Random Virus, Please Help!

[Osiris]

You have a small My Websearch infection

Remove

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

then run combofix and then malwarebytes and post their logs and a new hijackthis log

 

[Purgatory]

Okay I deleted what ya said. I downloaded combofix and got the log

ComboFix 09-03-10.03 - Owner 2009-03-12 15:34:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.244 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Cleaning up\ComboFix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\02107C8A
c:\program files\MyWebSearch\bar\Cache\021088EE.bin
c:\program files\MyWebSearch\bar\Cache\02108D43.bin
c:\program files\MyWebSearch\bar\Cache\02108F57.bin
c:\program files\MyWebSearch\bar\Cache\021093AC.bin
c:\program files\MyWebSearch\bar\Cache\0210961D
c:\program files\MyWebSearch\bar\Cache\0211F2DE.bin
c:\program files\MyWebSearch\bar\Cache\0211FD5E.bin
c:\program files\MyWebSearch\bar\Cache\02120415.bin
c:\program files\MyWebSearch\bar\Cache\02120712.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-10 22:47 . 2009-03-10 22:47 2,002 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-03-10 12:30 . 2009-03-10 23:51 <DIR> d-------- c:\windows\rnapxs
2009-03-03 18:11 . 2009-03-03 18:11 <DIR> d-------- c:\documents and settings\Owner\IECompatCache
2009-03-03 16:01 . 2009-03-10 12:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2009-03-02 19:00 . 2009-03-02 19:00 <DIR> d-------- c:\documents and settings\Owner\Freeze Tag - Dream Machine
2009-03-01 21:53 . 2009-03-01 21:53 <DIR> d-------- c:\documents and settings\Owner\Application Data\VisualShape
2009-03-01 21:53 . 2009-03-01 21:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\VisualShape
2009-02-27 22:57 . 2009-02-27 22:57 <DIR> d--hs---- c:\documents and settings\Efrain\PrivacIE
2009-02-27 22:57 . 2009-02-27 22:57 <DIR> d--hs---- c:\documents and settings\Efrain\IETldCache
2009-02-27 19:58 . 2009-02-27 19:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Free Ride Games
2009-02-27 19:58 . 2008-06-21 17:28 37,033 --------- c:\windows\FRGT.ico
2009-02-27 19:58 . 2009-02-27 19:58 64 --a------ c:\windows\GPlrLanc.dat
2009-02-27 16:39 . 2009-02-27 16:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-02-27 13:15 . 2009-02-27 13:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\FlyWheelGames
2009-02-27 12:48 . 2009-02-27 12:48 <DIR> d--hs---- c:\documents and settings\Owner\PrivacIE
2009-02-27 12:03 . 2009-02-27 12:03 <DIR> d--hs---- c:\documents and settings\Owner\IETldCache
2009-02-26 00:16 . 2009-02-26 00:16 <DIR> d-------- c:\windows\ie8updates
2009-02-26 00:10 . 2009-02-26 00:14 <DIR> d--h-c--- c:\windows\ie8
2009-02-26 00:05 . 2009-01-11 01:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-02-19 14:14 . 2009-02-19 14:14 <DIR> d-------- c:\documents and settings\Owner\Application Data\Boolat Games
2009-02-18 14:23 . 2009-02-18 14:23 <DIR> d-------- c:\windows\Sun
2009-02-15 02:53 . 2009-02-15 02:53 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-14 20:37 . 2008-04-13 20:12 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-14 20:18 . 2009-03-12 15:44 3,207,475 --a------ c:\windows\{00000002-00000000-0000000D-00001102-00000004-00581102}.BAK
2009-02-14 20:17 . 2009-03-12 15:44 3,207,475 --a------ c:\windows\{00000002-00000000-0000000D-00001102-00000004-00581102}.CDF
2009-02-14 20:14 . 2009-03-12 15:41 23,304 --a------ c:\windows\system32\BMXCtrlState-{00000002-00000000-0000000D-00001102-00000004-00581102}.rfx
2009-02-14 20:14 . 2009-03-12 15:41 23,304 --a------ c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000004-00581102}.rfx
2009-02-14 20:14 . 2009-03-12 15:41 18,648 --a------ c:\windows\system32\BMXStateBkp-{00000002-00000000-0000000D-00001102-00000004-00581102}.rfx
2009-02-14 20:14 . 2009-03-12 15:41 18,648 --a------ c:\windows\system32\BMXState-{00000002-00000000-0000000D-00001102-00000004-00581102}.rfx
2009-02-14 20:14 . 2009-03-12 15:41 24 --a------ c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000004-00581102}.dat
2009-02-14 20:14 . 2009-03-12 15:41 24 --a------ c:\windows\system32\DVCState-{00000002-00000000-0000000D-00001102-00000004-00581102}.dat
2009-02-14 20:12 . 2002-07-25 11:33 1,160 --a------ c:\windows\ADDREG.REG
2009-02-14 20:10 . 2009-02-14 20:10 <DIR> d-------- C:\Media
2009-02-14 20:10 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTsvcCtl.EXE
2009-02-14 20:10 . 2000-04-20 02:00 24,576 --------- c:\windows\system32\CTMERes.DLL
2009-02-14 20:09 . 2001-05-28 14:47 12,288 --------- c:\windows\system32\AHQCpURes.dll
2009-02-12 02:02 . 2009-03-11 01:02 1,374 --a------ c:\windows\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

But I hit a block with malware. I tried downloading and it comes out like this:

mbam-setup.1.2D0D17 the icon looks like a sheet with the red letter A on the bottom right corner. I tried copy but it won't let me paste the icon here. The website had me download the ADOBE flashplayer but still no success.

 

[Osiris]

Post a new hijackthis log

 

[Purgatory]

You like making a gal wait don't ya. LMAO

Here ya go luv:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:09:16, on 3/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Miriel%20the%20Magical%20Merchant/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1202356277156
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1202361035453
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mushroom%20Age/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sysmexamerica.webex.com/client/T26L10NSP49EP12/event/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 11339 bytes

 

[Purgatory]

By the way I been downloading and deleting driver stuff trying to get the sound working. I know ya hate for us dweebs to download when we're cleaning the system but a gal can only wait so long.

I still haven't completely fixed the sound but I'll take care of that later.

 

[Osiris]

Log looks good.

Can you run combofix one more time and post its new log?

Is System Restore enabled?

 

[Purgatory]

Why is it last time i posted combofix it was easy. This time its saying its tooooooo long

I have to post it in what seems like 3-4 posts

 

[Osiris]

Thats ok. I'll look at all of them

 

[Purgatory]

Third portion
- 2008-04-14 00:11:57 310,272 ------w c:\windows\system32\mp43dmod.dll
+ 2006-10-19 01:47:14 4,096 ------w c:\windows\system32\MP43DMOD.dll
+ 2006-10-19 01:47:14 317,440 ------w c:\windows\system32\MP4SDECD.dll
- 2008-04-14 00:11:57 384,512 ------w c:\windows\system32\mp4sdmod.dll
+ 2006-10-19 01:47:14 4,096 ------w c:\windows\system32\MP4SDMOD.dll
+ 2006-10-19 01:47:14 259,072 ------w c:\windows\system32\MPG4DECD.dll
- 2008-04-14 00:11:57 240,640 ----a-w c:\windows\system32\mpg4dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
+ 2006-10-02 19:28:42 312,128 ------w c:\windows\system32\msdelta.dll
- 2008-04-14 00:12:55 259,072 ----a-w c:\windows\system32\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
- 2008-04-14 00:12:00 52,224 ------w c:\windows\system32\mspmsnsv.dll
+ 2006-10-19 01:47:16 27,136 ------w c:\windows\system32\mspmsnsv.dll
- 2008-04-14 00:12:00 201,728 ----a-w c:\windows\system32\mspmsp.dll
+ 2006-10-19 01:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
- 2008-04-14 00:12:56 356,352 ----a-w c:\windows\system32\msscp.dll
+ 2006-12-04 20:21:50 414,720 ----a-w c:\windows\system32\msscp.dll
- 2008-04-14 00:12:01 245,760 ----a-w c:\windows\system32\mswmdm.dll
+ 2006-10-19 01:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
+ 2006-11-23 04:55:48 782,336 ----a-w c:\windows\system32\OALInst.exe
- 2002-07-19 15:54:50 135,168 ----a-w c:\windows\system32\openal32.dll
+ 2002-07-19 14:54:50 135,168 ----a-w c:\windows\system32\openal32.dll
- 1999-12-17 06:00:00 6,752 ------w c:\windows\system32\PFMODNT.SYS
+ 1999-12-17 05:00:00 6,752 ------w c:\windows\system32\PFMODNT.SYS
- 2002-07-19 15:55:00 110,592 ----a-w c:\windows\system32\piaproxy.dll
+ 2007-04-09 16:21:42 81,920 ----a-w c:\windows\system32\piaproxy.dll
+ 2006-10-19 01:47:18 284,160 ------w c:\windows\system32\PortableDeviceApi.dll
+ 2006-10-19 01:47:18 101,888 ------w c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 01:47:18 166,912 ------w c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-19 01:47:18 132,096 ------w c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 01:47:18 199,168 ------w c:\windows\system32\PortableDeviceWMDRM.dll
+ 2007-04-09 16:32:32 37,888 ----a-w c:\windows\system32\psconv.exe
- 2008-04-14 00:12:03 237,568 ----a-w c:\windows\system32\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
+ 2007-04-09 16:32:36 38,400 ----a-w c:\windows\system32\readreg.exe
+ 2007-04-09 16:21:44 48,128 ----a-w c:\windows\system32\regplib.exe
+ 2002-07-19 14:43:06 65,536 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\a3d.dll
+ 2002-07-19 14:46:28 127,948 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\ctac32k.sys
+ 2002-08-12 15:03:30 837,548 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\ctaud2k.sys
+ 2002-07-19 15:07:26 113,273 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\ctbas2w.dat
+ 2002-07-19 14:56:50 44,055 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\ctdaught.dat
+ 2002-07-19 15:07:30 164,044 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\ctdlang.dat
+ 2002-07-19 14:48:04 195,432 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\ctoss2k.sys
+ 2002-07-19 14:48:08 11,068 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\ctprxy2k.sys
+ 2002-07-19 14:48:22 213,860 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\ctsfm2k.sys
+ 2002-07-19 14:59:32 179,669 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\ctstatic.dat
+ 2002-07-19 14:48:32 156,604 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\emupia2k.sys
+ 2002-08-12 14:49:32 998,004 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\ha10kx2k.sys
+ 2008-04-13 18:45:14 60,160 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\drmk.sys
+ 2008-04-13 19:16:36 141,056 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\ks.sys
+ 2008-04-14 01:11:56 4,096 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\ksuser.dll
+ 2008-04-13 19:19:42 146,048 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\portcls.sys
+ 2008-04-13 18:45:16 49,408 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\stream.sys
+ 2008-04-14 01:12:46 23,552 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\wdmaud.drv
+ 2001-08-17 18:35:46 36,864 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\sfman32.dll
- 2001-08-17 19:35:44 36,864 ----a-w c:\windows\system32\sfman32.dll
+ 2007-04-09 16:21:48 22,528 ----a-w c:\windows\system32\sfman32.dll
- 2002-07-19 15:56:12 270,336 ----a-w c:\windows\system32\sfms32.dll
+ 2007-04-09 16:21:46 130,048 ----a-w c:\windows\system32\sfms32.dll
- 2008-10-13 18:55:34 16,928 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 13:41:40 16,760 ------w c:\windows\system32\spmsg.dll
+ 2006-10-19 01:58:00 8,704 ------w c:\windows\system32\uwdf.exe
+ 2006-10-19 01:47:18 4,096 ------w c:\windows\system32\wdfapi.dll
+ 2006-10-19 01:58:00 8,704 ------w c:\windows\system32\wdfmgr.exe
- 2008-04-14 00:12:09 408,064 ----a-w c:\windows\system32\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 ----a-w c:\windows\system32\WMADMOD.dll
- 2008-04-14 00:12:09 670,720 ----a-w c:\windows\system32\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 ----a-w c:\windows\system32\WMADMOE.dll
- 2008-04-14 00:12:09 230,912 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-27 21:40:30 222,720 ----a-w c:\windows\system32\wmasf.dll
- 2008-04-14 00:12:09 27,136 ----a-w c:\windows\system32\wmdmlog.dll
+ 2006-10-19 01:47:18 33,792 ----a-w c:\windows\system32\wmdmlog.dll
- 2008-04-14 00:12:09 23,552 ----a-w c:\windows\system32\wmdmps.dll
+ 2006-10-19 01:47:18 37,376 ----a-w c:\windows\system32\wmdmps.dll
+ 2006-10-19 01:47:18 429,056 ------w c:\windows\system32\wmdrmdev.dll
+ 2006-10-19 01:47:20 348,672 ------w c:\windows\system32\wmdrmnet.dll
+ 2006-10-19 01:47:20 535,040 ------w c:\windows\system32\wmdrmsdk.dll
- 2008-04-13 17:23:24 168,448 ------w c:\windows\system32\wmerror.dll
+ 2006-10-19 01:47:20 227,328 ------w c:\windows\system32\wmerror.dll
- 2008-04-14 00:12:09 151,552 ------w c:\windows\system32\wmidx.dll
+ 2006-10-19 01:47:20 157,184 ----a-w c:\windows\system32\wmidx.dll
- 2008-06-10 11:11:46 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
+ 2008-06-18 09:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2008-04-14 00:12:09 4,874,240 ------w c:\windows\system32\wmp.dll
+ 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
- 2008-04-14 00:12:09 114,688 ------w c:\windows\system32\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 ------w c:\windows\system32\wmpasf.dll
- 2008-04-14 00:12:09 233,472 ------w c:\windows\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 ------w c:\windows\system32\wmpdxm.dll
+ 2008-06-24 22:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2006-10-19 01:47:20 1,661,440 ------w c:\windows\system32\wmpencen.dll
- 2008-04-13 17:28:21 2,940,928 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-19 01:47:20 8,231,936 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-19 01:47:20 613,376 ------w c:\windows\system32\wmpmde.dll
+ 2006-10-19 01:47:20 130,048 ------w c:\windows\system32\wmpps.dll
- 2008-04-14 00:12:09 102,400 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-10-19 01:47:20 204,288 ------w c:\windows\system32\wmpsrcwp.dll
- 2008-04-14 00:12:09 759,296 ----a-w c:\windows\system32\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w c:\windows\system32\wmsdmod.dll
- 2008-04-14 00:12:09 1,119,744 ------w c:\windows\system32\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ------w c:\windows\system32\wmsdmoe2.dll
- 2008-04-14 00:12:09 485,376 ------w c:\windows\system32\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 ------w c:\windows\system32\WMSPDMOD.dll
- 2008-04-14 00:12:10 897,024 ------w c:\windows\system32\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 ------w c:\windows\system32\WMSPDMOE.dll
+ 2006-10-19 01:47:22 4,096 ------w c:\windows\system32\WMVADVD.dll
+ 2006-10-19 01:47:22 4,096 ------w c:\windows\system32\WMVADVE.DLL
- 2008-11-07 21:45:32 2,174,976 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-06-18 09:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2006-10-19 01:47:22 1,543,680 ------w c:\windows\system32\WMVDECOD.dll
- 2008-04-14 00:12:10 809,984 ----a-w c:\windows\system32\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w c:\windows\system32\wmvdmod.dll
- 2008-04-14 00:12:10 1,001,472 ------w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ------w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 1,574,912 ------w c:\windows\system32\WMVENCOD.dll
+ 2006-10-19 01:47:22 1,382,912 ------w c:\windows\system32\WMVSDECD.dll
+ 2006-10-19 01:47:22 767,488 ------w c:\windows\system32\WMVSENCD.dll
+ 2006-10-19 01:47:22 656,896 ------w c:\windows\system32\WMVXENCD.dll
+ 2006-10-19 01:47:22 629,760 ------w c:\windows\system32\wpd_ci.dll
+ 2006-10-19 01:47:22 35,840 ------w c:\windows\system32\wpdconns.dll
+ 2006-10-19 01:47:22 154,624 ------w c:\windows\system32\wpdmtp.dll
+ 2006-10-19 01:47:22 63,488 ------w c:\windows\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 2,603,008 ------w c:\windows\system32\WpdShext.dll
+ 2006-10-19 00:00:14 17,408 ------w c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-19 01:47:22 38,400 ------w c:\windows\system32\wpdshextres.dll
+ 2006-10-19 01:47:22 133,632 ------w c:\windows\system32\WPDShServiceObj.dll
+ 2006-10-19 01:47:22 356,352 ------w c:\windows\system32\wpdsp.dll
+ 2009-03-13 13:14:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_208.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 13:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-02-11 16384]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-08-30 181488]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 234736]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 259312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 173296]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 771312]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-11 148888]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-06-10 102400]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-06-20 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-06-20 45056]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"CTHelper"="CTHELPER.EXE" [2007-04-09 c:\windows\system32\CtHelper.exe]
"WINDVDPatch"="CTHELPER.EXE" [2007-04-09 c:\windows\system32\CtHelper.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-02-11 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 14:30 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-03-19 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-03-21 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-03-21 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-03-19 115216]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [2009-02-11 65536]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-06-04 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-03-21 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-04-15 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-05-30 88816]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2008-02-06 36224]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-10-01 185584]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-18 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\CAAntiSpywareScan_Daily as Owner at 1 03 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2008-08-27 18:44]

2009-03-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 13:20]

2009-03-12 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []

2009-03-11 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe []

2009-03-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 14:55]

2008-12-21 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 14:55]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-WebCamRT.exe - (no file)
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
LSP: c:\windows\system32\VetRedir.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 09:28:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1688)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: 2009-03-13 9:30:59
ComboFix-quarantined-files.txt 2009-03-13 13:30:51
ComboFix2.txt 2009-03-12 19:49:34

Pre-Run: 180,625,656,832 bytes free
Post-Run: 180,925,233,152 bytes free

910 --- E O F --- 2009-03-13 04:29:48

 

[Purgatory]

- 2007-04-09 17:21:32 264,060 ----a-w c:\windows\system32\data\CTP055AW.DAT
+ 2007-04-09 16:21:32 264,060 ----a-w c:\windows\system32\data\CTP055AW.DAT
- 2007-04-09 17:19:56 319,757 ----a-w c:\windows\system32\data\CTP0600W.DAT
+ 2007-04-09 16:19:56 319,757 ----a-w c:\windows\system32\data\CTP0600W.DAT
- 2007-04-09 17:19:56 319,757 ----a-w c:\windows\system32\data\CTP0610W.DAT
+ 2007-04-09 16:19:56 319,757 ----a-w c:\windows\system32\data\CTP0610W.DAT
- 2007-04-09 17:19:58 319,757 ----a-w c:\windows\system32\data\CTP0669W.DAT
+ 2007-04-09 16:19:58 319,757 ----a-w c:\windows\system32\data\CTP0669W.DAT
- 2007-04-09 17:21:32 345,761 ----a-w c:\windows\system32\data\CTP0678W.DAT
+ 2007-04-09 16:21:32 345,761 ----a-w c:\windows\system32\data\CTP0678W.DAT
- 2007-04-09 17:21:28 345,761 ----a-w c:\windows\system32\data\CTP0679W.DAT
+ 2007-04-09 16:21:28 345,761 ----a-w c:\windows\system32\data\CTP0679W.DAT
- 2007-04-09 17:21:30 265,966 ----a-w c:\windows\system32\data\CTP0730W.DAT
+ 2007-04-09 16:21:30 265,966 ----a-w c:\windows\system32\data\CTP0730W.DAT
- 2007-04-09 17:21:32 265,966 ----a-w c:\windows\system32\data\CTP073AW.DAT
+ 2007-04-09 16:21:32 265,966 ----a-w c:\windows\system32\data\CTP073AW.DAT
- 2007-04-09 17:21:30 263,543 ----a-w c:\windows\system32\data\CTP0760W.DAT
+ 2007-04-09 16:21:30 263,543 ----a-w c:\windows\system32\data\CTP0760W.DAT
- 2007-04-09 17:21:32 269,402 ----a-w c:\windows\system32\data\CTP0773W.DAT
+ 2007-04-09 16:21:32 269,402 ----a-w c:\windows\system32\data\CTP0773W.DAT
- 2007-04-09 17:21:32 268,778 ----a-w c:\windows\system32\data\CTP0930W.DAT
+ 2007-04-09 16:21:32 268,778 ----a-w c:\windows\system32\data\CTP0930W.DAT
- 2007-04-09 17:19:22 233,684 ----a-w c:\windows\system32\data\CTP1140W.DAT
+ 2007-04-09 16:19:22 233,684 ----a-w c:\windows\system32\data\CTP1140W.DAT
- 2007-04-09 17:19:20 233,024 ----a-w c:\windows\system32\data\CTP4620W.DAT
+ 2007-04-09 16:19:20 233,024 ----a-w c:\windows\system32\data\CTP4620W.DAT
- 2007-04-09 17:19:22 233,024 ----a-w c:\windows\system32\data\CTP4670W.DAT
+ 2007-04-09 16:19:22 233,024 ----a-w c:\windows\system32\data\CTP4670W.DAT
- 2007-04-09 17:19:22 233,024 ----a-w c:\windows\system32\data\CTP4760W.DAT
+ 2007-04-09 16:19:22 233,024 ----a-w c:\windows\system32\data\CTP4760W.DAT
- 2007-04-09 17:19:24 233,024 ----a-w c:\windows\system32\data\CTP4780W.DAT
+ 2007-04-09 16:19:24 233,024 ----a-w c:\windows\system32\data\CTP4780W.DAT
- 2007-04-09 17:19:26 232,158 ----a-w c:\windows\system32\data\CTP4790W.DAT
+ 2007-04-09 16:19:26 232,158 ----a-w c:\windows\system32\data\CTP4790W.DAT
- 2007-04-09 17:19:38 267,599 ----a-w c:\windows\system32\data\CTP4820W.DAT
+ 2007-04-09 16:19:38 267,599 ----a-w c:\windows\system32\data\CTP4820W.DAT
- 2007-04-09 17:19:24 233,024 ----a-w c:\windows\system32\data\CTP4830W.DAT
+ 2007-04-09 16:19:24 233,024 ----a-w c:\windows\system32\data\CTP4830W.DAT
- 2007-04-09 17:19:24 233,024 ----a-w c:\windows\system32\data\CTP4831W.DAT
+ 2007-04-09 16:19:24 233,024 ----a-w c:\windows\system32\data\CTP4831W.DAT
- 2007-04-09 17:19:26 233,024 ----a-w c:\windows\system32\data\CTP4832W.DAT
+ 2007-04-09 16:19:26 233,024 ----a-w c:\windows\system32\data\CTP4832W.DAT
- 2007-04-09 17:19:26 232,158 ----a-w c:\windows\system32\data\CTP4840W.DAT
+ 2007-04-09 16:19:26 232,158 ----a-w c:\windows\system32\data\CTP4840W.DAT
- 2007-04-09 17:19:22 233,024 ----a-w c:\windows\system32\data\CTP4850W.DAT
+ 2007-04-09 16:19:22 233,024 ----a-w c:\windows\system32\data\CTP4850W.DAT
- 2007-04-09 17:19:22 233,024 ----a-w c:\windows\system32\data\CTP4870W.DAT
+ 2007-04-09 16:19:22 233,024 ----a-w c:\windows\system32\data\CTP4870W.DAT
- 2007-04-09 17:19:24 233,024 ----a-w c:\windows\system32\data\CTP4871W.DAT
+ 2007-04-09 16:19:24 233,024 ----a-w c:\windows\system32\data\CTP4871W.DAT
- 2007-04-09 17:19:24 233,024 ----a-w c:\windows\system32\data\CTP4872W.DAT
+ 2007-04-09 16:19:24 233,024 ----a-w c:\windows\system32\data\CTP4872W.DAT
- 2007-04-09 17:19:24 233,024 ----a-w c:\windows\system32\data\CTP4875W.DAT
+ 2007-04-09 16:19:24 233,024 ----a-w c:\windows\system32\data\CTP4875W.DAT
- 2007-04-09 17:19:26 232,158 ----a-w c:\windows\system32\data\CTP4890W.DAT
+ 2007-04-09 16:19:26 232,158 ----a-w c:\windows\system32\data\CTP4890W.DAT
- 2007-04-09 17:19:28 232,158 ----a-w c:\windows\system32\data\CTP4891W.DAT
+ 2007-04-09 16:19:28 232,158 ----a-w c:\windows\system32\data\CTP4891W.DAT
- 2007-04-09 17:19:28 232,158 ----a-w c:\windows\system32\data\CTP4893W.DAT
+ 2007-04-09 16:19:28 232,158 ----a-w c:\windows\system32\data\CTP4893W.DAT
- 2007-04-09 17:19:30 235,142 ----a-w c:\windows\system32\data\CTPDXW.DAT
+ 2007-04-09 16:19:30 235,142 ----a-w c:\windows\system32\data\CTPDXW.DAT
- 2007-04-09 17:19:22 233,684 ----a-w c:\windows\system32\data\CTPM002W.DAT
+ 2007-04-09 16:19:22 233,684 ----a-w c:\windows\system32\data\CTPM002W.DAT
- 2007-04-09 17:19:20 2,091 ----a-w c:\windows\system32\data\cts20x.dat
+ 2007-04-09 16:19:20 2,091 ----a-w c:\windows\system32\data\cts20x.dat
+ 2002-07-19 15:07:26 211,126 ----a-w c:\windows\system32\data\CTSBAS2W.DAT
+ 2002-07-19 15:02:22 218,391 ----a-w c:\windows\system32\data\CTSBASW.DAT
- 2002-07-19 16:08:10 94,208 ----a-w c:\windows\system32\devreg.dll
+ 2007-04-09 16:19:02 48,640 ----a-w c:\windows\system32\devreg.dll
- 2002-07-19 15:43:04 65,536 -c--a-w c:\windows\system32\dllcache\a3d.dll
+ 2007-04-09 16:32:58 34,816 -c--a-w c:\windows\system32\dllcache\a3d.dll
- 2008-04-13 17:23:38 8,192 -c----w c:\windows\system32\dllcache\asferror.dll
+ 2006-10-19 01:47:08 7,168 -c----w c:\windows\system32\dllcache\asferror.dll
- 2008-04-14 00:11:50 286,720 -c----w c:\windows\system32\dllcache\blackbox.dll
+ 2006-10-19 01:47:10 542,720 -c----w c:\windows\system32\dllcache\blackbox.dll
- 2008-04-14 00:11:50 159,232 -c----w c:\windows\system32\dllcache\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 -c----w c:\windows\system32\dllcache\cewmdm.dll
- 2008-04-13 19:45:14 60,160 -c--a-w c:\windows\system32\dllcache\drmk.sys
+ 2008-04-13 18:45:14 60,160 -c--a-w c:\windows\system32\dllcache\drmk.sys
- 2008-04-14 00:12:57 695,808 -c----w c:\windows\system32\dllcache\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 -c----w c:\windows\system32\dllcache\drmv2clt.dll
- 2008-04-13 20:16:36 141,056 -c--a-w c:\windows\system32\dllcache\ks.sys
+ 2008-04-13 19:16:36 141,056 -c--a-w c:\windows\system32\dllcache\ks.sys
- 2008-04-14 00:11:56 6,656 -c----w c:\windows\system32\dllcache\laprxy.dll
+ 2006-10-19 01:47:14 11,264 -c----w c:\windows\system32\dllcache\LAPRXY.dll
- 2008-06-10 08:11:20 103,936 -c----w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 05:09:22 100,864 -c----w c:\windows\system32\dllcache\logagent.exe
- 2008-04-14 00:11:57 310,272 -c----w c:\windows\system32\dllcache\mp43dmod.dll
+ 2006-10-19 01:47:14 4,096 -c----w c:\windows\system32\dllcache\MP43DMOD.dll
- 2008-04-14 00:11:57 384,512 -c----w c:\windows\system32\dllcache\mp4sdmod.dll
+ 2006-10-19 01:47:14 4,096 -c----w c:\windows\system32\dllcache\MP4SDMOD.dll
- 2008-04-14 00:11:57 240,640 -c----w c:\windows\system32\dllcache\mpg4dmod.dll
+ 2006-10-19 01:47:14 4,096 -c----w c:\windows\system32\dllcache\MPG4DMOD.dll
- 2008-04-14 00:11:57 368,640 -c----w c:\windows\system32\dllcache\mpvis.dll
+ 2006-10-19 01:47:14 243,712 -c----w c:\windows\system32\dllcache\mpvis.dll
- 2008-04-14 00:12:55 259,072 -c----w c:\windows\system32\dllcache\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 -c----w c:\windows\system32\dllcache\msnetobj.dll
- 2008-04-14 00:12:00 52,224 -c----w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 01:47:16 27,136 -c----w c:\windows\system32\dllcache\mspmsnsv.dll
- 2008-04-14 00:12:00 201,728 -c----w c:\windows\system32\dllcache\mspmsp.dll
+ 2006-10-19 01:47:16 175,616 -c----w c:\windows\system32\dllcache\mspmsp.dll
- 2008-04-14 00:12:56 356,352 -c----w c:\windows\system32\dllcache\msscp.dll
+ 2006-12-04 20:21:50 414,720 -c----w c:\windows\system32\dllcache\msscp.dll
- 2008-04-14 00:12:01 245,760 -c----w c:\windows\system32\dllcache\mswmdm.dll
+ 2006-10-19 01:47:16 321,536 -c----w c:\windows\system32\dllcache\mswmdm.dll
- 2008-04-13 20:19:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
+ 2008-04-13 19:19:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
- 2008-04-14 00:12:35 774,144 -c----w c:\windows\system32\dllcache\setup_wm.exe
+ 2006-11-01 22:31:38 1,669,120 -c----w c:\windows\system32\dllcache\setup_wm.exe
- 2008-04-13 19:45:16 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys
+ 2008-04-13 18:45:16 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys
- 2008-04-14 00:12:38 208,896 -c----w c:\windows\system32\dllcache\unregmp2.exe
+ 2006-11-01 22:31:34 315,904 -c----w c:\windows\system32\dllcache\unregmp2.exe
- 2008-04-14 00:12:09 408,064 -c----w c:\windows\system32\dllcache\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 -c----w c:\windows\system32\dllcache\WMADMOD.dll
- 2008-04-14 00:12:09 670,720 -c----w c:\windows\system32\dllcache\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 -c----w c:\windows\system32\dllcache\WMADMOE.dll
- 2008-04-14 00:12:09 230,912 -c----w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-27 21:40:30 222,720 -c----w c:\windows\system32\dllcache\wmasf.dll
- 2008-04-14 00:12:09 27,136 -c----w c:\windows\system32\dllcache\wmdmlog.dll
+ 2006-10-19 01:47:18 33,792 -c----w c:\windows\system32\dllcache\wmdmlog.dll
- 2008-04-14 00:12:09 23,552 -c----w c:\windows\system32\dllcache\wmdmps.dll
+ 2006-10-19 01:47:18 37,376 -c----w c:\windows\system32\dllcache\wmdmps.dll
- 2008-04-13 17:23:24 168,448 -c----w c:\windows\system32\dllcache\wmerror.dll
+ 2006-10-19 01:47:20 227,328 -c----w c:\windows\system32\dllcache\wmerror.dll
- 2008-04-14 00:12:09 151,552 -c----w c:\windows\system32\dllcache\wmidx.dll
+ 2006-10-19 01:47:20 157,184 -c----w c:\windows\system32\dllcache\wmidx.dll
- 2008-06-10 11:11:46 1,053,696 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-06-18 09:03:08 938,496 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
- 2008-04-14 00:12:09 4,874,240 -c----w c:\windows\system32\dllcache\wmp.dll
+ 2007-06-12 03:51:12 10,834,944 -c----w c:\windows\system32\dllcache\wmp.dll
- 2008-04-14 00:12:09 114,688 -c----w c:\windows\system32\dllcache\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 -c----w c:\windows\system32\dllcache\wmpasf.dll
- 2008-04-14 00:12:09 98,304 -c----w c:\windows\system32\dllcache\wmpband.dll
+ 2006-10-19 01:47:20 96,256 -c----w c:\windows\system32\dllcache\wmpband.dll
- 2008-04-14 00:12:09 233,472 -c----w c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 -c----w c:\windows\system32\dllcache\wmpdxm.dll
- 2008-04-14 00:12:40 73,728 -c----w c:\windows\system32\dllcache\wmplayer.exe
+ 2006-10-19 01:46:20 64,000 -c----w c:\windows\system32\dllcache\wmplayer.exe
- 2008-04-13 17:28:21 2,940,928 -c----w c:\windows\system32\dllcache\wmploc.dll
+ 2006-10-19 01:47:20 8,231,936 -c----w c:\windows\system32\dllcache\wmploc.dll
- 2008-04-14 00:12:09 102,400 -c----w c:\windows\system32\dllcache\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 -c----w c:\windows\system32\dllcache\wmpshell.dll
- 2008-04-14 00:12:09 759,296 -c----w c:\windows\system32\dllcache\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 -c----w c:\windows\system32\dllcache\wmsdmod.dll
- 2008-04-14 00:12:09 1,119,744 -c----w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 -c----w c:\windows\system32\dllcache\wmsdmoe2.dll
- 2008-04-14 00:12:09 485,376 -c----w c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 -c----w c:\windows\system32\dllcache\WMSPDMOD.dll
- 2008-04-14 00:12:10 897,024 -c----w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 -c----w c:\windows\system32\dllcache\WMSPDMOE.dll
- 2008-11-07 21:45:32 2,174,976 -c----w c:\windows\system32\dllcache\WMVCore.dll
+ 2008-06-18 09:03:14 2,458,112 -c----w c:\windows\system32\dllcache\WMVCore.dll
- 2008-04-14 00:12:10 809,984 -c----w c:\windows\system32\dllcache\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 -c----w c:\windows\system32\dllcache\wmvdmod.dll
- 2008-04-14 00:12:10 1,001,472 -c----w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 -c----w c:\windows\system32\dllcache\wmvdmoe2.dll
- 2002-07-19 15:46:26 127,948 ----a-w c:\windows\system32\drivers\ctac32k.sys
+ 2007-04-10 08:19:30 511,272 ----a-w c:\windows\system32\drivers\ctac32k.sys
- 2002-07-19 15:47:50 837,548 ----a-w c:\windows\system32\drivers\ctaud2k.sys
+ 2007-04-10 08:20:38 520,488 ----a-w c:\windows\system32\drivers\ctaud2k.sys
+ 2007-04-10 08:21:06 347,128 ----a-w c:\windows\system32\drivers\ctdvda2k.sys
- 2002-07-19 15:48:02 195,432 ----a-w c:\windows\system32\drivers\ctoss2k.sys
+ 2007-04-10 09:59:04 126,760 ----a-w c:\windows\system32\drivers\ctoss2k.sys
- 2002-07-19 15:48:06 11,068 ----a-w c:\windows\system32\drivers\ctprxy2k.sys
+ 2007-04-10 08:25:46 14,632 ----a-w c:\windows\system32\drivers\ctprxy2k.sys
- 2002-07-19 15:48:20 213,860 ----a-w c:\windows\system32\drivers\ctsfm2k.sys
+ 2007-04-10 10:00:24 157,480 ----a-w c:\windows\system32\drivers\ctsfm2k.sys
- 2008-04-13 19:45:14 60,160 ----a-w c:\windows\system32\drivers\drmk.sys
+ 2008-04-13 18:45:14 60,160 ----a-w c:\windows\system32\drivers\drmk.sys
- 2002-07-19 15:48:30 156,604 ----a-w c:\windows\system32\drivers\emupia2k.sys
+ 2007-04-10 08:28:36 92,968 ----a-w c:\windows\system32\drivers\emupia2k.sys
- 2002-07-24 18:52:24 998,004 ----a-w c:\windows\system32\drivers\ha10kx2k.sys
+ 2007-04-10 08:29:10 797,992 ----a-w c:\windows\system32\drivers\ha10kx2k.sys
+ 2007-04-10 10:03:12 1,164,072 ----a-w c:\windows\system32\drivers\ha20x2k.sys
+ 2007-04-10 08:31:18 163,112 ----a-w c:\windows\system32\drivers\haP16v2k.sys
+ 2007-04-10 08:32:06 189,736 ----a-w c:\windows\system32\drivers\haP17v2k.sys
- 2008-04-13 20:16:36 141,056 ----a-w c:\windows\system32\drivers\ks.sys
+ 2008-04-13 19:16:36 141,056 ----a-w c:\windows\system32\drivers\ks.sys
+ 2007-04-10 08:32:34 16,168 ----a-w c:\windows\system32\drivers\pfmodnt.sys
- 2008-04-13 20:19:42 146,048 ----a-w c:\windows\system32\drivers\portcls.sys
+ 2008-04-13 19:19:42 146,048 ----a-w c:\windows\system32\drivers\portcls.sys
- 2008-04-13 19:45:16 49,408 ----a-w c:\windows\system32\drivers\stream.sys
+ 2008-04-13 18:45:16 49,408 ----a-w c:\windows\system32\drivers\stream.sys
+ 2006-10-19 01:47:22 671,232 ------w c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2006-10-19 00:00:00 38,528 ------w c:\windows\system32\drivers\wpdusb.sys
+ 2006-10-19 00:00:46 249,856 ------w c:\windows\system32\drmupgds.exe
- 2008-04-14 00:12:57 695,808 ----a-w c:\windows\system32\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 ----a-w c:\windows\system32\drmv2clt.dll
- 2001-07-11 15:51:00 77,824 ----a-w c:\windows\system32\eaxac3.dll
+ 2001-07-11 06:51:00 77,824 ----a-w c:\windows\system32\eaxac3.dll
+ 2007-04-09 16:19:18 5,120 ----a-w c:\windows\system32\enlocstr.exe
+ 2007-04-09 16:33:38 11,776 ----a-w c:\windows\system32\inres.dll
- 2001-09-21 22:08:36 49,152 ----a-w c:\windows\system32\killapps.exe
+ 2007-04-09 16:19:16 10,240 ----a-w c:\windows\system32\killapps.exe
- 2008-04-14 00:11:56 6,656 ----a-w c:\windows\system32\laprxy.dll
+ 2006-10-19 01:47:14 11,264 ----a-w c:\windows\system32\LAPRXY.dll
- 2008-06-10 08:11:20 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 05:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-03-12 19:59:36 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-03-12 20:51:46 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2006-10-19 01:47:14 212,992 ------w c:\windows\system32\MFPLAT.dll
+ 2006-10-19 01:47:14 259,072 ------w c:\windows\system32\MP43DECD.dll
- 2008-04-14 00:11:57 310,272 ------w c:\windows\system32\mp43dmod.dll
+ 2006-10-19 01:47:14 4,096 ------w c:\windows\system32\MP43DMOD.dll
+ 2006-10-19 01:47:14 317,440 ------w c:\windows\system32\MP4SDECD.dll
- 2008-04-14 00:11:57 384,512 ------w c:\windows\system32\mp4sdmod.dll
+ 2006-10-19 01:47:14 4,096 ------w c:\windows\system32\MP4SDMOD.dll
+ 2006-10-19 01:47:14 259,072 ------w c:\windows\system32\MPG4DECD.dll
- 2008-04-14 00:11:57 240,640 ----a-w c:\windows\system32\mpg4dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
+ 2006-10-02 19:28:42 312,128 ------w c:\windows\system32\msdelta.dll
- 2008-04-14 00:12:55 259,072 ----a-w c:\windows\system32\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
- 2008-04-14 00:12:00 52,224 ------w c:\windows\system32\mspmsnsv.dll
+ 2006-10-19 01:47:16 27,136 ------w c:\windows\system32\mspmsnsv.dll
- 2008-04-14 00:12:00 201,728 ----a-w c:\windows\system32\mspmsp.dll
+ 2006-10-19 01:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
- 2008-04-14 00:12:56 356,352 ----a-w c:\windows\system32\msscp.dll
+ 2006-12-04 20:21:50 414,720 ----a-w c:\windows\system32\msscp.dll
- 2008-04-14 00:12:01 245,760 ----a-w c:\windows\system32\mswmdm.dll
+ 2006-10-19 01:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
+ 2006-11-23 04:55:48 782,336 ----a-w c:\windows\system32\OALInst.exe
- 2002-07-19 15:54:50 135,168 ----a-w c:\windows\system32\openal32.dll
+ 2002-07-19 14:54:50 135,168 ----a-w c:\windows\system32\openal32.dll
- 1999-12-17 06:00:00 6,752 ------w c:\windows\system32\PFMODNT.SYS
+ 1999-12-17 05:00:00 6,752 ------w c:\windows\system32\PFMODNT.SYS
- 2002-07-19 15:55:00 110,592 ----a-w c:\windows\system32\piaproxy.dll
+ 2007-04-09 16:21:42 81,920 ----a-w c:\windows\system32\piaproxy.dll
+ 2006-10-19 01:47:18 284,160 ------w c:\windows\system32\PortableDeviceApi.dll
+ 2006-10-19 01:47:18 101,888 ------w c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 01:47:18 166,912 ------w c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-19 01:47:18 132,096 ------w c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 01:47:18 199,168 ------w c:\windows\system32\PortableDeviceWMDRM.dll
+ 2007-04-09 16:32:32 37,888 ----a-w c:\windows\system32\psconv.exe
- 2008-04-14 00:12:03 237,568 ----a-w c:\windows\system32\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
+ 2007-04-09 16:32:36 38,400 ----a-w c:\windows\system32\readreg.exe
+ 2007-04-09 16:21:44 48,128 ----a-w c:\windows\system32\regplib.exe
+ 2002-07-19 14:43:06 65,536 ----a-w c:\windows\system32\ReinstallBackups\0008\DriverFiles\a3d.dll