ComboFix 11-08-18.02 - Terri Ward 08/18/2011 15:42:45.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1375 [GMT -5:00] Running from: c:\documents and settings\Terri Ward\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Terri Ward\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . FILE :: "c:\docume~1\TERRIW~1\LOCALS~1\Temp\nsy12C.tmp" "c:\documents and settings\Terri Ward\Local Settings\Temp\clclean.0001.dir.0000" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\TERRIW~1\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp c:\documents and settings\All Users\Start Menu\Windows Live Messenger .lnk c:\documents and settings\Terri Ward\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ABP_INSTALLCHECKERSERVICE -------\Service_ABP_InstallCheckerService . . ((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 ))))))))))))))))))))))))))))))) . . 2011-08-18 17:25 . 2011-08-18 17:25 -------- d-----w- c:\documents and settings\Terri Ward\Application Data\Malwarebytes 2011-08-18 17:25 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-18 17:25 . 2011-08-18 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-18 17:25 . 2011-08-18 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-18 17:25 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-18 17:14 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2011-08-18 17:04 . 2011-08-18 17:04 -------- d-----w- c:\program files\Foxit Software 2011-08-18 15:06 . 2011-08-18 15:06 -------- d-----w- c:\program files\Windows Media Connect 2 2011-08-18 15:05 . 2011-08-18 15:06 -------- d-----w- C:\0494835c04fb85231c7acc88db 2011-08-18 14:04 . 2011-08-12 00:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38C38A3E-BF20-46BA-8C5D-3C3BAEA458F6}\mpengine.dll 2011-08-18 14:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-08-18 14:02 . 2011-08-18 14:02 -------- d-----w- c:\program files\Microsoft Security Client 2011-08-18 13:59 . 2011-08-18 13:59 -------- d-----w- c:\windows\system32\drivers\NST 2011-08-18 13:59 . 2011-08-18 13:59 -------- d-----w- c:\program files\Norton Safe Web Lite 2011-08-18 13:59 . 2011-08-18 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2011-08-18 13:59 . 2011-08-18 13:59 -------- d-----w- c:\program files\NortonInstaller 2011-08-17 20:06 . 2011-08-17 20:06 -------- d-----w- C:\_OTL 2011-08-10 23:08 . 2011-08-10 23:08 -------- d-----w- c:\program files\ESET 2011-08-10 19:40 . 2011-08-10 20:22 -------- d-----w- c:\windows\system32\Adobe 2011-08-10 16:01 . 2011-08-10 16:01 -------- d-----w- c:\documents and settings\Terri Ward\Local Settings\Application Data\Mozilla 2011-08-09 20:45 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-09 20:45 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-18 14:45 . 2011-05-20 06:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2005-08-16 10:18 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2005-08-16 10:18 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10 . 2005-08-16 10:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2005-08-16 10:18 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-18 17:15 . 2011-06-18 17:15 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-18 17:15 . 2011-04-09 00:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-02 14:02 . 2005-08-16 10:18 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-07-08 07:16 . 2011-08-10 20:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-18_13.46.34 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-18 20:49 . 2011-08-18 20:49 16384 c:\windows\Temp\Perflib_Perfdata_244.dat + 2006-09-28 23:56 . 2006-09-28 23:56 55808 c:\windows\system32\WudfSvc.dll + 2006-09-29 01:13 . 2006-09-29 01:13 95344 c:\windows\system32\WUDFCoinstaller.dll + 2006-10-19 02:47 . 2006-10-19 02:47 38400 c:\windows\system32\wpdshextres.dll + 2006-10-19 01:00 . 2006-10-19 01:00 17408 c:\windows\system32\wpdshextautoplay.exe + 2005-08-16 10:18 . 2006-10-19 02:47 63488 c:\windows\system32\wpdmtpus.dll + 2005-08-16 10:18 . 2006-10-19 02:47 35840 c:\windows\system32\wpdconns.dll + 2005-08-16 10:19 . 2006-10-19 02:47 99840 c:\windows\system32\wmpshell.dll + 2005-08-16 10:19 . 2006-10-19 02:47 37376 c:\windows\system32\wmdmps.dll - 2005-08-16 10:19 . 2005-08-04 00:29 37376 c:\windows\system32\WMDMPS.dll + 2005-08-16 10:19 . 2006-10-19 02:47 33792 c:\windows\system32\wmdmlog.dll + 2011-08-18 15:06 . 2007-07-28 04:11 16760 c:\windows\system32\spmsg.dll + 2005-08-16 10:19 . 2006-10-19 02:47 27136 c:\windows\system32\mspmsnsv.dll + 2005-08-16 10:19 . 2006-10-19 02:47 11264 c:\windows\system32\LAPRXY.dll + 2006-09-29 00:00 . 2006-09-29 00:00 82944 c:\windows\system32\drivers\WudfRd.sys + 2006-09-28 23:55 . 2006-09-28 23:55 77568 c:\windows\system32\drivers\WudfPf.sys + 2005-08-16 10:18 . 2006-10-19 01:00 38528 c:\windows\system32\drivers\wpdusb.sys + 2011-08-18 15:05 . 2006-09-29 00:01 58368 c:\windows\$NtUninstallWudf01000$\spuninst\WudfCustom.dll + 2011-08-18 15:06 . 2004-08-10 11:00 81920 c:\windows\$NtUninstallwmp11$\wmpshell.dll + 2011-08-18 15:06 . 2005-06-24 01:09 73728 c:\windows\$NtUninstallwmp11$\wmplayer.exe + 2011-08-18 15:06 . 2004-08-10 11:00 28672 c:\windows\$NtUninstallwmp11$\wmpenc.exe + 2011-08-18 15:06 . 2004-08-10 11:00 77824 c:\windows\$NtUninstallwmp11$\wmpband.dll + 2011-08-18 15:05 . 2006-03-03 12:33 18944 c:\windows\$NtUninstallWMFDist11$\wpdusb.sys + 2011-08-18 15:05 . 2006-03-03 12:33 66560 c:\windows\$NtUninstallWMFDist11$\wpdmtpus.dll + 2011-08-18 15:05 . 2006-03-03 12:32 61952 c:\windows\$NtUninstallWMFDist11$\wpdconns.dll + 2011-08-18 15:05 . 2006-03-03 12:33 38912 c:\windows\$NtUninstallWMFDist11$\wpd_ci.dll + 2011-08-18 15:05 . 2005-08-04 00:29 37376 c:\windows\$NtUninstallWMFDist11$\wmdmps.dll + 2011-08-18 15:05 . 2005-08-04 00:29 29184 c:\windows\$NtUninstallWMFDist11$\wmdmlog.dll + 2011-08-18 15:05 . 2005-08-04 01:05 38912 c:\windows\$NtUninstallWMFDist11$\wdfmgr.exe + 2011-08-18 15:05 . 2005-08-04 01:05 15872 c:\windows\$NtUninstallWMFDist11$\wdfapi.dll + 2011-08-18 15:05 . 2005-08-04 01:05 47104 c:\windows\$NtUninstallWMFDist11$\uwdf.exe + 2011-08-18 15:05 . 2006-11-02 16:46 13312 c:\windows\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll + 2011-08-18 15:05 . 2005-08-04 00:29 25088 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll + 2011-08-18 15:05 . 2008-06-11 06:47 96768 c:\windows\$NtUninstallWMFDist11$\logagent.exe + 2005-08-16 10:19 . 2006-10-19 02:47 4096 c:\windows\system32\wmvdmoe2.dll + 2005-08-16 10:19 . 2006-10-19 02:47 4096 c:\windows\system32\wmvdmod.dll + 2005-08-16 10:18 . 2006-10-19 02:47 4096 c:\windows\system32\WMVADVE.DLL + 2005-08-16 10:18 . 2006-10-19 02:47 4096 c:\windows\system32\WMVADVD.dll + 2005-08-16 10:19 . 2006-10-19 02:47 4096 c:\windows\system32\wmsdmoe2.dll + 2005-08-16 10:19 . 2006-10-19 02:47 4096 c:\windows\system32\wmsdmod.dll + 2005-08-16 10:18 . 2006-10-19 02:58 8704 c:\windows\system32\wdfmgr.exe + 2005-08-16 10:18 . 2006-10-19 02:47 4096 c:\windows\system32\wdfapi.dll + 2005-08-16 10:18 . 2006-10-19 02:58 8704 c:\windows\system32\uwdf.exe + 2005-08-16 10:19 . 2006-10-19 02:47 4096 c:\windows\system32\MPG4DMOD.dll + 2005-08-16 10:19 . 2006-10-19 02:47 4096 c:\windows\system32\MP4SDMOD.dll + 2005-08-16 10:19 . 2006-10-19 02:47 4096 c:\windows\system32\MP43DMOD.dll + 2010-04-05 15:54 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\MP4SDMOD.dll + 2005-08-16 10:19 . 2006-10-19 02:47 7168 c:\windows\system32\asferror.dll + 2011-08-18 15:06 . 2004-08-10 11:00 8192 c:\windows\$NtUninstallwmp11$\asferror.dll + 2011-08-18 15:05 . 2005-08-04 00:29 6656 c:\windows\$NtUninstallWMFDist11$\laprxy.dll + 2006-09-28 23:56 . 2006-09-28 23:56 316416 c:\windows\system32\WUDFx.dll + 2006-09-28 23:56 . 2006-09-28 23:56 165376 c:\windows\system32\WudfPlatform.dll + 2006-09-28 23:56 . 2006-09-28 23:56 146432 c:\windows\system32\WudfHost.exe + 2005-08-16 10:18 . 2006-10-19 02:47 356352 c:\windows\system32\wpdsp.dll + 2006-10-19 02:47 . 2006-10-19 02:47 133632 c:\windows\system32\WPDShServiceObj.dll + 2005-08-16 10:18 . 2006-10-19 02:47 154624 c:\windows\system32\wpdmtp.dll + 2005-08-16 10:18 . 2006-10-19 02:47 629760 c:\windows\system32\wpd_ci.dll + 2006-10-19 02:47 . 2006-10-19 02:47 656896 c:\windows\system32\WMVXENCD.dll + 2006-10-19 02:47 . 2006-10-19 02:47 767488 c:\windows\system32\WMVSENCD.dll + 2005-08-16 10:19 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll + 2005-08-16 10:18 . 2006-10-19 02:47 204288 c:\windows\system32\wmpsrcwp.dll + 2006-10-19 02:47 . 2006-10-19 02:47 130048 c:\windows\system32\wmpps.dll + 2006-10-19 02:47 . 2006-10-19 02:47 613376 c:\windows\system32\wmpmde.dll + 2006-10-19 02:47 . 2006-10-19 02:47 295936 c:\windows\system32\wmpeffects.dll + 2005-08-16 10:19 . 2009-07-14 04:43 286208 c:\windows\system32\wmpdxm.dll + 2005-08-16 10:19 . 2006-10-19 02:47 242688 c:\windows\system32\wmpasf.dll + 2005-08-16 10:19 . 2008-06-18 10:03 938496 c:\windows\system32\WMNetmgr.dll + 2005-08-16 10:19 . 2006-10-19 02:47 157184 c:\windows\system32\wmidx.dll + 2005-08-16 10:19 . 2006-10-19 02:47 227328 c:\windows\system32\wmerror.dll + 2005-04-20 17:32 . 2006-10-19 02:47 535040 c:\windows\system32\wmdrmsdk.dll + 2005-08-16 10:18 . 2006-10-19 02:47 348672 c:\windows\system32\wmdrmnet.dll + 2005-08-16 10:18 . 2006-10-19 02:47 429056 c:\windows\system32\wmdrmdev.dll + 2005-08-16 10:19 . 2007-10-27 22:40 222720 c:\windows\system32\wmasf.dll + 2005-08-16 10:19 . 2006-10-19 02:47 757248 c:\windows\system32\WMADMOD.dll + 2005-08-05 20:01 . 2006-10-09 21:12 235008 c:\windows\system32\psisdecd.dll + 2006-10-19 02:47 . 2006-10-19 02:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll + 2006-10-19 02:47 . 2006-10-19 02:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll + 2006-10-19 02:47 . 2006-10-19 02:47 166912 c:\windows\system32\PortableDeviceTypes.dll + 2006-10-19 02:47 . 2006-10-19 02:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll + 2006-10-19 02:47 . 2006-10-19 02:47 284160 c:\windows\system32\PortableDeviceApi.dll + 2005-08-16 10:19 . 2006-10-19 02:47 321536 c:\windows\system32\mswmdm.dll + 2005-08-16 10:19 . 2006-10-19 02:47 414208 c:\windows\system32\msscp.dll + 2005-08-16 10:19 . 2006-10-19 02:47 175616 c:\windows\system32\mspmsp.dll + 2005-08-16 10:19 . 2006-10-19 02:47 179712 c:\windows\system32\msnetobj.dll + 2006-10-02 20:28 . 2006-10-02 20:28 312128 c:\windows\system32\msdelta.dll + 2006-10-19 02:47 . 2006-10-19 02:47 259072 c:\windows\system32\MPG4DECD.dll + 2006-10-19 02:47 . 2010-03-30 17:24 317440 c:\windows\system32\mp4sdecd.dll + 2006-10-19 02:47 . 2006-10-19 02:47 259072 c:\windows\system32\MP43DECD.dll + 2005-04-20 17:32 . 2006-10-19 02:47 212992 c:\windows\system32\MFPLAT.dll + 2011-08-18 14:45 . 2011-08-18 14:45 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe + 2005-08-16 10:19 . 2008-06-18 06:09 100864 c:\windows\system32\logagent.exe + 2005-08-16 10:19 . 2006-10-19 02:47 991744 c:\windows\system32\drmv2clt.dll + 2005-08-04 00:29 . 2006-10-19 01:00 249856 c:\windows\system32\drmupgds.exe + 2006-10-19 02:47 . 2006-10-19 02:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll + 2011-04-18 18:18 . 2011-04-18 18:18 165648 c:\windows\system32\drivers\MpFilter.sys + 2009-04-10 05:01 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll + 2009-07-13 14:08 . 2009-07-14 04:43 286208 c:\windows\system32\dllcache\wmpdxm.dll + 2008-06-11 06:58 . 2008-06-18 10:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll + 2007-10-27 21:39 . 2007-10-27 22:40 222720 c:\windows\system32\dllcache\wmasf.dll + 2006-10-09 21:12 . 2006-10-09 21:12 235008 c:\windows\system32\dllcache\psisdecd.dll + 2010-03-30 17:24 . 2010-03-30 17:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll + 2008-06-11 06:47 . 2008-06-18 06:09 100864 c:\windows\system32\dllcache\logagent.exe + 2005-12-15 18:14 . 2006-10-09 21:16 558592 c:\windows\system32\dllcache\ehui.dll + 2005-12-15 18:14 . 2006-10-09 21:17 328704 c:\windows\system32\dllcache\ehglid.dll + 2005-12-15 18:06 . 2006-10-09 21:07 868352 c:\windows\system32\dllcache\ehepg.dll + 2005-08-16 10:19 . 2006-10-19 02:47 229376 c:\windows\system32\cewmdm.dll + 2005-08-16 10:19 . 2006-10-19 02:47 542720 c:\windows\system32\blackbox.dll + 2005-08-16 10:18 . 2006-10-19 02:47 276992 c:\windows\system32\audiodev.dll + 2011-08-18 14:02 . 2011-08-18 14:02 785920 c:\windows\Installer\f62b8.msi + 2011-08-18 14:02 . 2011-08-18 14:02 483840 c:\windows\Installer\f62b2.msi + 2011-08-18 14:02 . 2011-08-18 14:02 301056 c:\windows\Installer\f62ad.msi + 2011-08-18 15:58 . 2011-08-18 15:58 836096 c:\windows\Installer\14b632.msi + 2005-08-16 10:19 . 2006-11-01 23:31 315904 c:\windows\inf\unregmp2.exe + 2005-08-05 19:06 . 2006-10-09 21:12 107008 c:\windows\ehome\mstvcapn.dll + 2005-08-16 10:37 . 2006-10-09 21:16 558592 c:\windows\ehome\ehui.dll + 2005-08-16 10:37 . 2006-10-09 21:17 328704 c:\windows\ehome\ehglid.dll + 2005-08-16 10:37 . 2006-10-09 21:07 868352 c:\windows\ehome\ehepg.dll + 2005-08-05 20:01 . 2006-10-09 21:12 235008 c:\windows\Driver Cache\i386\psisdecd.dll - 2010-09-17 17:57 . 2010-09-17 17:57 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll + 2011-08-18 15:08 . 2011-08-18 15:08 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll + 2011-08-18 15:08 . 2011-08-18 15:08 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll + 2011-08-18 15:05 . 2006-09-16 06:05 379184 c:\windows\$NtUninstallWudf01000$\spuninst\updspapi.dll + 2011-08-18 15:05 . 2006-09-16 06:05 221488 c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe + 2011-08-18 15:06 . 2004-08-10 11:00 174080 c:\windows\$NtUninstallwmp11$\wmpsrcwp.dll + 2011-08-18 15:06 . 2009-07-13 14:08 286720 c:\windows\$NtUninstallwmp11$\wmpdxm.dll + 2011-08-18 15:06 . 2004-08-10 11:00 131072 c:\windows\$NtUninstallwmp11$\wmpasf.dll + 2011-08-18 15:06 . 2004-08-10 11:00 118784 c:\windows\$NtUninstallwmp11$\wmlaunch.exe + 2011-08-18 15:06 . 2004-08-10 11:00 189440 c:\windows\$NtUninstallwmp11$\wmerror.dll + 2011-08-18 15:06 . 2004-08-10 11:00 192512 c:\windows\$NtUninstallwmp11$\unregmp2.exe + 2011-08-18 15:06 . 2006-05-16 23:11 371424 c:\windows\$NtUninstallwmp11$\spuninst\updspapi.dll + 2011-08-18 15:06 . 2006-05-16 23:11 213216 c:\windows\$NtUninstallwmp11$\spuninst\spuninst.exe + 2011-08-18 15:06 . 2006-10-02 17:30 819200 c:\windows\$NtUninstallwmp11$\setup_wm.exe + 2011-08-18 15:06 . 2004-08-10 11:00 356352 c:\windows\$NtUninstallwmp11$\mpvis.dll + 2011-08-18 15:05 . 2006-03-03 12:33 329728 c:\windows\$NtUninstallWMFDist11$\wpdsp.dll + 2011-08-18 15:05 . 2006-03-03 12:33 114176 c:\windows\$NtUninstallWMFDist11$\wpdmtp.dll + 2011-08-18 15:05 . 2005-08-04 00:29 826368 c:\windows\$NtUninstallWMFDist11$\wmvdmod.dll + 2011-08-18 15:05 . 2005-08-04 00:29 940544 c:\windows\$NtUninstallWMFDist11$\wmspdmoe.dll + 2011-08-18 15:05 . 2009-04-10 05:01 413544 c:\windows\$NtUninstallWMFDist11$\wmspdmod.dll + 2011-08-18 15:05 . 2005-08-04 00:29 819200 c:\windows\$NtUninstallWMFDist11$\wmsetsdk.exe + 2011-08-18 15:05 . 2005-08-04 00:29 771584 c:\windows\$NtUninstallWMFDist11$\wmsdmod.dll + 2011-08-18 15:05 . 2008-06-11 06:58 988672 c:\windows\$NtUninstallWMFDist11$\wmnetmgr.dll + 2011-08-18 15:05 . 2005-08-04 00:29 150016 c:\windows\$NtUninstallWMFDist11$\wmidx.dll + 2011-08-18 15:05 . 2005-08-04 00:29 180224 c:\windows\$NtUninstallWMFDist11$\wmdrmsdk.dll + 2011-08-18 15:05 . 2005-08-04 00:29 290816 c:\windows\$NtUninstallWMFDist11$\wmdrmnet.dll + 2011-08-18 15:05 . 2005-08-04 00:29 344064 c:\windows\$NtUninstallWMFDist11$\wmdrmdev.dll + 2011-08-18 15:05 . 2007-10-27 21:39 228864 c:\windows\$NtUninstallWMFDist11$\wmasf.dll + 2011-08-18 15:05 . 2005-08-04 00:29 716288 c:\windows\$NtUninstallWMFDist11$\wmadmoe.dll + 2011-08-18 15:05 . 2005-08-04 00:29 359936 c:\windows\$NtUninstallWMFDist11$\wmadmod.dll + 2011-08-18 15:05 . 2006-05-16 23:11 371424 c:\windows\$NtUninstallWMFDist11$\spuninst\updspapi.dll + 2011-08-18 15:05 . 2006-05-16 23:11 213216 c:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe + 2011-08-18 15:05 . 2005-08-04 00:29 221184 c:\windows\$NtUninstallWMFDist11$\qasf.dll + 2011-08-18 15:05 . 2005-08-04 00:29 315904 c:\windows\$NtUninstallWMFDist11$\mswmdm.dll + 2011-08-18 15:05 . 2005-08-04 00:29 353520 c:\windows\$NtUninstallWMFDist11$\msscp.dll + 2011-08-18 15:05 . 2005-08-04 00:29 173568 c:\windows\$NtUninstallWMFDist11$\mspmsp.dll + 2011-08-18 15:05 . 2005-08-04 00:29 115200 c:\windows\$NtUninstallWMFDist11$\msnetobj.dll + 2011-08-18 15:05 . 2008-04-14 00:11 240640 c:\windows\$NtUninstallWMFDist11$\mpg4dmod.dll + 2011-08-18 15:05 . 2010-04-05 15:54 384512 c:\windows\$NtUninstallWMFDist11$\mp4sdmod.dll + 2011-08-18 15:05 . 2004-08-10 11:00 310272 c:\windows\$NtUninstallWMFDist11$\mp43dmod.dll + 2011-08-18 15:05 . 2005-08-04 00:29 106496 c:\windows\$NtUninstallWMFDist11$\mfplat.dll + 2011-08-18 15:05 . 2006-03-03 12:26 581632 c:\windows\$NtUninstallWMFDist11$\drmv2clt.dll + 2011-08-18 15:05 . 2005-08-04 00:29 178936 c:\windows\$NtUninstallWMFDist11$\drmupgds.exe + 2011-08-18 15:05 . 2005-08-04 00:29 207872 c:\windows\$NtUninstallWMFDist11$\cewmdm.dll + 2011-08-18 15:05 . 2006-03-03 12:26 429056 c:\windows\$NtUninstallWMFDist11$\blackbox.dll + 2011-08-18 15:05 . 2004-08-10 11:00 480768 c:\windows\$NtUninstallWMFDist11$\audiodev.dll + 2011-08-18 15:06 . 2006-09-25 22:58 379184 c:\windows\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll + 2011-08-18 15:06 . 2006-09-25 22:58 221488 c:\windows\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe + 2011-08-18 15:34 . 2006-10-19 02:47 314880 c:\windows\$NtUninstallKB973540_WM9$\wmpdxm.dll + 2011-08-18 15:34 . 2007-07-27 15:41 382840 c:\windows\$NtUninstallKB973540_WM9$\spuninst\updspapi.dll + 2011-08-18 15:34 . 2007-07-27 15:41 231288 c:\windows\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe + 2011-08-18 15:04 . 2005-10-13 18:22 371424 c:\windows\$NtUninstallKB925766$\spuninst\updspapi.dll + 2011-08-18 15:04 . 2005-10-13 18:22 213216 c:\windows\$NtUninstallKB925766$\spuninst\spuninst.exe + 2011-08-18 15:04 . 2005-08-05 20:01 239104 c:\windows\$NtUninstallKB925766$\psisdecd.dll + 2011-08-18 15:04 . 2005-12-15 18:11 106496 c:\windows\$NtUninstallKB925766$\mstvcapn.dll + 2011-08-18 15:04 . 2005-12-15 18:14 558080 c:\windows\$NtUninstallKB925766$\ehui.dll + 2011-08-18 15:04 . 2005-12-15 18:14 237568 c:\windows\$NtUninstallKB925766$\ehrecvr.exe + 2011-08-18 15:04 . 2005-12-15 18:14 332288 c:\windows\$NtUninstallKB925766$\ehglid.dll + 2011-08-18 15:04 . 2005-12-15 18:06 864256 c:\windows\$NtUninstallKB925766$\ehepg.dll + 2006-10-19 02:47 . 2006-10-19 02:47 2603008 c:\windows\system32\WpdShext.dll + 2006-10-19 02:47 . 2006-10-19 02:47 1382912 c:\windows\system32\WMVSDECD.dll + 2006-10-19 02:47 . 2006-10-19 02:47 1574912 c:\windows\system32\WMVENCOD.dll + 2006-10-19 02:47 . 2006-10-19 02:47 1543680 c:\windows\system32\WMVDECOD.dll + 2005-08-16 10:19 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll + 2005-08-16 10:19 . 2006-10-19 02:47 1329152 c:\windows\system32\WMSPDMOE.dll + 2005-08-16 10:19 . 2006-10-19 02:47 8231936 c:\windows\system32\wmploc.dll + 2005-08-16 10:18 . 2006-10-19 02:47 1661440 c:\windows\system32\wmpencen.dll + 2005-08-16 10:19 . 2006-10-19 02:47 1117696 c:\windows\system32\wmadmoe.dll + 2011-08-18 14:45 . 2011-08-18 14:45 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2005-08-16 10:19 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll - 2005-12-15 18:13 . 2005-12-15 18:13 1669632 c:\windows\system32\dllcache\msvidctl.dll + 2005-12-15 18:13 . 2006-10-09 21:15 1669632 c:\windows\system32\dllcache\msvidctl.dll + 2005-12-15 18:18 . 2006-10-09 21:19 3223552 c:\windows\system32\dllcache\ehshell.exe + 2005-12-15 18:14 . 2006-10-09 21:16 1863680 c:\windows\system32\dllcache\ehcm.dll - 2005-12-15 18:14 . 2005-12-15 18:14 1863680 c:\windows\system32\dllcache\ehcm.dll + 2005-08-16 10:37 . 2006-10-09 21:19 3223552 c:\windows\ehome\ehshell.exe - 2005-08-16 10:37 . 2005-12-15 18:14 1863680 c:\windows\ehome\ehcm.dll + 2005-08-16 10:37 . 2006-10-09 21:16 1863680 c:\windows\ehome\ehcm.dll - 2010-09-17 17:57 . 2010-09-17 17:57 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll + 2011-08-18 15:08 . 2011-08-18 15:08 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll + 2011-08-18 15:06 . 2005-06-24 01:15 3371008 c:\windows\$NtUninstallwmp11$\wmploc.dll + 2011-08-18 15:06 . 2004-08-10 11:00 1582080 c:\windows\$NtUninstallwmp11$\wmpencen.dll + 2011-08-18 15:06 . 2010-08-25 11:23 5541888 c:\windows\$NtUninstallwmp11$\wmp.dll + 2011-08-18 15:05 . 2005-08-04 00:29 1003008 c:\windows\$NtUninstallWMFDist11$\wmvdmoe2.dll + 2011-08-18 15:05 . 2010-04-03 08:27 2334720 c:\windows\$NtUninstallWMFDist11$\wmvcore.dll + 2011-08-18 15:05 . 2005-08-04 00:29 1512448 c:\windows\$NtUninstallWMFDist11$\wmvadve.dll + 2011-08-18 15:05 . 2005-08-04 00:29 1216000 c:\windows\$NtUninstallWMFDist11$\wmvadvd.dll + 2011-08-18 15:05 . 2005-08-04 00:29 1119744 c:\windows\$NtUninstallWMFDist11$\wmsdmoe2.dll + 2011-08-18 15:04 . 2005-12-15 18:13 1669632 c:\windows\$NtUninstallKB925766$\msvidctl.dll + 2011-08-18 15:04 . 2005-12-15 18:18 3219456 c:\windows\$NtUninstallKB925766$\ehshell.exe + 2011-08-18 15:04 . 2005-12-15 18:14 1863680 c:\windows\$NtUninstallKB925766$\ehcm.dll + 2005-08-16 10:19 . 2010-08-26 04:36 10841088 c:\windows\system32\wmp.dll + 2009-07-13 14:08 . 2010-08-26 04:36 10841088 c:\windows\system32\dllcache\wmp.dll + 2011-08-18 15:34 . 2006-10-19 02:47 10834432 c:\windows\$NtUninstallKB973540_WM9$\wmp.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576] "Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 143360] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "MBMon"="CTMBHA.DLL" [2006-06-29 1355042] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960] "SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 49152] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968] "Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-04-08 231592] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFTQUctSkVMVFotMjJGT04tQVlNUFUtMkFCSkwtTQ&inst=NzYtODgzMjA1MTI3LVhPMzYrMS1OMUQrMS1UQjkrMi1QTCs5LVgyMDEwKzItUUlYMSs0LUYxME0xMEQrMS1WSVArMS1GSSsxLUZMMTArMS1ERFQrMA&prod=94&ver=10.0.1392" [?] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-6 24576] Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2011-4-23 819200] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"= "c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\ooVoo\\ooVoo.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/18/2011 12:25 PM 366640] R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [8/18/2011 8:59 AM 130000] R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 12:11 AM 428640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/18/2011 12:25 PM 22712] S1 MpKsla83e90a5;MpKsla83e90a5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38C38A3E-BF20-46BA-8C5D-3C3BAEA458F6}\MpKsla83e90a5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38C38A3E-BF20-46BA-8C5D-3C3BAEA458F6}\MpKsla83e90a5.sys [?] S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/15/2011 3:59 AM 183560] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/18/2011 12:25 PM 41272] . Contents of the 'Scheduled Tasks' folder . 2011-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] . 2011-08-18 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39] . 2011-08-18 c:\windows\Tasks\User_Feed_Synchronization-{C1124392-06BB-4822-85EA-76F1D12BA298}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 192.168.1.1 DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://cdn03.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll FF - ProfilePath - c:\documents and settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-18 15:49 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL] "ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2924) c:\windows\system32\WININET.dll c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\brss01a.exe c:\windows\system32\Brmfrmps.exe c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe c:\windows\system32\CTsvcCDA.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\BingBar\SeaPort.EXE c:\windows\ehome\mcrdsvc.exe c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\stsystra.exe c:\windows\system32\Rundll32.exe c:\docume~1\TERRIW~1\LOCALS~1\Temp\clclean.0001 c:\windows\eHome\ehmsas.exe c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2011-08-18 15:53:18 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-18 20:53 ComboFix2.txt 2011-08-18 13:50 . Pre-Run: 185,508,728,832 bytes free Post-Run: 185,749,889,024 bytes free . - - End Of File - - 7D4E2B1F05467F6A09AAD76906423E9E