Computer is running very slow and whenever turned on I receive a message asking if I would like to report Error or ignore. This happens everytime without fail. I have reported and ignored it but no change. Please help
I have run hijck this and here is the result
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:11, on 05/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,Ir32_y.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 11551 bytes
Anyone halps would be great
Thank you Rebecca
Full Version: Slow loading, error messages, error reporting
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Thank you for your reply
Report from combofix
ComboFix 08-11-05.02 - Betty Boop 2008-11-07 10:48:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.509 [GMT 0:00]
Running from: c:\documents and settings\Betty Boop\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Betty Boop\My Documents\Uiniversity\USB\User Manual\_desktop.ini
c:\documents and settings\Betty Boop\My Documents\Uiniversity\USB\Win98 Driver\_desktop.ini
c:\documents and settings\Betty Boop\My Documents\User Manual\_desktop.ini
c:\documents and settings\Betty Boop\My Documents\Win98 Driver\_desktop.ini
c:\documents and settings\Dazza\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\terry\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\windows\BM53783cbf.txt
c:\windows\BM53783cbf.xml
c:\windows\cookies.ini
c:\windows\system32\bsohsmjm.ini
c:\windows\system32\Ir32_a.exe
c:\windows\system32\Ir32_b.exe
c:\windows\system32\JiRrrBeg.ini2
c:\windows\system32\yrnpaiaq.ini
.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.
2008-10-29 18:45 . 2008-10-29 18:45 53,316 --a------ c:\windows\system32\atlsystem250449.exe
2008-10-29 18:45 . 2008-10-29 18:45 19,297 --a------ c:\windows\system32\atlsystem215171.exe
2008-10-29 18:44 . 2008-10-29 18:45 55,808 --a------ c:\windows\system32\atlsystem389570.exe
2008-10-29 18:44 . 2008-10-29 18:44 22,016 --a------ c:\windows\system32\atlsystem999354.exe
2008-10-29 17:01 . 2008-10-29 17:01 55,808 --a------ c:\windows\system32\atlsystem34341.exe
2008-10-29 17:01 . 2008-10-29 17:01 53,316 --a------ c:\windows\system32\atlsystem620411.exe
2008-10-29 17:01 . 2008-10-29 17:01 22,016 --a------ c:\windows\system32\atlsystem464326.exe
2008-10-29 17:01 . 2008-10-29 17:01 19,297 --a------ c:\windows\system32\atlsystem102529.exe
2008-10-29 11:55 . 2008-10-29 11:55 55,808 --a------ c:\windows\system32\atlsystem806119.exe
2008-10-29 11:55 . 2008-10-29 11:55 53,316 --a------ c:\windows\system32\atlsystem856222.exe
2008-10-29 11:55 . 2008-10-29 11:55 22,016 --a------ c:\windows\system32\atlsystem452978.exe
2008-10-29 11:55 . 2008-10-29 11:55 19,297 --a------ c:\windows\system32\atlsystem309847.exe
2008-10-28 21:19 . 2008-10-28 21:19 55,808 --a------ c:\windows\system32\atlsystem788283.exe
2008-10-28 21:19 . 2008-10-28 21:19 53,316 --a------ c:\windows\system32\atlsystem493540.exe
2008-10-28 21:19 . 2008-10-28 21:19 22,016 --a------ c:\windows\system32\atlsystem685775.exe
2008-10-28 21:19 . 2008-10-28 21:19 19,297 --a------ c:\windows\system32\atlsystem269805.exe
2008-10-28 17:12 . 2008-10-28 17:12 55,808 --a------ c:\windows\system32\atlsystem87458.exe
2008-10-28 17:12 . 2008-10-28 17:12 53,316 --a------ c:\windows\system32\atlsystem857743.exe
2008-10-28 17:12 . 2008-10-28 17:12 19,297 --a------ c:\windows\system32\atlsystem342334.exe
2008-10-28 17:11 . 2008-10-28 17:12 22,016 --a------ c:\windows\system32\atlsystem192109.exe
2008-10-28 15:41 . 2008-10-28 15:41 55,808 --a------ c:\windows\system32\atlsystem861812.exe
2008-10-28 15:41 . 2008-10-28 15:41 53,316 --a------ c:\windows\system32\atlsystem377845.exe
2008-10-28 15:41 . 2008-10-28 15:41 22,016 --a------ c:\windows\system32\atlsystem919457.exe
2008-10-28 15:41 . 2008-10-28 15:41 19,297 --a------ c:\windows\system32\atlsystem301132.exe
2008-10-28 09:32 . 2008-10-28 09:32 55,808 --a------ c:\windows\system32\atlsystem847449.exe
2008-10-28 09:32 . 2008-10-28 09:32 53,316 --a------ c:\windows\system32\atlsystem615710.exe
2008-10-28 09:32 . 2008-10-28 09:32 22,016 --a------ c:\windows\system32\atlsystem963203.exe
2008-10-28 09:32 . 2008-10-28 09:32 19,297 --a------ c:\windows\system32\atlsystem790631.exe
2008-10-27 22:27 . 2008-10-27 22:27 55,808 --a------ c:\windows\system32\atlsystem932935.exe
2008-10-27 22:27 . 2008-10-27 22:27 53,316 --a------ c:\windows\system32\atlsystem7650.exe
2008-10-27 22:27 . 2008-10-27 22:27 22,016 --a------ c:\windows\system32\atlsystem999816.exe
2008-10-27 22:27 . 2008-10-27 22:27 19,297 --a------ c:\windows\system32\atlsystem399356.exe
2008-10-27 17:16 . 2008-10-27 17:16 55,808 --a------ c:\windows\system32\atlsystem569253.exe
2008-10-27 17:16 . 2008-10-27 17:16 53,316 --a------ c:\windows\system32\atlsystem672529.exe
2008-10-27 17:16 . 2008-10-27 17:16 22,016 --a------ c:\windows\system32\atlsystem667939.exe
2008-10-27 17:16 . 2008-10-27 17:16 19,297 --a------ c:\windows\system32\atlsystem574611.exe
2008-10-26 20:46 . 2008-10-29 17:01 28,672 --a------ c:\windows\system32\sysff11.dll
2008-10-26 20:46 . 2008-10-26 20:46 19,297 --a------ c:\windows\system32\atlsystem563735.exe
2008-10-26 20:45 . 2008-10-26 20:45 73,728 --a------ c:\windows\system32\Lka291_398.dll
2008-10-26 20:45 . 2008-10-26 20:45 55,808 --a------ c:\windows\system32\atlsystem135326.exe
2008-10-26 20:45 . 2008-10-26 20:46 53,316 --a------ c:\windows\system32\atlsystem42171.exe
2008-10-26 20:45 . 2008-10-26 20:45 22,016 --a------ c:\windows\system32\atlsystem678968.exe
2008-10-26 20:45 . 2008-10-29 18:44 11,776 --a------ c:\windows\system32\hf1001.dll
2008-10-26 20:45 . 2008-10-26 20:45 21 --a------ c:\windows\download1
2008-10-23 17:04 . 2008-10-23 17:04 <DIR> d--h----- C:\BJPrinter
2008-10-23 17:04 . 2004-05-21 05:00 7,680 --a------ c:\windows\system32\CNMVS66.DLL
2008-10-23 17:03 . 2004-05-21 05:00 116,736 --a------ c:\windows\system32\CNMLM66.DLL
2008-10-23 17:00 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-23 17:00 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-10-13 16:33 . 2008-10-18 11:44 <DIR> d-------- c:\program files\Ken Ward's Makeup
2008-10-07 16:57 . 2008-10-07 16:57 <DIR> d-------- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 10:56 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-31 17:58 --------- d-----w c:\program files\Norton Security Scan
2008-10-30 22:21 --------- d-----w c:\program files\Symantec
2008-10-26 14:27 --------- d-----w c:\program files\EA GAMES
2008-10-18 11:45 --------- d-----w c:\program files\Real
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-23 13:48 --------- d-----w c:\program files\Google
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-13 19:40 --------- d-----w c:\documents and settings\Betty Boop\Application Data\Apple Computer
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 09:57 2,185,984 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:57 2,185,984 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 09:55 2,142,720 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:18 2,062,976 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 09:18 2,062,976 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:18 2,020,864 ------w c:\windows\system32\dllcache\ntkrpamp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"Boots Insert Detect"="c:\program files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 262144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-11 26112]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-16 52848]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3FDEB171-8F86-0005-0001-69B8DB553683}"= "c:\windows\system32\sysff11.dll" [2008-10-29 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 download02;Remote Access;c:\windows\System32\svchost.exe [2004-08-04 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
download02
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-11-06 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
2008-10-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Betty Boop.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-23 12:13]
2008-10-31 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]
2006-11-20 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 13:00]
2008-11-06 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-workflow - d:\installs\workflow.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Betty Boop\Application Data\Mozilla\Firefox\Profiles\c8iccfir.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 10:56:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-07 10:57:45
ComboFix-quarantined-files.txt 2008-11-07 10:57:07
Pre-Run: 22,805,032,960 bytes free
Post-Run: 23,018,496,000 bytes free
205 --- E O F --- 2008-10-30 18:57:48
Report from hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:13, on 07/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 10573 bytes
tHANK YOU VERY MUCH
Report from combofix
ComboFix 08-11-05.02 - Betty Boop 2008-11-07 10:48:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.509 [GMT 0:00]
Running from: c:\documents and settings\Betty Boop\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Betty Boop\My Documents\Uiniversity\USB\User Manual\_desktop.ini
c:\documents and settings\Betty Boop\My Documents\Uiniversity\USB\Win98 Driver\_desktop.ini
c:\documents and settings\Betty Boop\My Documents\User Manual\_desktop.ini
c:\documents and settings\Betty Boop\My Documents\Win98 Driver\_desktop.ini
c:\documents and settings\Dazza\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\terry\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\windows\BM53783cbf.txt
c:\windows\BM53783cbf.xml
c:\windows\cookies.ini
c:\windows\system32\bsohsmjm.ini
c:\windows\system32\Ir32_a.exe
c:\windows\system32\Ir32_b.exe
c:\windows\system32\JiRrrBeg.ini2
c:\windows\system32\yrnpaiaq.ini
.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.
2008-10-29 18:45 . 2008-10-29 18:45 53,316 --a------ c:\windows\system32\atlsystem250449.exe
2008-10-29 18:45 . 2008-10-29 18:45 19,297 --a------ c:\windows\system32\atlsystem215171.exe
2008-10-29 18:44 . 2008-10-29 18:45 55,808 --a------ c:\windows\system32\atlsystem389570.exe
2008-10-29 18:44 . 2008-10-29 18:44 22,016 --a------ c:\windows\system32\atlsystem999354.exe
2008-10-29 17:01 . 2008-10-29 17:01 55,808 --a------ c:\windows\system32\atlsystem34341.exe
2008-10-29 17:01 . 2008-10-29 17:01 53,316 --a------ c:\windows\system32\atlsystem620411.exe
2008-10-29 17:01 . 2008-10-29 17:01 22,016 --a------ c:\windows\system32\atlsystem464326.exe
2008-10-29 17:01 . 2008-10-29 17:01 19,297 --a------ c:\windows\system32\atlsystem102529.exe
2008-10-29 11:55 . 2008-10-29 11:55 55,808 --a------ c:\windows\system32\atlsystem806119.exe
2008-10-29 11:55 . 2008-10-29 11:55 53,316 --a------ c:\windows\system32\atlsystem856222.exe
2008-10-29 11:55 . 2008-10-29 11:55 22,016 --a------ c:\windows\system32\atlsystem452978.exe
2008-10-29 11:55 . 2008-10-29 11:55 19,297 --a------ c:\windows\system32\atlsystem309847.exe
2008-10-28 21:19 . 2008-10-28 21:19 55,808 --a------ c:\windows\system32\atlsystem788283.exe
2008-10-28 21:19 . 2008-10-28 21:19 53,316 --a------ c:\windows\system32\atlsystem493540.exe
2008-10-28 21:19 . 2008-10-28 21:19 22,016 --a------ c:\windows\system32\atlsystem685775.exe
2008-10-28 21:19 . 2008-10-28 21:19 19,297 --a------ c:\windows\system32\atlsystem269805.exe
2008-10-28 17:12 . 2008-10-28 17:12 55,808 --a------ c:\windows\system32\atlsystem87458.exe
2008-10-28 17:12 . 2008-10-28 17:12 53,316 --a------ c:\windows\system32\atlsystem857743.exe
2008-10-28 17:12 . 2008-10-28 17:12 19,297 --a------ c:\windows\system32\atlsystem342334.exe
2008-10-28 17:11 . 2008-10-28 17:12 22,016 --a------ c:\windows\system32\atlsystem192109.exe
2008-10-28 15:41 . 2008-10-28 15:41 55,808 --a------ c:\windows\system32\atlsystem861812.exe
2008-10-28 15:41 . 2008-10-28 15:41 53,316 --a------ c:\windows\system32\atlsystem377845.exe
2008-10-28 15:41 . 2008-10-28 15:41 22,016 --a------ c:\windows\system32\atlsystem919457.exe
2008-10-28 15:41 . 2008-10-28 15:41 19,297 --a------ c:\windows\system32\atlsystem301132.exe
2008-10-28 09:32 . 2008-10-28 09:32 55,808 --a------ c:\windows\system32\atlsystem847449.exe
2008-10-28 09:32 . 2008-10-28 09:32 53,316 --a------ c:\windows\system32\atlsystem615710.exe
2008-10-28 09:32 . 2008-10-28 09:32 22,016 --a------ c:\windows\system32\atlsystem963203.exe
2008-10-28 09:32 . 2008-10-28 09:32 19,297 --a------ c:\windows\system32\atlsystem790631.exe
2008-10-27 22:27 . 2008-10-27 22:27 55,808 --a------ c:\windows\system32\atlsystem932935.exe
2008-10-27 22:27 . 2008-10-27 22:27 53,316 --a------ c:\windows\system32\atlsystem7650.exe
2008-10-27 22:27 . 2008-10-27 22:27 22,016 --a------ c:\windows\system32\atlsystem999816.exe
2008-10-27 22:27 . 2008-10-27 22:27 19,297 --a------ c:\windows\system32\atlsystem399356.exe
2008-10-27 17:16 . 2008-10-27 17:16 55,808 --a------ c:\windows\system32\atlsystem569253.exe
2008-10-27 17:16 . 2008-10-27 17:16 53,316 --a------ c:\windows\system32\atlsystem672529.exe
2008-10-27 17:16 . 2008-10-27 17:16 22,016 --a------ c:\windows\system32\atlsystem667939.exe
2008-10-27 17:16 . 2008-10-27 17:16 19,297 --a------ c:\windows\system32\atlsystem574611.exe
2008-10-26 20:46 . 2008-10-29 17:01 28,672 --a------ c:\windows\system32\sysff11.dll
2008-10-26 20:46 . 2008-10-26 20:46 19,297 --a------ c:\windows\system32\atlsystem563735.exe
2008-10-26 20:45 . 2008-10-26 20:45 73,728 --a------ c:\windows\system32\Lka291_398.dll
2008-10-26 20:45 . 2008-10-26 20:45 55,808 --a------ c:\windows\system32\atlsystem135326.exe
2008-10-26 20:45 . 2008-10-26 20:46 53,316 --a------ c:\windows\system32\atlsystem42171.exe
2008-10-26 20:45 . 2008-10-26 20:45 22,016 --a------ c:\windows\system32\atlsystem678968.exe
2008-10-26 20:45 . 2008-10-29 18:44 11,776 --a------ c:\windows\system32\hf1001.dll
2008-10-26 20:45 . 2008-10-26 20:45 21 --a------ c:\windows\download1
2008-10-23 17:04 . 2008-10-23 17:04 <DIR> d--h----- C:\BJPrinter
2008-10-23 17:04 . 2004-05-21 05:00 7,680 --a------ c:\windows\system32\CNMVS66.DLL
2008-10-23 17:03 . 2004-05-21 05:00 116,736 --a------ c:\windows\system32\CNMLM66.DLL
2008-10-23 17:00 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-23 17:00 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-10-13 16:33 . 2008-10-18 11:44 <DIR> d-------- c:\program files\Ken Ward's Makeup
2008-10-07 16:57 . 2008-10-07 16:57 <DIR> d-------- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 10:56 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-31 17:58 --------- d-----w c:\program files\Norton Security Scan
2008-10-30 22:21 --------- d-----w c:\program files\Symantec
2008-10-26 14:27 --------- d-----w c:\program files\EA GAMES
2008-10-18 11:45 --------- d-----w c:\program files\Real
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-23 13:48 --------- d-----w c:\program files\Google
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-13 19:40 --------- d-----w c:\documents and settings\Betty Boop\Application Data\Apple Computer
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 09:57 2,185,984 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:57 2,185,984 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 09:55 2,142,720 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:18 2,062,976 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 09:18 2,062,976 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:18 2,020,864 ------w c:\windows\system32\dllcache\ntkrpamp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"Boots Insert Detect"="c:\program files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 262144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-11 26112]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-16 52848]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3FDEB171-8F86-0005-0001-69B8DB553683}"= "c:\windows\system32\sysff11.dll" [2008-10-29 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 download02;Remote Access;c:\windows\System32\svchost.exe [2004-08-04 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
download02
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-11-06 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
2008-10-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Betty Boop.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-23 12:13]
2008-10-31 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]
2006-11-20 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 13:00]
2008-11-06 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-workflow - d:\installs\workflow.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Betty Boop\Application Data\Mozilla\Firefox\Profiles\c8iccfir.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 10:56:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-07 10:57:45
ComboFix-quarantined-files.txt 2008-11-07 10:57:07
Pre-Run: 22,805,032,960 bytes free
Post-Run: 23,018,496,000 bytes free
205 --- E O F --- 2008-10-30 18:57:48
Report from hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:13, on 07/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 10573 bytes
tHANK YOU VERY MUCH
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
2. Open notepad and copy/paste the text in the quotebox below into it:
QUOTE
KillAll::
File::
c:\windows\system32\atlsystem250449.exe
c:\windows\system32\atlsystem215171.exe
c:\windows\system32\atlsystem389570.exe
c:\windows\system32\atlsystem999354.exe
c:\windows\system32\atlsystem34341.exe
c:\windows\system32\atlsystem620411.exe
c:\windows\system32\atlsystem464326.exe
c:\windows\system32\atlsystem102529.exe
c:\windows\system32\atlsystem806119.exe
c:\windows\system32\atlsystem856222.exe
c:\windows\system32\atlsystem452978.exe
c:\windows\system32\atlsystem309847.exe
c:\windows\system32\atlsystem788283.exe
c:\windows\system32\atlsystem493540.exe
c:\windows\system32\atlsystem685775.exe
c:\windows\system32\atlsystem269805.exe
c:\windows\system32\atlsystem87458.exe
c:\windows\system32\atlsystem857743.exe
c:\windows\system32\atlsystem342334.exe
c:\windows\system32\atlsystem192109.exe
c:\windows\system32\atlsystem861812.exe
c:\windows\system32\atlsystem377845.exe
c:\windows\system32\atlsystem919457.exe
c:\windows\system32\atlsystem301132.exe
c:\windows\system32\atlsystem847449.exe
c:\windows\system32\atlsystem615710.exe
c:\windows\system32\atlsystem963203.exe
c:\windows\system32\atlsystem790631.exe
c:\windows\system32\atlsystem932935.exe
c:\windows\system32\atlsystem7650.exe
c:\windows\system32\atlsystem999816.exe
c:\windows\system32\atlsystem399356.exe
c:\windows\system32\atlsystem569253.exe
c:\windows\system32\atlsystem672529.exe
c:\windows\system32\atlsystem667939.exe
c:\windows\system32\atlsystem574611.exe
c:\windows\system32\sysff11.dll
c:\windows\system32\atlsystem563735.exe
c:\windows\system32\Lka291_398.dll
c:\windows\system32\atlsystem135326.exe
c:\windows\system32\atlsystem42171.exe
c:\windows\system32\atlsystem678968.exe
c:\windows\system32\hf1001.dll
c:\windows\download1
Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3FDEB171-8F86-0005-0001-69B8DB553683}"=-
File::
c:\windows\system32\atlsystem250449.exe
c:\windows\system32\atlsystem215171.exe
c:\windows\system32\atlsystem389570.exe
c:\windows\system32\atlsystem999354.exe
c:\windows\system32\atlsystem34341.exe
c:\windows\system32\atlsystem620411.exe
c:\windows\system32\atlsystem464326.exe
c:\windows\system32\atlsystem102529.exe
c:\windows\system32\atlsystem806119.exe
c:\windows\system32\atlsystem856222.exe
c:\windows\system32\atlsystem452978.exe
c:\windows\system32\atlsystem309847.exe
c:\windows\system32\atlsystem788283.exe
c:\windows\system32\atlsystem493540.exe
c:\windows\system32\atlsystem685775.exe
c:\windows\system32\atlsystem269805.exe
c:\windows\system32\atlsystem87458.exe
c:\windows\system32\atlsystem857743.exe
c:\windows\system32\atlsystem342334.exe
c:\windows\system32\atlsystem192109.exe
c:\windows\system32\atlsystem861812.exe
c:\windows\system32\atlsystem377845.exe
c:\windows\system32\atlsystem919457.exe
c:\windows\system32\atlsystem301132.exe
c:\windows\system32\atlsystem847449.exe
c:\windows\system32\atlsystem615710.exe
c:\windows\system32\atlsystem963203.exe
c:\windows\system32\atlsystem790631.exe
c:\windows\system32\atlsystem932935.exe
c:\windows\system32\atlsystem7650.exe
c:\windows\system32\atlsystem999816.exe
c:\windows\system32\atlsystem399356.exe
c:\windows\system32\atlsystem569253.exe
c:\windows\system32\atlsystem672529.exe
c:\windows\system32\atlsystem667939.exe
c:\windows\system32\atlsystem574611.exe
c:\windows\system32\sysff11.dll
c:\windows\system32\atlsystem563735.exe
c:\windows\system32\Lka291_398.dll
c:\windows\system32\atlsystem135326.exe
c:\windows\system32\atlsystem42171.exe
c:\windows\system32\atlsystem678968.exe
c:\windows\system32\hf1001.dll
c:\windows\download1
Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3FDEB171-8F86-0005-0001-69B8DB553683}"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
I have done as you said and saved the file in my desktop and tried putting the file into combofix however this message followed
windows cannot find 'CF25041.EXE'. Make sure you typed the name correctly, and try again. To search for a file, click the start button, and then click search.
I have copied your text exactly so do not undertsnad what this means or what to do next. Thank you for all your help
windows cannot find 'CF25041.EXE'. Make sure you typed the name correctly, and try again. To search for a file, click the start button, and then click search.
I have copied your text exactly so do not undertsnad what this means or what to do next. Thank you for all your help
I suspect you created the file in the wrong location.
Do the following and post the log if it ComboFix runs, or the error message if it does not.
Open the ComboFix folder created from my first post (It should be on your Desktop)
Open Notepad and create a new document. Copy and paste the contents of the quote box from my prior post
Save the Notepad document as CFScript.txt in the ComboFix folder (this is important)
Drag the Notepad document you created over the ComboFix.exe icon as shown in my previous post.
Do the following and post the log if it ComboFix runs, or the error message if it does not.
Open the ComboFix folder created from my first post (It should be on your Desktop)
Open Notepad and create a new document. Copy and paste the contents of the quote box from my prior post
Save the Notepad document as CFScript.txt in the ComboFix folder (this is important)
Drag the Notepad document you created over the ComboFix.exe icon as shown in my previous post.
ComboFix 08-11-10.01 - Betty Boop 2008-11-11 10:12:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.514 [GMT 0:00]
Running from: c:\documents and settings\Betty Boop\Desktop\ComboFix.exe
.
After a few attempts I got this Log thank you
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\download1
c:\windows\system32\atlsystem102529.exe
c:\windows\system32\atlsystem135326.exe
c:\windows\system32\atlsystem192109.exe
c:\windows\system32\atlsystem215171.exe
c:\windows\system32\atlsystem250449.exe
c:\windows\system32\atlsystem269805.exe
c:\windows\system32\atlsystem301132.exe
c:\windows\system32\atlsystem309847.exe
c:\windows\system32\atlsystem342334.exe
c:\windows\system32\atlsystem34341.exe
c:\windows\system32\atlsystem377845.exe
c:\windows\system32\atlsystem389570.exe
c:\windows\system32\atlsystem399356.exe
c:\windows\system32\atlsystem42171.exe
c:\windows\system32\atlsystem452978.exe
c:\windows\system32\atlsystem464326.exe
c:\windows\system32\atlsystem493540.exe
c:\windows\system32\atlsystem563735.exe
c:\windows\system32\atlsystem569253.exe
c:\windows\system32\atlsystem574611.exe
c:\windows\system32\atlsystem615710.exe
c:\windows\system32\atlsystem620411.exe
c:\windows\system32\atlsystem667939.exe
c:\windows\system32\atlsystem672529.exe
c:\windows\system32\atlsystem678968.exe
c:\windows\system32\atlsystem685775.exe
c:\windows\system32\atlsystem7650.exe
c:\windows\system32\atlsystem788283.exe
c:\windows\system32\atlsystem790631.exe
c:\windows\system32\atlsystem806119.exe
c:\windows\system32\atlsystem847449.exe
c:\windows\system32\atlsystem856222.exe
c:\windows\system32\atlsystem857743.exe
c:\windows\system32\atlsystem861812.exe
c:\windows\system32\atlsystem87458.exe
c:\windows\system32\atlsystem919457.exe
c:\windows\system32\atlsystem932935.exe
c:\windows\system32\atlsystem963203.exe
c:\windows\system32\atlsystem999354.exe
c:\windows\system32\atlsystem999816.exe
c:\windows\system32\hf1001.dll
c:\windows\system32\Lka291_398.dll
c:\windows\system32\sysff11.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.
2008-11-08 22:58 . 2008-11-08 22:58 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-08 22:57 . 2008-11-08 22:57 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-23 17:04 . 2008-10-23 17:04 <DIR> d--h----- C:\BJPrinter
2008-10-23 17:04 . 2004-05-21 05:00 7,680 --a------ c:\windows\system32\CNMVS66.DLL
2008-10-23 17:03 . 2004-05-21 05:00 116,736 --a------ c:\windows\system32\CNMLM66.DLL
2008-10-23 17:00 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-23 17:00 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-10-13 16:33 . 2008-10-18 11:44 <DIR> d-------- c:\program files\Ken Ward's Makeup
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 17:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-31 17:58 --------- d-----w c:\program files\Norton Security Scan
2008-10-30 22:21 --------- d-----w c:\program files\Symantec
2008-10-26 14:27 --------- d-----w c:\program files\EA GAMES
2008-10-18 11:45 --------- d-----w c:\program files\Real
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-07 16:57 --------- d-----w c:\program files\MSECache
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-23 13:48 --------- d-----w c:\program files\Google
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-13 19:40 --------- d-----w c:\documents and settings\Betty Boop\Application Data\Apple Computer
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 09:57 2,185,984 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:57 2,185,984 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 09:55 2,142,720 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:18 2,062,976 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 09:18 2,062,976 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:18 2,020,864 ------w c:\windows\system32\dllcache\ntkrpamp.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-07_10.56.39.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w c:\windows\AppPatch\acadproc.dll
- 2004-08-11 00:45:04 192,512 ----a-w c:\windows\inf\unregmp2.exe
+ 2007-06-26 22:10:26 317,440 ----a-w c:\windows\inf\unregmp2.exe
- 2002-12-11 14:16:58 7,680 -c--a-w c:\windows\system32\asferror.dll
+ 2006-10-18 21:47:08 7,168 ----a-w c:\windows\system32\asferror.dll
- 2004-08-11 00:45:04 480,768 ----a-w c:\windows\system32\Audiodev.dll
+ 2006-10-18 21:47:08 276,992 ----a-w c:\windows\system32\audiodev.dll
- 2004-08-11 00:45:04 233,472 -c--a-w c:\windows\system32\blackbox.dll
+ 2006-10-18 21:47:10 542,720 ----a-w c:\windows\system32\blackbox.dll
- 2004-08-11 00:45:04 161,792 -c--a-w c:\windows\system32\cewmdm.dll
+ 2006-10-18 21:47:10 229,376 ----a-w c:\windows\system32\cewmdm.dll
- 2002-12-11 14:16:58 7,680 ----a-w c:\windows\system32\dllcache\asferror.dll
+ 2006-10-18 21:47:08 7,168 ----a-w c:\windows\system32\dllcache\asferror.dll
- 2004-08-11 00:45:04 233,472 ----a-w c:\windows\system32\dllcache\blackbox.dll
+ 2006-10-18 21:47:10 542,720 ----a-w c:\windows\system32\dllcache\blackbox.dll
- 2004-08-11 00:45:04 161,792 ----a-w c:\windows\system32\dllcache\cewmdm.dll
+ 2006-10-18 21:47:10 229,376 ----a-w c:\windows\system32\dllcache\cewmdm.dll
- 2004-08-11 00:45:04 527,360 ----a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2006-10-18 21:47:10 991,744 ----a-w c:\windows\system32\dllcache\drmv2clt.dll
- 2004-08-11 00:45:04 6,656 ----a-w c:\windows\system32\dllcache\laprxy.dll
+ 2006-10-18 21:47:14 11,264 ----a-w c:\windows\system32\dllcache\LAPRXY.dll
- 2004-08-11 00:45:04 96,768 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2006-10-18 20:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2004-08-04 13:00:00 310,272 ----a-w c:\windows\system32\dllcache\mp43dmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\dllcache\MP43DMOD.dll
- 2004-08-04 13:00:00 384,512 ----a-w c:\windows\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\dllcache\MP4SDMOD.dll
- 2004-08-04 13:00:00 240,640 ----a-w c:\windows\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\dllcache\MPG4DMOD.dll
- 2004-08-11 00:45:04 344,064 -c--a-w c:\windows\system32\dllcache\mpvis.dll
+ 2006-10-18 21:47:14 243,712 ----a-w c:\windows\system32\dllcache\mpvis.dll
- 2004-08-11 00:45:04 141,312 ----a-w c:\windows\system32\dllcache\msnetobj.dll
+ 2006-10-18 21:47:16 179,712 ----a-w c:\windows\system32\dllcache\msnetobj.dll
- 2004-08-11 00:45:04 25,088 ----a-w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 21:47:16 27,136 ----a-w c:\windows\system32\dllcache\mspmsnsv.dll
- 2004-08-11 00:45:04 169,472 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
+ 2006-10-18 21:47:16 175,616 ----a-w c:\windows\system32\dllcache\mspmsp.dll
- 2004-08-11 00:45:04 360,176 ----a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-12-04 16:21:50 414,720 ----a-w c:\windows\system32\dllcache\msscp.dll
- 2004-08-11 00:45:04 311,296 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2006-10-18 21:47:16 321,536 ----a-w c:\windows\system32\dllcache\mswmdm.dll
- 2004-08-11 00:45:04 221,184 ----a-w c:\windows\system32\dllcache\qasf.dll
+ 2006-10-18 21:47:18 211,456 ----a-w c:\windows\system32\dllcache\qasf.dll
- 2004-08-11 00:45:04 819,200 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
+ 2006-11-01 18:31:38 1,669,120 ----a-w c:\windows\system32\dllcache\setup_wm.exe
- 2004-08-11 00:45:04 192,512 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2007-06-26 22:10:26 317,440 ----a-w c:\windows\system32\dllcache\unregmp2.exe
- 2004-08-11 00:45:04 380,144 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
+ 2006-10-18 21:47:18 757,248 ----a-w c:\windows\system32\dllcache\WMADMOD.dll
- 2004-08-11 00:45:04 712,704 ----a-w c:\windows\system32\dllcache\wmadmoe.dll
+ 2006-10-18 21:47:18 1,117,696 ----a-w c:\windows\system32\dllcache\WMADMOE.dll
- 2007-10-27 17:40:06 227,328 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-27 17:40:30 222,720 ----a-w c:\windows\system32\dllcache\wmasf.dll
- 2004-08-11 00:45:04 30,208 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
+ 2006-10-18 21:47:18 33,792 ----a-w c:\windows\system32\dllcache\wmdmlog.dll
- 2004-08-11 00:45:04 34,304 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
+ 2006-10-18 21:47:18 37,376 ----a-w c:\windows\system32\dllcache\wmdmps.dll
- 2004-08-11 00:45:04 189,440 -c--a-w c:\windows\system32\dllcache\wmerror.dll
+ 2006-10-18 21:47:20 227,328 ----a-w c:\windows\system32\dllcache\wmerror.dll
- 2004-08-11 00:45:04 150,016 ----a-w c:\windows\system32\dllcache\wmidx.dll
+ 2006-10-18 21:47:20 157,184 ----a-w c:\windows\system32\dllcache\wmidx.dll
- 2004-08-11 00:45:04 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2006-10-18 21:47:20 937,984 ----a-w c:\windows\system32\dllcache\WMNetMgr.dll
- 2007-04-30 07:20:24 5,537,792 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2007-06-11 23:51:12 10,834,944 ----a-w c:\windows\system32\dllcache\wmp.dll
- 2004-08-11 00:45:04 135,168 ----a-w c:\windows\system32\dllcache\wmpasf.dll
+ 2006-10-18 21:47:20 242,688 ----a-w c:\windows\system32\dllcache\wmpasf.dll
- 2004-08-11 00:45:04 77,824 -c--a-w c:\windows\system32\dllcache\wmpband.dll
+ 2006-10-18 21:47:20 96,256 ----a-w c:\windows\system32\dllcache\wmpband.dll
- 2004-08-11 00:45:04 282,624 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-10-18 21:47:20 314,880 ----a-w c:\windows\system32\dllcache\wmpdxm.dll
- 2004-08-11 00:45:04 73,728 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
+ 2006-10-18 21:46:20 64,000 ----a-w c:\windows\system32\dllcache\wmplayer.exe
- 2004-08-11 00:45:04 3,371,008 -c--a-w c:\windows\system32\dllcache\wmploc.dll
+ 2006-10-18 21:47:20 8,231,936 ----a-w c:\windows\system32\dllcache\wmploc.dll
- 2004-08-11 00:45:04 86,016 ----a-w c:\windows\system32\dllcache\wmpshell.dll
+ 2006-10-18 21:47:20 99,840 ----a-w c:\windows\system32\dllcache\wmpshell.dll
- 2004-08-11 00:45:04 773,368 ----a-w c:\windows\system32\dllcache\wmsdmod.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\dllcache\wmsdmod.dll
- 2004-08-11 00:45:04 1,116,160 ----a-w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\dllcache\wmsdmoe2.dll
- 2004-08-11 00:45:06 531,192 ----a-w c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-10-18 21:47:22 603,648 ----a-w c:\windows\system32\dllcache\WMSPDMOD.dll
- 2004-08-11 00:45:06 936,960 ----a-w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 21:47:22 1,329,152 ----a-w c:\windows\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 06:40:49 2,362,184 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2006-10-18 21:47:22 2,450,944 ----a-w c:\windows\system32\dllcache\wmvcore.dll
- 2004-08-11 00:45:06 871,160 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\dllcache\wmvdmod.dll
- 2004-08-11 00:45:06 999,424 ----a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 21:47:22 671,232 ------w c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
- 2004-08-11 00:45:06 18,944 -c--a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-10-18 20:00:00 38,528 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-09-28 18:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-28 19:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2006-10-18 20:00:46 249,856 ------w c:\windows\system32\drmupgds.exe
- 2004-08-11 00:45:04 527,360 -c--a-w c:\windows\system32\drmv2clt.dll
+ 2006-10-18 21:47:10 991,744 ----a-w c:\windows\system32\drmv2clt.dll
- 2004-08-11 00:45:04 6,656 -c--a-w c:\windows\system32\laprxy.dll
+ 2006-10-18 21:47:14 11,264 ----a-w c:\windows\system32\LAPRXY.dll
- 2004-08-11 00:45:04 96,768 -c--a-w c:\windows\system32\logagent.exe
+ 2006-10-18 20:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2006-10-18 21:47:14 212,992 ------w c:\windows\system32\MFPLAT.dll
+ 2006-10-18 21:47:14 259,072 ------w c:\windows\system32\MP43DECD.dll
- 2004-08-04 13:00:00 310,272 -c--a-w c:\windows\system32\mp43dmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\MP43DMOD.dll
+ 2006-10-18 21:47:14 317,440 ------w c:\windows\system32\MP4SDECD.dll
- 2004-08-04 13:00:00 384,512 -c--a-w c:\windows\system32\mp4sdmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\MP4SDMOD.dll
+ 2006-10-18 21:47:14 259,072 ------w c:\windows\system32\MPG4DECD.dll
- 2004-08-04 13:00:00 240,640 -c--a-w c:\windows\system32\mpg4dmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
+ 2006-10-02 15:28:42 312,128 ------w c:\windows\system32\msdelta.dll
- 2004-08-11 00:45:04 141,312 -c--a-w c:\windows\system32\msnetobj.dll
+ 2006-10-18 21:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
- 2004-08-11 00:45:04 25,088 -c--a-w c:\windows\system32\MsPMSNSv.dll
+ 2006-10-18 21:47:16 27,136 ----a-w c:\windows\system32\mspmsnsv.dll
- 2004-08-11 00:45:04 169,472 ----a-w c:\windows\system32\MsPMSP.dll
+ 2006-10-18 21:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
- 2004-08-11 00:45:04 360,176 -c--a-w c:\windows\system32\MSSCP.dll
+ 2006-12-04 16:21:50 414,720 ----a-w c:\windows\system32\msscp.dll
- 2004-08-11 00:45:04 311,296 ----a-w c:\windows\system32\MSWMDM.dll
+ 2006-10-18 21:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
+ 2006-10-18 21:47:18 284,160 ------w c:\windows\system32\PortableDeviceApi.dll
+ 2006-10-18 21:47:18 101,888 ------w c:\windows\system32\PortableDeviceClas-- The nicest hobby on Earth ;) --tension.dll
+ 2006-10-18 21:47:18 166,912 ------w c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 21:47:18 132,096 ------w c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 21:47:18 199,168 ------w c:\windows\system32\PortableDeviceWMDRM.dll
- 2004-08-11 00:45:04 221,184 -c--a-w c:\windows\system32\qasf.dll
+ 2006-10-18 21:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 10:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2005-06-28 09:21:34 22,752 -c--a-w c:\windows\system32\spupdsvc.exe
+ 2006-09-25 17:58:48 23,856 ----a-w c:\windows\system32\spupdsvc.exe
- 2004-08-11 00:45:04 47,104 -c--a-w c:\windows\system32\uwdf.exe
+ 2006-10-18 21:58:00 8,704 ----a-w c:\windows\system32\uwdf.exe
- 2004-08-11 00:45:04 15,872 -c--a-w c:\windows\system32\wdfapi.dll
+ 2006-10-18 21:47:18 4,096 ----a-w c:\windows\system32\wdfapi.dll
- 2004-08-11 00:45:04 38,912 ----a-w c:\windows\system32\wdfmgr.exe
+ 2006-10-18 21:58:00 8,704 ----a-w c:\windows\system32\wdfmgr.exe
- 2004-08-11 00:45:04 380,144 ----a-w c:\windows\system32\wmadmod.dll
+ 2006-10-18 21:47:18 757,248 ----a-w c:\windows\system32\wmadmod.dll
- 2004-08-11 00:45:04 712,704 -c--a-w c:\windows\system32\wmadmoe.dll
+ 2006-10-18 21:47:18 1,117,696 ----a-w c:\windows\system32\WMADMOE.dll
- 2007-10-27 17:40:06 227,328 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-27 17:40:30 222,720 ----a-w c:\windows\system32\wmasf.dll
- 2004-08-11 00:45:04 30,208 ----a-w c:\windows\system32\WMDMLOG.dll
+ 2006-10-18 21:47:18 33,792 ----a-w c:\windows\system32\wmdmlog.dll
- 2004-08-11 00:45:04 34,304 ----a-w c:\windows\system32\WMDMPS.dll
+ 2006-10-18 21:47:18 37,376 ----a-w c:\windows\system32\wmdmps.dll
- 2004-08-11 00:45:04 344,064 -c--a-w c:\windows\system32\WMDRMdev.dll
+ 2006-10-18 21:47:18 429,056 ----a-w c:\windows\system32\wmdrmdev.dll
- 2004-08-11 00:45:04 290,816 -c--a-w c:\windows\system32\WMDRMNet.dll
+ 2006-10-18 21:47:20 348,672 ----a-w c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 21:47:20 535,040 ------w c:\windows\system32\wmdrmsdk.dll
- 2004-08-11 00:45:04 189,440 ----a-w c:\windows\system32\wmerror.dll
+ 2006-10-18 21:47:20 227,328 ----a-w c:\windows\system32\wmerror.dll
- 2004-08-11 00:45:04 150,016 -c--a-w c:\windows\system32\wmidx.dll
+ 2006-10-18 21:47:20 157,184 ----a-w c:\windows\system32\wmidx.dll
- 2004-08-11 00:45:04 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2006-10-18 21:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
- 2007-04-30 07:20:24 5,537,792 ----a-w c:\windows\system32\wmp.dll
+ 2007-06-11 23:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
- 2004-08-11 00:45:04 135,168 -c--a-w c:\windows\system32\wmpasf.dll
+ 2006-10-18 21:47:20 242,688 ----a-w c:\windows\system32\wmpasf.dll
- 2004-08-11 00:45:04 282,624 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-18 21:47:20 314,880 ----a-w c:\windows\system32\wmpdxm.dll
+ 2008-06-24 18:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll
- 2004-08-11 00:45:04 1,589,760 -c--a-w c:\windows\system32\wmpencen.dll
+ 2006-10-18 21:47:20 1,661,440 ----a-w c:\windows\system32\wmpencen.dll
- 2004-08-11 00:45:04 3,371,008 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-18 21:47:20 8,231,936 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-18 21:47:20 613,376 ------w c:\windows\system32\wmpmde.dll
+ 2006-10-18 21:47:20 130,048 ------w c:\windows\system32\wmpps.dll
- 2004-08-11 00:45:04 86,016 -c--a-w c:\windows\system32\wmpshell.dll
+ 2006-10-18 21:47:20 99,840 ----a-w c:\windows\system32\wmpshell.dll
- 2004-08-11 00:45:04 175,104 -c--a-w c:\windows\system32\wmpsrcwp.dll
+ 2006-10-18 21:47:20 204,288 ----a-w c:\windows\system32\wmpsrcwp.dll
- 2004-08-11 00:45:04 773,368 -c--a-w c:\windows\system32\wmsdmod.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\wmsdmod.dll
- 2004-08-11 00:45:04 1,116,160 -c--a-w c:\windows\system32\wmsdmoe2.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
- 2004-08-11 00:45:06 531,192 -c--a-w c:\windows\system32\wmspdmod.dll
+ 2006-10-18 21:47:22 603,648 ----a-w c:\windows\system32\WMSPDMOD.dll
- 2004-08-11 00:45:06 936,960 -c--a-w c:\windows\system32\wmspdmoe.dll
+ 2006-10-18 21:47:22 1,329,152 ----a-w c:\windows\system32\WMSPDMOE.dll
- 2004-08-11 00:45:06 1,181,944 -c--a-w c:\windows\system32\wmvadvd.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\WMVADVD.dll
- 2004-08-11 00:45:06 1,509,376 -c--a-w c:\windows\system32\WMVADVE.DLL
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\system32\wmvcore.dll
+ 2006-10-18 21:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2006-10-18 21:47:22 1,543,680 ------w c:\windows\system32\WMVDECOD.dll
- 2004-08-11 00:45:06 871,160 ----a-w c:\windows\system32\wmvdmod.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\wmvdmod.dll
- 2004-08-11 00:45:06 999,424 -c--a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 21:47:22 1,574,912 ------w c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 21:47:22 1,382,912 ------w c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 21:47:22 767,488 ------w c:\windows\system32\WMVSENCD.dll
+ 2006-10-18 21:47:22 656,896 ------w c:\windows\system32\WMVXENCD.dll
- 2004-08-11 00:45:06 38,912 -c--a-w c:\windows\system32\wpd_ci.dll
+ 2006-10-18 21:47:22 629,760 ----a-w c:\windows\system32\wpd_ci.dll
- 2004-08-11 00:45:06 61,952 -c--a-w c:\windows\system32\wpdconns.dll
+ 2006-10-18 21:47:22 35,840 ----a-w c:\windows\system32\wpdconns.dll
- 2004-08-11 00:45:06 114,176 -c--a-w c:\windows\system32\wpdmtp.dll
+ 2006-10-18 21:47:22 154,624 ----a-w c:\windows\system32\wpdmtp.dll
- 2004-08-11 00:45:06 66,560 -c--a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 21:47:22 63,488 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 21:47:22 2,603,008 ------w c:\windows\system32\WpdShext.dll
+ 2006-10-18 20:00:14 17,408 ------w c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-18 21:47:22 38,400 ------w c:\windows\system32\wpdshextres.dll
+ 2006-10-18 21:47:22 133,632 ------w c:\windows\system32\WPDShServiceObj.dll
- 2004-08-11 00:45:06 327,680 -c--a-w c:\windows\system32\wpdsp.dll
+ 2006-10-18 21:47:22 356,352 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-09-28 20:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-28 18:56:38 146,432 ------w c:\windows\system32\WudfHost.exe
+ 2006-09-28 18:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 18:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll
+ 2006-09-28 18:56:38 316,416 ------w c:\windows\system32\WUDFx.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"Boots Insert Detect"="c:\program files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 262144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-11 26112]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-16 52848]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S2 download02;Remote Access;c:\windows\System32\svchost.exe [2004-08-04 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
download02
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-11-10 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
2008-10-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Betty Boop.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-23 12:13]
2008-10-31 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]
2006-11-20 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 13:00]
2008-11-10 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Betty Boop\Application Data\Mozilla\Firefox\Profiles\c8iccfir.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 10:14:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-11 10:16:04
ComboFix-quarantined-files.txt 2008-11-11 10:15:29
ComboFix2.txt 2008-11-07 10:57:47
Pre-Run: 22,538,850,304 bytes free
Post-Run: 22,525,652,992 bytes free
415 --- E O F --- 2008-11-09 18:25:01
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.514 [GMT 0:00]
Running from: c:\documents and settings\Betty Boop\Desktop\ComboFix.exe
.
After a few attempts I got this Log thank you
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\download1
c:\windows\system32\atlsystem102529.exe
c:\windows\system32\atlsystem135326.exe
c:\windows\system32\atlsystem192109.exe
c:\windows\system32\atlsystem215171.exe
c:\windows\system32\atlsystem250449.exe
c:\windows\system32\atlsystem269805.exe
c:\windows\system32\atlsystem301132.exe
c:\windows\system32\atlsystem309847.exe
c:\windows\system32\atlsystem342334.exe
c:\windows\system32\atlsystem34341.exe
c:\windows\system32\atlsystem377845.exe
c:\windows\system32\atlsystem389570.exe
c:\windows\system32\atlsystem399356.exe
c:\windows\system32\atlsystem42171.exe
c:\windows\system32\atlsystem452978.exe
c:\windows\system32\atlsystem464326.exe
c:\windows\system32\atlsystem493540.exe
c:\windows\system32\atlsystem563735.exe
c:\windows\system32\atlsystem569253.exe
c:\windows\system32\atlsystem574611.exe
c:\windows\system32\atlsystem615710.exe
c:\windows\system32\atlsystem620411.exe
c:\windows\system32\atlsystem667939.exe
c:\windows\system32\atlsystem672529.exe
c:\windows\system32\atlsystem678968.exe
c:\windows\system32\atlsystem685775.exe
c:\windows\system32\atlsystem7650.exe
c:\windows\system32\atlsystem788283.exe
c:\windows\system32\atlsystem790631.exe
c:\windows\system32\atlsystem806119.exe
c:\windows\system32\atlsystem847449.exe
c:\windows\system32\atlsystem856222.exe
c:\windows\system32\atlsystem857743.exe
c:\windows\system32\atlsystem861812.exe
c:\windows\system32\atlsystem87458.exe
c:\windows\system32\atlsystem919457.exe
c:\windows\system32\atlsystem932935.exe
c:\windows\system32\atlsystem963203.exe
c:\windows\system32\atlsystem999354.exe
c:\windows\system32\atlsystem999816.exe
c:\windows\system32\hf1001.dll
c:\windows\system32\Lka291_398.dll
c:\windows\system32\sysff11.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.
2008-11-08 22:58 . 2008-11-08 22:58 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-08 22:57 . 2008-11-08 22:57 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-23 17:04 . 2008-10-23 17:04 <DIR> d--h----- C:\BJPrinter
2008-10-23 17:04 . 2004-05-21 05:00 7,680 --a------ c:\windows\system32\CNMVS66.DLL
2008-10-23 17:03 . 2004-05-21 05:00 116,736 --a------ c:\windows\system32\CNMLM66.DLL
2008-10-23 17:00 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-23 17:00 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-10-13 16:33 . 2008-10-18 11:44 <DIR> d-------- c:\program files\Ken Ward's Makeup
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 17:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-31 17:58 --------- d-----w c:\program files\Norton Security Scan
2008-10-30 22:21 --------- d-----w c:\program files\Symantec
2008-10-26 14:27 --------- d-----w c:\program files\EA GAMES
2008-10-18 11:45 --------- d-----w c:\program files\Real
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-07 16:57 --------- d-----w c:\program files\MSECache
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-23 13:48 --------- d-----w c:\program files\Google
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-13 19:40 --------- d-----w c:\documents and settings\Betty Boop\Application Data\Apple Computer
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 09:57 2,185,984 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:57 2,185,984 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 09:55 2,142,720 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:18 2,062,976 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 09:18 2,062,976 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:18 2,020,864 ------w c:\windows\system32\dllcache\ntkrpamp.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-07_10.56.39.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w c:\windows\AppPatch\acadproc.dll
- 2004-08-11 00:45:04 192,512 ----a-w c:\windows\inf\unregmp2.exe
+ 2007-06-26 22:10:26 317,440 ----a-w c:\windows\inf\unregmp2.exe
- 2002-12-11 14:16:58 7,680 -c--a-w c:\windows\system32\asferror.dll
+ 2006-10-18 21:47:08 7,168 ----a-w c:\windows\system32\asferror.dll
- 2004-08-11 00:45:04 480,768 ----a-w c:\windows\system32\Audiodev.dll
+ 2006-10-18 21:47:08 276,992 ----a-w c:\windows\system32\audiodev.dll
- 2004-08-11 00:45:04 233,472 -c--a-w c:\windows\system32\blackbox.dll
+ 2006-10-18 21:47:10 542,720 ----a-w c:\windows\system32\blackbox.dll
- 2004-08-11 00:45:04 161,792 -c--a-w c:\windows\system32\cewmdm.dll
+ 2006-10-18 21:47:10 229,376 ----a-w c:\windows\system32\cewmdm.dll
- 2002-12-11 14:16:58 7,680 ----a-w c:\windows\system32\dllcache\asferror.dll
+ 2006-10-18 21:47:08 7,168 ----a-w c:\windows\system32\dllcache\asferror.dll
- 2004-08-11 00:45:04 233,472 ----a-w c:\windows\system32\dllcache\blackbox.dll
+ 2006-10-18 21:47:10 542,720 ----a-w c:\windows\system32\dllcache\blackbox.dll
- 2004-08-11 00:45:04 161,792 ----a-w c:\windows\system32\dllcache\cewmdm.dll
+ 2006-10-18 21:47:10 229,376 ----a-w c:\windows\system32\dllcache\cewmdm.dll
- 2004-08-11 00:45:04 527,360 ----a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2006-10-18 21:47:10 991,744 ----a-w c:\windows\system32\dllcache\drmv2clt.dll
- 2004-08-11 00:45:04 6,656 ----a-w c:\windows\system32\dllcache\laprxy.dll
+ 2006-10-18 21:47:14 11,264 ----a-w c:\windows\system32\dllcache\LAPRXY.dll
- 2004-08-11 00:45:04 96,768 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2006-10-18 20:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2004-08-04 13:00:00 310,272 ----a-w c:\windows\system32\dllcache\mp43dmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\dllcache\MP43DMOD.dll
- 2004-08-04 13:00:00 384,512 ----a-w c:\windows\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\dllcache\MP4SDMOD.dll
- 2004-08-04 13:00:00 240,640 ----a-w c:\windows\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\dllcache\MPG4DMOD.dll
- 2004-08-11 00:45:04 344,064 -c--a-w c:\windows\system32\dllcache\mpvis.dll
+ 2006-10-18 21:47:14 243,712 ----a-w c:\windows\system32\dllcache\mpvis.dll
- 2004-08-11 00:45:04 141,312 ----a-w c:\windows\system32\dllcache\msnetobj.dll
+ 2006-10-18 21:47:16 179,712 ----a-w c:\windows\system32\dllcache\msnetobj.dll
- 2004-08-11 00:45:04 25,088 ----a-w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 21:47:16 27,136 ----a-w c:\windows\system32\dllcache\mspmsnsv.dll
- 2004-08-11 00:45:04 169,472 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
+ 2006-10-18 21:47:16 175,616 ----a-w c:\windows\system32\dllcache\mspmsp.dll
- 2004-08-11 00:45:04 360,176 ----a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-12-04 16:21:50 414,720 ----a-w c:\windows\system32\dllcache\msscp.dll
- 2004-08-11 00:45:04 311,296 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2006-10-18 21:47:16 321,536 ----a-w c:\windows\system32\dllcache\mswmdm.dll
- 2004-08-11 00:45:04 221,184 ----a-w c:\windows\system32\dllcache\qasf.dll
+ 2006-10-18 21:47:18 211,456 ----a-w c:\windows\system32\dllcache\qasf.dll
- 2004-08-11 00:45:04 819,200 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
+ 2006-11-01 18:31:38 1,669,120 ----a-w c:\windows\system32\dllcache\setup_wm.exe
- 2004-08-11 00:45:04 192,512 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2007-06-26 22:10:26 317,440 ----a-w c:\windows\system32\dllcache\unregmp2.exe
- 2004-08-11 00:45:04 380,144 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
+ 2006-10-18 21:47:18 757,248 ----a-w c:\windows\system32\dllcache\WMADMOD.dll
- 2004-08-11 00:45:04 712,704 ----a-w c:\windows\system32\dllcache\wmadmoe.dll
+ 2006-10-18 21:47:18 1,117,696 ----a-w c:\windows\system32\dllcache\WMADMOE.dll
- 2007-10-27 17:40:06 227,328 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-27 17:40:30 222,720 ----a-w c:\windows\system32\dllcache\wmasf.dll
- 2004-08-11 00:45:04 30,208 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
+ 2006-10-18 21:47:18 33,792 ----a-w c:\windows\system32\dllcache\wmdmlog.dll
- 2004-08-11 00:45:04 34,304 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
+ 2006-10-18 21:47:18 37,376 ----a-w c:\windows\system32\dllcache\wmdmps.dll
- 2004-08-11 00:45:04 189,440 -c--a-w c:\windows\system32\dllcache\wmerror.dll
+ 2006-10-18 21:47:20 227,328 ----a-w c:\windows\system32\dllcache\wmerror.dll
- 2004-08-11 00:45:04 150,016 ----a-w c:\windows\system32\dllcache\wmidx.dll
+ 2006-10-18 21:47:20 157,184 ----a-w c:\windows\system32\dllcache\wmidx.dll
- 2004-08-11 00:45:04 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2006-10-18 21:47:20 937,984 ----a-w c:\windows\system32\dllcache\WMNetMgr.dll
- 2007-04-30 07:20:24 5,537,792 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2007-06-11 23:51:12 10,834,944 ----a-w c:\windows\system32\dllcache\wmp.dll
- 2004-08-11 00:45:04 135,168 ----a-w c:\windows\system32\dllcache\wmpasf.dll
+ 2006-10-18 21:47:20 242,688 ----a-w c:\windows\system32\dllcache\wmpasf.dll
- 2004-08-11 00:45:04 77,824 -c--a-w c:\windows\system32\dllcache\wmpband.dll
+ 2006-10-18 21:47:20 96,256 ----a-w c:\windows\system32\dllcache\wmpband.dll
- 2004-08-11 00:45:04 282,624 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-10-18 21:47:20 314,880 ----a-w c:\windows\system32\dllcache\wmpdxm.dll
- 2004-08-11 00:45:04 73,728 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
+ 2006-10-18 21:46:20 64,000 ----a-w c:\windows\system32\dllcache\wmplayer.exe
- 2004-08-11 00:45:04 3,371,008 -c--a-w c:\windows\system32\dllcache\wmploc.dll
+ 2006-10-18 21:47:20 8,231,936 ----a-w c:\windows\system32\dllcache\wmploc.dll
- 2004-08-11 00:45:04 86,016 ----a-w c:\windows\system32\dllcache\wmpshell.dll
+ 2006-10-18 21:47:20 99,840 ----a-w c:\windows\system32\dllcache\wmpshell.dll
- 2004-08-11 00:45:04 773,368 ----a-w c:\windows\system32\dllcache\wmsdmod.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\dllcache\wmsdmod.dll
- 2004-08-11 00:45:04 1,116,160 ----a-w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\dllcache\wmsdmoe2.dll
- 2004-08-11 00:45:06 531,192 ----a-w c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-10-18 21:47:22 603,648 ----a-w c:\windows\system32\dllcache\WMSPDMOD.dll
- 2004-08-11 00:45:06 936,960 ----a-w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 21:47:22 1,329,152 ----a-w c:\windows\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 06:40:49 2,362,184 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2006-10-18 21:47:22 2,450,944 ----a-w c:\windows\system32\dllcache\wmvcore.dll
- 2004-08-11 00:45:06 871,160 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\dllcache\wmvdmod.dll
- 2004-08-11 00:45:06 999,424 ----a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 21:47:22 671,232 ------w c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
- 2004-08-11 00:45:06 18,944 -c--a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-10-18 20:00:00 38,528 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-09-28 18:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-28 19:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2006-10-18 20:00:46 249,856 ------w c:\windows\system32\drmupgds.exe
- 2004-08-11 00:45:04 527,360 -c--a-w c:\windows\system32\drmv2clt.dll
+ 2006-10-18 21:47:10 991,744 ----a-w c:\windows\system32\drmv2clt.dll
- 2004-08-11 00:45:04 6,656 -c--a-w c:\windows\system32\laprxy.dll
+ 2006-10-18 21:47:14 11,264 ----a-w c:\windows\system32\LAPRXY.dll
- 2004-08-11 00:45:04 96,768 -c--a-w c:\windows\system32\logagent.exe
+ 2006-10-18 20:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2006-10-18 21:47:14 212,992 ------w c:\windows\system32\MFPLAT.dll
+ 2006-10-18 21:47:14 259,072 ------w c:\windows\system32\MP43DECD.dll
- 2004-08-04 13:00:00 310,272 -c--a-w c:\windows\system32\mp43dmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\MP43DMOD.dll
+ 2006-10-18 21:47:14 317,440 ------w c:\windows\system32\MP4SDECD.dll
- 2004-08-04 13:00:00 384,512 -c--a-w c:\windows\system32\mp4sdmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\MP4SDMOD.dll
+ 2006-10-18 21:47:14 259,072 ------w c:\windows\system32\MPG4DECD.dll
- 2004-08-04 13:00:00 240,640 -c--a-w c:\windows\system32\mpg4dmod.dll
+ 2006-10-18 21:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
+ 2006-10-02 15:28:42 312,128 ------w c:\windows\system32\msdelta.dll
- 2004-08-11 00:45:04 141,312 -c--a-w c:\windows\system32\msnetobj.dll
+ 2006-10-18 21:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
- 2004-08-11 00:45:04 25,088 -c--a-w c:\windows\system32\MsPMSNSv.dll
+ 2006-10-18 21:47:16 27,136 ----a-w c:\windows\system32\mspmsnsv.dll
- 2004-08-11 00:45:04 169,472 ----a-w c:\windows\system32\MsPMSP.dll
+ 2006-10-18 21:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
- 2004-08-11 00:45:04 360,176 -c--a-w c:\windows\system32\MSSCP.dll
+ 2006-12-04 16:21:50 414,720 ----a-w c:\windows\system32\msscp.dll
- 2004-08-11 00:45:04 311,296 ----a-w c:\windows\system32\MSWMDM.dll
+ 2006-10-18 21:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
+ 2006-10-18 21:47:18 284,160 ------w c:\windows\system32\PortableDeviceApi.dll
+ 2006-10-18 21:47:18 101,888 ------w c:\windows\system32\PortableDeviceClas-- The nicest hobby on Earth ;) --tension.dll
+ 2006-10-18 21:47:18 166,912 ------w c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 21:47:18 132,096 ------w c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 21:47:18 199,168 ------w c:\windows\system32\PortableDeviceWMDRM.dll
- 2004-08-11 00:45:04 221,184 -c--a-w c:\windows\system32\qasf.dll
+ 2006-10-18 21:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 10:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2005-06-28 09:21:34 22,752 -c--a-w c:\windows\system32\spupdsvc.exe
+ 2006-09-25 17:58:48 23,856 ----a-w c:\windows\system32\spupdsvc.exe
- 2004-08-11 00:45:04 47,104 -c--a-w c:\windows\system32\uwdf.exe
+ 2006-10-18 21:58:00 8,704 ----a-w c:\windows\system32\uwdf.exe
- 2004-08-11 00:45:04 15,872 -c--a-w c:\windows\system32\wdfapi.dll
+ 2006-10-18 21:47:18 4,096 ----a-w c:\windows\system32\wdfapi.dll
- 2004-08-11 00:45:04 38,912 ----a-w c:\windows\system32\wdfmgr.exe
+ 2006-10-18 21:58:00 8,704 ----a-w c:\windows\system32\wdfmgr.exe
- 2004-08-11 00:45:04 380,144 ----a-w c:\windows\system32\wmadmod.dll
+ 2006-10-18 21:47:18 757,248 ----a-w c:\windows\system32\wmadmod.dll
- 2004-08-11 00:45:04 712,704 -c--a-w c:\windows\system32\wmadmoe.dll
+ 2006-10-18 21:47:18 1,117,696 ----a-w c:\windows\system32\WMADMOE.dll
- 2007-10-27 17:40:06 227,328 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-27 17:40:30 222,720 ----a-w c:\windows\system32\wmasf.dll
- 2004-08-11 00:45:04 30,208 ----a-w c:\windows\system32\WMDMLOG.dll
+ 2006-10-18 21:47:18 33,792 ----a-w c:\windows\system32\wmdmlog.dll
- 2004-08-11 00:45:04 34,304 ----a-w c:\windows\system32\WMDMPS.dll
+ 2006-10-18 21:47:18 37,376 ----a-w c:\windows\system32\wmdmps.dll
- 2004-08-11 00:45:04 344,064 -c--a-w c:\windows\system32\WMDRMdev.dll
+ 2006-10-18 21:47:18 429,056 ----a-w c:\windows\system32\wmdrmdev.dll
- 2004-08-11 00:45:04 290,816 -c--a-w c:\windows\system32\WMDRMNet.dll
+ 2006-10-18 21:47:20 348,672 ----a-w c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 21:47:20 535,040 ------w c:\windows\system32\wmdrmsdk.dll
- 2004-08-11 00:45:04 189,440 ----a-w c:\windows\system32\wmerror.dll
+ 2006-10-18 21:47:20 227,328 ----a-w c:\windows\system32\wmerror.dll
- 2004-08-11 00:45:04 150,016 -c--a-w c:\windows\system32\wmidx.dll
+ 2006-10-18 21:47:20 157,184 ----a-w c:\windows\system32\wmidx.dll
- 2004-08-11 00:45:04 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2006-10-18 21:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
- 2007-04-30 07:20:24 5,537,792 ----a-w c:\windows\system32\wmp.dll
+ 2007-06-11 23:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
- 2004-08-11 00:45:04 135,168 -c--a-w c:\windows\system32\wmpasf.dll
+ 2006-10-18 21:47:20 242,688 ----a-w c:\windows\system32\wmpasf.dll
- 2004-08-11 00:45:04 282,624 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-18 21:47:20 314,880 ----a-w c:\windows\system32\wmpdxm.dll
+ 2008-06-24 18:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll
- 2004-08-11 00:45:04 1,589,760 -c--a-w c:\windows\system32\wmpencen.dll
+ 2006-10-18 21:47:20 1,661,440 ----a-w c:\windows\system32\wmpencen.dll
- 2004-08-11 00:45:04 3,371,008 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-18 21:47:20 8,231,936 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-18 21:47:20 613,376 ------w c:\windows\system32\wmpmde.dll
+ 2006-10-18 21:47:20 130,048 ------w c:\windows\system32\wmpps.dll
- 2004-08-11 00:45:04 86,016 -c--a-w c:\windows\system32\wmpshell.dll
+ 2006-10-18 21:47:20 99,840 ----a-w c:\windows\system32\wmpshell.dll
- 2004-08-11 00:45:04 175,104 -c--a-w c:\windows\system32\wmpsrcwp.dll
+ 2006-10-18 21:47:20 204,288 ----a-w c:\windows\system32\wmpsrcwp.dll
- 2004-08-11 00:45:04 773,368 -c--a-w c:\windows\system32\wmsdmod.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\wmsdmod.dll
- 2004-08-11 00:45:04 1,116,160 -c--a-w c:\windows\system32\wmsdmoe2.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
- 2004-08-11 00:45:06 531,192 -c--a-w c:\windows\system32\wmspdmod.dll
+ 2006-10-18 21:47:22 603,648 ----a-w c:\windows\system32\WMSPDMOD.dll
- 2004-08-11 00:45:06 936,960 -c--a-w c:\windows\system32\wmspdmoe.dll
+ 2006-10-18 21:47:22 1,329,152 ----a-w c:\windows\system32\WMSPDMOE.dll
- 2004-08-11 00:45:06 1,181,944 -c--a-w c:\windows\system32\wmvadvd.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\WMVADVD.dll
- 2004-08-11 00:45:06 1,509,376 -c--a-w c:\windows\system32\WMVADVE.DLL
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\system32\wmvcore.dll
+ 2006-10-18 21:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2006-10-18 21:47:22 1,543,680 ------w c:\windows\system32\WMVDECOD.dll
- 2004-08-11 00:45:06 871,160 ----a-w c:\windows\system32\wmvdmod.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\wmvdmod.dll
- 2004-08-11 00:45:06 999,424 -c--a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 21:47:22 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 21:47:22 1,574,912 ------w c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 21:47:22 1,382,912 ------w c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 21:47:22 767,488 ------w c:\windows\system32\WMVSENCD.dll
+ 2006-10-18 21:47:22 656,896 ------w c:\windows\system32\WMVXENCD.dll
- 2004-08-11 00:45:06 38,912 -c--a-w c:\windows\system32\wpd_ci.dll
+ 2006-10-18 21:47:22 629,760 ----a-w c:\windows\system32\wpd_ci.dll
- 2004-08-11 00:45:06 61,952 -c--a-w c:\windows\system32\wpdconns.dll
+ 2006-10-18 21:47:22 35,840 ----a-w c:\windows\system32\wpdconns.dll
- 2004-08-11 00:45:06 114,176 -c--a-w c:\windows\system32\wpdmtp.dll
+ 2006-10-18 21:47:22 154,624 ----a-w c:\windows\system32\wpdmtp.dll
- 2004-08-11 00:45:06 66,560 -c--a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 21:47:22 63,488 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 21:47:22 2,603,008 ------w c:\windows\system32\WpdShext.dll
+ 2006-10-18 20:00:14 17,408 ------w c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-18 21:47:22 38,400 ------w c:\windows\system32\wpdshextres.dll
+ 2006-10-18 21:47:22 133,632 ------w c:\windows\system32\WPDShServiceObj.dll
- 2004-08-11 00:45:06 327,680 -c--a-w c:\windows\system32\wpdsp.dll
+ 2006-10-18 21:47:22 356,352 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-09-28 20:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-28 18:56:38 146,432 ------w c:\windows\system32\WudfHost.exe
+ 2006-09-28 18:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 18:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll
+ 2006-09-28 18:56:38 316,416 ------w c:\windows\system32\WUDFx.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"Boots Insert Detect"="c:\program files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 262144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-11 26112]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-16 52848]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S2 download02;Remote Access;c:\windows\System32\svchost.exe [2004-08-04 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
download02
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-11-10 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
2008-10-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Betty Boop.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-23 12:13]
2008-10-31 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]
2006-11-20 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 13:00]
2008-11-10 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Betty Boop\Application Data\Mozilla\Firefox\Profiles\c8iccfir.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 10:14:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-11 10:16:04
ComboFix-quarantined-files.txt 2008-11-11 10:15:29
ComboFix2.txt 2008-11-07 10:57:47
Pre-Run: 22,538,850,304 bytes free
Post-Run: 22,525,652,992 bytes free
415 --- E O F --- 2008-11-09 18:25:01
THat looks great. Before we start cleanup I want to check if there are still any outstadning symptoms?
No everything looks great to me.
First:
Click Start, then click Run.
Enter into the command box that opens: combofix /u and then click OK.
Second:
Please download ATF Cleaner by Atribune.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Third:
Run HiJackThis again, and post the log in this thread.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.