\{802352ac-d916-11de-a035-001cc0219165}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{802352ac-d916-11de-a035-001cc0219165}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{802352ad-d916-11de-a035-001cc0219165}\Shell\AutoRun\command - "" = BUD\KNOW\DRG.exe
O33 - MountPoints2\{802352ad-d916-11de-a035-001cc0219165}\Shell\open\command - "" = BUD\KNOW\DRG.exe
O33 - MountPoints2\{925efcf4-cb07-11df-a183-8910f76346dd}\Shell - "" = AutoRun
O33 - MountPoints2\{925efcf4-cb07-11df-a183-8910f76346dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{925efcf4-cb07-11df-a183-8910f76346dd}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.EXE
O33 - MountPoints2\{925efcf4-cb07-11df-a183-8910f76346dd}\Shell\explore\command - "" = SYSTEM.EXE
O33 - MountPoints2\{925efcf4-cb07-11df-a183-8910f76346dd}\Shell\OpEn\ComMaNd - "" = SYSTEM.EXE
O33 - MountPoints2\{bf6ce2c1-4ac1-11dc-86e4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bf6ce2c1-4ac1-11dc-86e4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bf6ce2c1-4ac1-11dc-86e4-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/09 16:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\USBAntiVirus
[2012/05/09 16:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USBAntiVirus
[2012/05/09 15:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012/05/09 15:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/09 15:20:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/09 15:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/28 10:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Mellowmuse
[2012/04/27 16:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Plugin Alliance
[2012/04/27 16:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Brainworx Music
[2012/04/27 16:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\brainworx
[2012/04/27 16:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sakura
[2012/04/27 16:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\iZotope
[2012/04/27 10:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Softube
[2012/04/27 10:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\iZotope
[2012/04/27 10:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2012/04/25 22:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Waves
[2012/04/25 21:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Waves
[2012/04/25 21:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Waves
[2012/04/25 17:00:56 | 001,431,552 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll
[2012/04/23 10:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Image-Line
[2012/04/21 16:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FXpansion
[2012/04/21 16:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rob Papen Punch
[2012/04/21 15:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FXpansion
[2012/04/20 10:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Focusrite
[2012/04/20 10:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Focusrite
[2012/04/20 10:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Prodyon
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/14 11:30:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/13 14:32:47 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 14:30:13 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/10 11:14:06 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\svighost.dll
[2012/05/07 09:45:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/04 17:10:10 | 000,000,320 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2012/05/04 17:10:10 | 000,000,320 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2012/05/04 17:10:10 | 000,000,320 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2012/05/04 17:10:10 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\msregsvv.dll
[2012/05/04 17:10:10 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\autobk.inc
[2012/04/26 18:24:31 | 000,002,663 | ---- | M] () -- C:\Documents and Settings\Owner\memreport.html
[2012/04/22 00:36:04 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/20 11:08:19 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Cubase 5.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/10 11:14:06 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\svighost.dll
[2012/04/20 11:08:19 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Cubase 5.lnk
[2012/02/25 17:56:04 | 000,833,042 | ---- | C] () -- C:\WINDOWS\Reverence VST plug-in Uninstaller.exe
[2011/06/26 21:32:59 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\msregsvv.dll
[2011/06/26 21:32:59 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\autobk.inc
[2011/06/02 09:16:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2011/05/06 08:31:25 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2011/05/06 08:30:55 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011/03/28 08:58:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2011/03/28 08:58:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2011/01/24 12:27:01 | 010,440,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2011/01/03 16:03:48 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/03 16:03:46 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/03 16:03:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/03 16:03:36 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/09/19 12:08:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
========== LOP Check ==========
[2008/04/11 15:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArtsAcoustic
[2012/02/27 12:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Damage
[2010/04/10 15:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Ease
[2012/02/25 14:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
[2011/11/28 10:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/02/25 13:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2011/05/13 19:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iZotope
[2011/08/25 08:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
[2011/06/13 11:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2012/02/25 13:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Overloud
[2008/03/14 18:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/10/27 10:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2011/05/06 08:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2010/02/09 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tablet
[2011/06/13 16:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/25 14:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temporary
[2010/04/09 08:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toontrack
[2011/01/04 12:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets
[2011/10/05 13:50:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{13A9B825-42CB-4973-913D-2194B5A4CF94}
[2011/06/13 18:15:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{20EFD19B-675C-417B-A498-B0161D72FF88}
[2011/06/13 18:11:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}
[2010/10/13 16:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/12 17:33:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{47412DB1-63A5-4B59-ACAD-D67ABC1519DF}
[2011/05/07 08:27:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6D22FD89-ECF1-428D-AE30-710EA189D8C7}
[2011/05/07 08:30:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{85458792-1589-41EF-99EA-240E761AE593}
[2011/06/13 09:50:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
[2011/02/20 14:38:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF329843-149E-4A5A-82A1-0250286442D0}
[2011/02/20 14:44:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D4A35D06-4ABB-4672-8A3A-DA19E6EB8CD6}
[2010/03/17 17:35:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/02/20 14:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
[2011/06/13 18:15:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F751CA04-FB71-4EC0-ACC9-5B733D122C5E}
[2011/06/13 18:20:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F828BFD7-781D-4BD3-AD6C-71D19DC23493}
[2009/08/16 10:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alien Skin
[2010/09/04 17:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Antares
[2012/03/24 10:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artificial Audio
[2010/04/10 15:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Audio Ease
[2012/04/20 11:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Celemony Software GmbH
[2009/04/12 16:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.ExMan
[2011/02/24 16:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FabFilter
[2012/03/16 11:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FairStars Audio Converter
[2008/10/03 07:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FairStars CD Ripper
[2011/08/16 14:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IK Multimedia
[2012/04/27 10:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iZotope
[2008/04/11 15:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KORG
[2010/04/01 16:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexicon PCM Native
[2011/08/25 09:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Line 6
[2011/02/27 00:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\One
[2012/03/09 13:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Onyx F Series Console
[2008/06/12 17:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2012/02/25 16:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Overloud
[2010/01/03 12:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Plogue
[2010/01/02 13:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Plogue Art et Technologie, Inc
[2012/04/27 16:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Plugin Alliance
[2009/12/21 11:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QooDreamBox
[2008/03/04 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\REAPER
[2012/04/27 17:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sakura
[2008/03/14 17:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simplon
[2012/04/27 10:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softube
[2011/01/04 14:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Steinberg
[2008/03/14 17:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Timeless
[2008/03/14 17:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Twin
[2008/03/14 17:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Volcano
[2011/03/31 16:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VST3 Presets
[2011/05/05 21:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Waldorf
[2008/03/26 17:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Waves Audio
[2008/03/14 21:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Waves Preferences
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
< End of report >