Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

bad .dll files [CLOSED]


  • This topic is locked This topic is locked

#1
cooljazz

cooljazz

    Member

  • Member
  • PipPip
  • 14 posts
This just happened about 48 hrs ago. Error messages recommend reinstalling most programs. Do I need to do a reinstall?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:06 AM, on 4/26/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1209177944609
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8004 bytes
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do these look like legitimate Windows messages? What are they saying exactly (post the exact wording here)?

This might not be a malware issue, but let's see if this scan can show us anything.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
cooljazz

cooljazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 08-04-26.3 - Owner 2008-04-27 11:14:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.168 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 04:44 . 2008-04-27 04:44 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-27 04:33 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-27 04:33 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-27 04:33 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-27 04:30 . 2008-04-27 04:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-27 04:30 . 2008-04-27 04:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-26 16:02 . 2008-04-26 20:03 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-26 08:43 . 2004-08-04 02:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-04-26 08:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-26 08:35 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-25 23:43 . 2008-04-25 23:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-25 23:43 . 2008-04-26 18:25 <DIR> d-------- C:\Program Files\MSN Messenger
2008-04-25 23:37 . 2008-04-25 23:37 244 --ah----- C:\sqmnoopt02.sqm
2008-04-25 23:37 . 2008-04-25 23:37 232 --ah----- C:\sqmdata02.sqm
2008-04-25 23:26 . 2008-04-25 23:26 244 --ah----- C:\sqmnoopt01.sqm
2008-04-25 23:26 . 2008-04-25 23:26 232 --ah----- C:\sqmdata01.sqm
2008-04-25 22:05 . 2004-08-04 02:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-04-25 22:05 . 2004-08-04 02:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-04-25 22:05 . 2004-08-04 02:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-04-25 22:05 . 2004-03-29 20:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-04-25 22:05 . 2004-08-04 02:56 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2008-04-25 22:01 . 2004-08-04 01:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-04-25 22:01 . 2004-08-04 01:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-25 22:01 . 2004-08-04 02:56 23,552 --a------ C:\WINDOWS\system32\wdmaud.drv
2008-04-25 21:59 . 2004-08-04 02:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2008-04-25 21:44 . 2008-04-25 21:44 244 --ah----- C:\sqmnoopt00.sqm
2008-04-25 21:44 . 2008-04-25 21:44 232 --ah----- C:\sqmdata00.sqm
2008-04-25 16:23 . 2008-04-25 16:13 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-04-25 16:23 . 2008-04-25 16:13 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-04-25 15:25 . 2004-08-04 01:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-25 15:25 . 2004-08-04 01:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-25 15:25 . 2001-08-17 16:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-25 15:25 . 2004-08-04 01:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-04-25 15:25 . 2004-08-04 01:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-25 15:25 . 2001-08-17 15:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-25 15:25 . 2004-08-04 01:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-25 14:55 . 2008-04-27 04:34 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-04-25 14:08 . 2004-08-04 02:56 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2008-04-25 14:08 . 2004-08-04 02:56 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2008-04-25 14:08 . 2004-08-04 02:56 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2008-04-25 14:03 . 2004-09-01 17:27 209,280 --a--c--- C:\WINDOWS\system32\dllcache\update.sys
2008-04-25 14:02 . 2005-10-20 17:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-04-25 13:48 . 2008-04-25 13:48 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-25 13:47 . 2008-04-26 17:01 1,027,455 --a------ C:\WINDOWS\setupapi.log.6.old
2008-04-25 13:47 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-25 13:46 . 2004-08-04 02:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-25 13:46 . 2004-08-04 02:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-25 13:46 . 2004-08-04 02:56 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-04-25 13:46 . 2004-08-04 02:56 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-04-25 13:38 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-25 13:38 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-25 13:38 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-25 13:38 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-04-25 13:38 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-04-25 13:38 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-04-25 13:38 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-25 12:54 . 2006-05-08 16:09 614,400 -ra------ C:\WINDOWS\system32\hpxp4370.dll
2008-04-25 12:54 . 2006-05-08 16:04 430,080 -ra------ C:\WINDOWS\system32\hp4370co.dll
2008-04-25 12:54 . 2004-08-04 00:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-25 12:52 . 2004-08-03 14:04 185,624 --a------ C:\WINDOWS\system32\iuengine.dll
2008-04-25 12:52 . 2004-08-03 14:04 185,624 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2008-04-25 12:42 . 2004-08-20 15:50 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2008-04-25 12:42 . 2008-04-25 12:42 4,030 -rahs---- C:\WINDOWS\system32\drivers\HP_DT160A-ABA A465C_YW_Pavi_QMXK407_E41NAheBLU4_4_I P4SD-LA _SASUSTeK Computer INC._VRev 1.xx_B3.20_T040128_WXH1_L409_M504_J164_7Intel_8Pentium 4_93_1104C8023_N10EC8139_P_Z11C1044C_K_A808624D5_U808624D2_G80862572_O_DIN-KCH-.MRK
2008-04-25 12:35 . 2003-10-11 00:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-25 12:32 . 2004-08-04 01:08 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2008-04-25 12:32 . 2004-08-04 00:59 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2008-04-25 12:32 . 2004-08-04 02:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-04-25 12:32 . 2004-08-04 01:07 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2008-04-25 12:32 . 2004-08-04 01:08 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-25 12:32 . 2001-08-17 13:58 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-25 12:32 . 2004-08-04 00:59 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2008-04-25 12:32 . 2004-08-04 01:08 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2008-04-25 12:32 . 2001-08-17 13:51 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2008-04-25 12:31 . 2004-08-04 01:14 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-25 12:31 . 2004-08-04 00:58 24,576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-23 19:21 . 2008-04-23 19:22 61,224 --a------ C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
2008-04-23 09:55 . 2008-04-24 09:27 2,097,152 --a------ C:\EZPHOTO1.TMP
2008-04-13 19:08 . 2008-04-13 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-04-13 18:36 . 2008-04-13 18:36 96,577 --a------ C:\WINDOWS\hpqins16.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 12:17 4,125 ----a-w C:\WINDOWS\viassary-hp.reg
2008-04-27 01:03 --------- d-----w C:\Program Files\HP PhotoSmart
2008-04-27 00:37 --------- d-----w C:\Program Files\Google
2008-04-27 00:19 --------- d-----w C:\Program Files\McAfee
2008-04-26 17:50 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-04-26 16:52 --------- d-----w C:\Program Files\Family Tree Maker 2005
2008-04-26 16:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-04-26 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-26 01:06 --------- d-----w C:\Program Files\MFInstall
2008-04-25 21:13 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-04-25 20:21 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-25 20:19 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-25 20:17 --------- d-----w C:\Program Files\Quicken
2008-04-25 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-24 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-21 13:33 --------- d-----w C:\Program Files\Morpheus
2008-04-10 23:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-04-07 20:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Intuit
2008-03-28 04:39 --------- d-----w C:\Program Files\MATCHMKR
2008-03-13 13:02 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-14 22:03 1,880 ----a-w C:\WINDOWS\AUTOLNCH.REG
2006-09-10 19:42 0 ----a-w C:\Documents and Settings\Administrator\ntsystems.exe
2004-08-18 01:40 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( [email protected]_ 3.25.43.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-01-28 17:44:28 294,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2005-01-28 18:44:28 294,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
- 2005-01-28 17:44:28 164,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2005-01-28 18:44:28 164,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
- 2005-01-28 17:44:28 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2005-01-28 18:44:28 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
- 2005-01-28 17:44:28 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2005-01-28 18:44:28 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
- 2005-01-28 17:44:28 142,336 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2005-01-28 18:44:28 142,336 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
- 2005-01-28 17:44:28 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2005-01-28 18:44:28 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
- 2005-01-28 17:44:28 173,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2005-01-28 18:44:28 173,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
- 2005-01-28 17:44:28 364,784 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2005-01-28 18:44:28 364,784 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
- 2005-01-28 17:44:28 315,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2005-01-28 18:44:28 315,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
- 2005-01-28 17:44:28 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2005-01-28 18:44:28 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
- 2005-01-28 17:44:28 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
+ 2005-01-28 18:44:28 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
- 2005-01-28 17:44:28 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
+ 2005-01-28 18:44:28 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
- 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2005-01-28 18:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
- 2005-01-28 17:44:28 396,528 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2005-01-28 18:44:28 396,528 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
- 2005-01-28 17:44:28 716,288 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2005-01-28 18:44:28 716,288 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
- 2005-01-28 17:44:28 28,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2005-01-28 18:44:28 28,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
- 2005-01-28 17:44:28 33,792 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2005-01-28 18:44:28 33,792 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
- 2005-01-28 17:44:28 335,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2005-01-28 18:44:28 335,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
- 2005-01-28 17:44:28 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2005-01-28 18:44:28 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
- 2005-01-28 17:44:28 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2005-01-28 18:44:28 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
- 2005-01-28 17:44:28 1,027,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2005-01-28 18:44:28 1,027,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
- 2005-01-28 17:44:28 774,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2005-01-28 18:44:28 774,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
- 2005-01-28 17:44:28 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2005-01-28 18:44:28 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
- 2005-01-28 17:44:28 413,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2005-01-28 18:44:28 413,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
- 2005-01-28 17:44:28 940,544 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2005-01-28 18:44:28 940,544 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
- 2005-01-28 17:44:28 1,218,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2005-01-28 18:44:28 1,218,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
- 2005-01-28 17:44:28 1,512,448 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
+ 2005-01-28 18:44:28 1,512,448 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
- 2005-01-28 17:44:28 895,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2005-01-28 18:44:28 895,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
- 2005-01-28 17:44:28 1,003,008 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2005-01-28 18:44:28 1,003,008 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
- 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2005-01-28 18:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
- 2005-01-28 17:44:28 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
+ 2005-01-28 18:44:28 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
- 2005-01-28 17:44:28 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2005-01-28 18:44:28 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
- 2005-01-28 17:44:28 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2005-01-28 18:44:28 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
- 2005-01-28 17:44:28 331,264 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
+ 2005-01-28 18:44:28 331,264 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
- 2005-01-28 17:44:28 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
+ 2005-01-28 18:44:28 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
- 2004-09-22 22:45:36 8,192 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2004-08-04 07:55:59 8,192 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
- 2004-09-22 22:45:52 344,064 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
+ 2004-08-04 07:56:42 368,640 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
- 2004-09-22 22:46:04 819,200 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2004-08-04 07:56:56 774,144 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
- 2004-09-22 22:46:10 192,512 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2004-08-04 07:56:57 208,896 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
- 2004-09-22 22:46:14 189,440 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2004-08-04 07:56:35 168,448 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
- 2006-04-29 10:07:48 5,533,696 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2006-04-24 20:40:00 4,730,880 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
- 2004-09-22 22:46:20 135,168 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-08-04 07:56:46 114,688 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
- 2004-09-22 22:46:20 77,824 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-08-04 07:56:46 98,304 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
- 2004-09-22 22:46:20 282,624 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-08-04 07:56:46 233,472 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
- 2004-09-22 22:46:22 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-08-04 07:56:57 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
- 2004-09-22 22:46:22 3,371,008 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-08-04 07:56:36 2,940,928 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
- 2004-09-22 22:46:24 86,016 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2004-08-04 07:56:46 102,400 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
- 2008-04-27 01:04:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 09:42:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-04 07:56:57 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-11-01 23:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2005-04-22 05:20:24 51,712 ------w C:\WINDOWS\msagent\agentdpv.dll
+ 2005-04-22 05:06:42 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-04 07:55:59 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 02:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 02:47:08 276,992 ------w C:\WINDOWS\system32\audiodev.dll
- 2005-01-28 18:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 02:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2005-01-28 18:44:28 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 02:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2005-04-22 05:20:24 51,712 -c----w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2005-04-22 05:06:42 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2005-01-28 18:44:28 294,912 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 02:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2005-01-28 18:44:28 164,864 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 02:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2005-01-28 18:44:28 502,272 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 02:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2005-01-28 18:44:28 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 02:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2005-01-28 18:44:28 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 01:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2005-01-28 18:44:28 142,336 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 02:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2005-01-28 18:44:28 173,568 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 02:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2005-01-28 18:44:28 364,784 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-10-19 02:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2005-01-28 18:44:28 315,904 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 02:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2005-01-28 18:44:28 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 02:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2005-01-28 18:44:28 396,528 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 02:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2005-01-28 18:44:28 716,288 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 02:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2005-01-28 18:44:28 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-19 02:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2005-01-28 18:44:28 28,160 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 02:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2005-01-28 18:44:28 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 02:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2005-01-28 18:44:28 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 02:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2006-04-24 20:40:00 4,730,880 -c----w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-10-19 02:47:20 10,834,432 -c----w C:\WINDOWS\system32\dllcache\wmp.dll
- 2005-01-28 18:44:28 774,904 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 02:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2005-01-28 18:44:28 2,370,296 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 02:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2005-01-28 18:44:28 895,736 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 02:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 02:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2005-01-28 18:44:28 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 01:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 23:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-29 00:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-19 01:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2005-01-28 18:44:28 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 02:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2005-01-28 18:44:28 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 02:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2005-01-28 18:44:28 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 01:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 02:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-19 02:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 07:56:42 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 02:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 07:56:42 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 02:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 07:56:42 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 20:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2005-01-28 18:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 02:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2005-01-28 18:44:28 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 02:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2005-01-28 18:44:28 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 02:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2005-01-28 18:44:28 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-10-19 02:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
- 2005-01-28 18:44:28 315,904 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 02:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-19 02:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 02:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 02:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 02:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 02:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2005-01-28 18:44:28 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 02:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2008-03-20 19:41:20 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 22:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-01-28 18:44:28 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 02:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2005-01-28 18:44:28 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 02:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2005-01-28 18:44:28 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 02:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2005-01-28 18:44:28 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 02:47:18 757,248 ----a-w C:\WINDOWS\system32\wmadmod.dll
- 2005-01-28 18:44:28 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 02:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2005-01-28 18:44:28 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-19 02:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2005-01-28 18:44:28 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 02:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2005-01-28 18:44:28 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 02:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2005-01-28 18:44:28 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 02:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2005-01-28 18:44:28 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 02:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 02:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-04 07:56:35 168,448 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 02:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2005-01-28 18:44:28 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 02:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2005-01-28 18:44:28 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 02:47:20 937,984 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
- 2006-04-24 20:40:00 4,730,880 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-10-19 02:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-04 07:56:46 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 02:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-04 07:56:46 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 02:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 02:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2006-10-19 02:47:20 1,661,440 ------w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-04 07:56:36 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 02:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 02:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 02:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-04 07:56:46 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 02:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 02:47:20 204,288 ------w C:\WINDOWS\system32\wmpsrcwp.dll
- 2005-01-28 18:44:28 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2005-01-28 18:44:28 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2005-01-28 18:44:28 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 02:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2005-01-28 18:44:28 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 02:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2005-01-28 18:44:28 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2005-01-28 18:44:28 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2005-01-28 18:44:28 2,370,296 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 02:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 02:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2005-01-28 18:44:28 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2005-01-28 18:44:28 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 02:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 02:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 02:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 02:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2005-01-28 18:44:28 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 02:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2005-01-28 18:44:28 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 02:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2005-01-28 18:44:28 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 02:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2005-01-28 18:44:28 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 02:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 02:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 01:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 02:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 02:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2005-01-28 18:44:28 331,264 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 02:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-29 01:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 23:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 23:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 23:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 23:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
- 2005-05-17 00:43:39 7,168 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2005-05-17 00:25:35 15,360 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll" [2003-08-19 04:56 852038 C:\WINDOWS\system32\nview.dll]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 21:37 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-26 19:37 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51 118784]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 09:23 90112]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 23:58 151597]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 21:19 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 20:11 139264]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 18:37 53248]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-09 01:12:44 113664]
Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-10-11 00:13:48 28672]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52 557056]
WkCalRem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-06-20 13:21:32 24651]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-21 18:46:17 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40 233472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 22:15:54 65588]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-11 00:26:40 16384]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-10 15:28:30 106560]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 14:29:20 54512]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 01:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (YOUR-FSYLY0JTWN-Owner).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-04-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-04-01 05:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-04-25 05:51:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 11:18:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 11:21:37
ComboFix-quarantined-files.txt 2008-04-27 16:21:01

Pre-Run: 81,953,087,488 bytes free
Post-Run: 81,954,586,624 bytes free

470 --- E O F --- 2008-04-27 08:10:29

There is no specific error message. . .it's just like all of the peripherals don't exist: No speakers, no printer. . .but most importantly no security: it won't let me install McAfee; it's like the program doesn't exist. They do look like legit error messages because in going to control panel they're not there.
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you run combofix twice there? Any reason why?

Have you tried using system restore to see if it helps? Not sure if it's malware causing this problem...

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\viassary-hp.reg
C:\Documents and Settings\Administrator\ntsystems.exe

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#5
cooljazz

cooljazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I didn't run it twice; the file printed as run.

I tried doing a system restore, but no results.

there are several examples of failed programs. . .here's the scenario for windows live messenger:
when I try to open it the message says: This application has failed to start because sirenacm.dll was not found. Reinstalling the application may fix this problem.

When I send the error report to Microsoft it says to install Windows XP Service pack 2, which I have done once before.

The soundcard I use is a soundblaster (Soundblaster live 24 bit external) It says that the device hasn't passed Windows logo testing. In the control panel it says that the device is not configured properly (Code 1), and that I need to reinstall the driver. When I do that the installation fails because the driver a3d.dll cannot be copied. I tried running the program 'Driver detector' since so many drivers seem to be missing, but it wouldn't let me install the program. it gives "Error 1001. Could not load file or assembly 'sortbls.nlp' or one of its dependencies. The system cannot find the file specified. --> Failure has occurred while loading a type"

ComboFix 08-04-27.2 - Owner 2008-04-28 4:45:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.144 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Administrator\ntsystems.exe
C:\WINDOWS\viassary-hp.reg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\ntsystems.exe
C:\Documents and Settings\All Users\Application Data\Starware343
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\7DDKPC99\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Program Files\Starware343
C:\Program Files\Starware343\icons\star_16.ico
C:\WINDOWS\system32\iAlmcoin.dll
C:\WINDOWS\viassary-hp.reg
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-28 04:36 . 2008-04-28 04:36 244 --ah----- C:\sqmnoopt03.sqm
2008-04-28 04:36 . 2008-04-28 04:36 232 --ah----- C:\sqmdata03.sqm
2008-04-28 02:43 . 2008-04-28 02:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-04-28 02:43 . 2008-04-28 02:43 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-28 02:41 . 2008-04-28 02:41 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-28 02:41 . 2008-04-28 03:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-04-28 02:34 . 2008-04-28 02:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-04-28 02:25 . 2008-04-28 03:30 122 --a------ C:\WINDOWS\REDEMUNINS.INI
2008-04-28 02:19 . 2002-12-12 01:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-28 01:58 . 2008-04-28 01:58 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-04-28 01:58 . 2008-04-28 01:58 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-28 01:58 . 2008-04-28 01:58 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2008-04-28 01:57 . 2008-04-28 01:57 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-28 01:57 . 2008-04-28 01:57 <DIR> d-------- C:\Program Files\Microsoft Money
2008-04-28 01:27 . 2008-04-28 01:34 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2008-04-28 01:26 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-28 01:26 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-28 01:26 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-28 01:26 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-04-28 01:26 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-04-28 01:26 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-04-28 01:26 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-28 01:23 . 2008-04-28 01:23 2,568 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-04-28 01:16 . 2008-04-28 01:35 <DIR> d-------- C:\Program Files\Symantec
2008-04-28 00:24 . 2008-04-28 01:49 <DIR> d-------- C:\RECYCLER(2)
2008-04-27 17:39 . 2008-04-28 01:50 <DIR> d-------- C:\Program Files\Autopoll Application
2008-04-27 16:59 . 2008-04-28 01:50 <DIR> d-------- C:\0381e6b25301d1aa337e46b7
2008-04-27 03:30 . 2008-04-28 01:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-26 15:02 . 2008-04-26 19:03 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-26 07:44 . 2002-04-15 20:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-04-26 07:44 . 2004-08-02 13:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-26 07:44 . 2004-08-02 13:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-26 07:43 . 2004-08-03 23:59 423,936 --------- C:\WINDOWS\system32\html.iec
2008-04-26 07:43 . 2004-07-17 12:36 64,352 --------- C:\WINDOWS\system32\drivers\ativmc20.cod
2008-04-26 07:43 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\004661_.tmp
2008-04-26 07:35 . 2007-07-30 18:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-25 22:43 . 2008-04-28 01:53 <DIR> d-------- C:\Program Files\MSN Messenger
2008-04-25 22:37 . 2008-04-25 22:37 244 --ah----- C:\sqmnoopt02.sqm
2008-04-25 22:37 . 2008-04-25 22:37 232 --ah----- C:\sqmdata02.sqm
2008-04-25 22:26 . 2008-04-25 22:26 244 --ah----- C:\sqmnoopt01.sqm
2008-04-25 22:26 . 2008-04-25 22:26 232 --ah----- C:\sqmdata01.sqm
2008-04-25 21:05 . 2004-03-29 19:48 253,440 --a------ C:\WINDOWS\system32\h323(3).tsp
2008-04-25 20:44 . 2008-04-25 20:44 244 --ah----- C:\sqmnoopt00.sqm
2008-04-25 20:44 . 2008-04-25 20:44 232 --ah----- C:\sqmdata00.sqm
2008-04-25 16:03 . 2008-04-25 16:03 0 --a------ C:\t3lk.cs
2008-04-25 15:25 . 2004-07-09 03:27 381,952 --a------ C:\WINDOWS\system32\dsound(2).dll
2008-04-25 15:25 . 2004-07-09 03:27 292,864 --a------ C:\WINDOWS\system32\ddraw(2).dll
2008-04-25 14:25 . 2002-08-29 03:01 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-04-25 14:25 . 2002-08-29 02:32 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-25 14:25 . 2002-08-29 03:01 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-25 14:25 . 2002-08-29 02:33 55,680 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-25 14:25 . 2001-08-17 15:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-25 14:25 . 2001-08-17 14:59 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-25 14:25 . 2002-08-29 02:32 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-25 14:25 . 2001-08-17 14:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-25 14:25 . 2002-08-29 02:32 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-25 13:55 . 2008-04-28 01:58 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-04-25 13:08 . 2008-04-25 13:08 172,544 --a------ C:\WINDOWS\system32\schedsvc(3).dll
2008-04-25 13:02 . 2005-10-20 16:33 991,232 --a------ C:\WINDOWS\system32\esent(4).dll
2008-04-25 13:02 . 2005-10-20 16:33 991,232 --a------ C:\WINDOWS\system32\esent(3).dll
2008-04-25 12:46 . 2004-07-01 16:08 331,776 --a------ C:\WINDOWS\system32\winhttp(3).dll
2008-04-25 12:46 . 2004-07-01 16:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy(3).dll
2008-04-25 11:56 . 2002-08-29 01:01 134,272 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-04-25 11:56 . 2002-08-29 00:32 57,856 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-04-25 11:54 . 2006-05-08 15:09 614,400 -ra------ C:\WINDOWS\system32\hpxp4370.dll
2008-04-25 11:54 . 2006-05-08 15:04 430,080 -ra------ C:\WINDOWS\system32\hp4370co.dll
2008-04-25 11:54 . 2002-08-29 00:48 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-25 11:54 . 2002-08-29 00:48 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-25 11:42 . 2003-04-07 08:05 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2008-04-25 11:42 . 2008-04-25 11:42 4,030 -rahs---- C:\WINDOWS\system32\drivers\HP_DT160A-ABA A465C_YW_Pavi_QMXK407_E41NAheBLU4_4_I P4SD-LA _SASUSTeK Computer INC._VRev 1.xx_B3.20_T040128_WXH1_L409_M504_J164_7Intel_8Pentium 4_93_1104C8023_N10EC8139_P_Z11C1044C_K_A808624D5_U808624D2_G80862572_O_DIN-KCH-.MRK
2008-04-25 11:35 . 2003-10-10 23:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-25 11:32 . 2002-08-29 00:32 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2008-04-25 11:32 . 2002-10-24 14:59 87,040 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2008-04-25 11:32 . 2001-08-17 21:36 67,072 --a------ C:\WINDOWS\system32\usbui.dll
2008-04-25 11:32 . 2002-08-29 00:09 62,976 --a------ C:\WINDOWS\system32\drivers\pci.sys
2008-04-25 11:32 . 2002-08-29 00:32 51,968 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-25 11:32 . 2001-08-17 12:58 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-25 11:32 . 2002-08-29 00:27 23,680 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2008-04-25 11:32 . 2002-08-29 00:32 19,328 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2008-04-25 11:32 . 2001-08-17 12:51 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2008-04-25 11:31 . 2002-08-29 01:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-25 11:31 . 2002-08-29 00:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-23 18:21 . 2008-04-23 18:22 61,224 --a------ C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
2008-04-23 08:55 . 2008-04-24 08:27 2,097,152 --a------ C:\EZPHOTO1.TMP
2008-04-13 18:08 . 2008-04-13 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-04-13 17:36 . 2008-04-13 17:36 96,577 --a------ C:\WINDOWS\hpqins16.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 07:58 --------- d-----w C:\Program Files\Quicken
2008-04-28 07:58 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-28 07:57 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-28 07:55 --------- d-----w C:\Program Files\MFInstall
2008-04-28 07:53 --------- d-----w C:\Program Files\McAfee
2008-04-28 07:53 --------- d-----w C:\Program Files\HP PhotoSmart
2008-04-28 07:53 --------- d-----w C:\Program Files\Family Tree Maker 2005
2008-04-28 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-28 07:51 --------- d-----w C:\Program Files\Google
2008-04-28 07:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 07:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-26 16:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-04-25 18:33 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-04-24 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-21 13:33 --------- d-----w C:\Program Files\Morpheus
2008-04-10 23:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-04-07 20:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Intuit
2008-03-28 04:39 --------- d-----w C:\Program Files\MATCHMKR
2008-03-13 13:02 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-14 22:03 1,880 ----a-w C:\WINDOWS\AUTOLNCH.REG
2004-08-18 01:40 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 20:37 1481968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 23:08 1511453]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07 114688]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 08:23 90112]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:55 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 22:58 151597]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 20:19 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"VTTimer"="VTTimer.exe" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 01:59 70816]
"NAV CfgWiz"="c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 19:24 124096]
"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 14:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 19:11 139264]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 17:37 53248]
"Redemption"="\redemption.exe" [ ]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-09 00:12:44 113664]
Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-10-10 23:13:48 28672]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-13 23:24:52 557056]
WkCalRem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-06-20 12:21:32 24651]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-21 17:46:17 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 09:20:40 233472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 21:15:54 65588]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-10 23:26:40 16384]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-10 14:28:30 106560]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 13:29:20 54512]


*Newly Created Service* - CATCHME
*Newly Created Service* - UDFS
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 01:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (YOUR-FSYLY0JTWN-Owner).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-04-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-04-01 05:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-04-25 05:51:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 04:49:25
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-04-28 4:51:52
ComboFix-quarantined-files.txt 2008-04-28 10:50:49
ComboFix2.txt 2008-04-27 16:21:38

Pre-Run: 90,653,233,152 bytes free
Post-Run: 90,766,405,632 bytes free

205


I hope that gives you more information. Thanks! :)
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you remember making any changes to your computer before this happened? It could be anything, even if it's a simple software installation. I don't see much here....

Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD. Otherwise, it will auto-close after it's done.

Any ideas what these are for?

C:\Program Files\Autopoll Application
C:\WINDOWS\AUTOLNCH.REG


Do NOT run them if you are unsure. Delete them instead....uninstall the Autopoll Application first and see if the folder is still there. If so, then delete it.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\REDEMUNINS.INI
C:\WINDOWS\004661_.tmp
C:\EZPHOTO1.TMP
Folder::
C:\0381e6b25301d1aa337e46b7

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#7
cooljazz

cooljazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The autopoll/autolaunch is the software for my external hard drive, just in case I have to do a purge, wipe, and reload :)

The last program I remember running before all of the chaos was Yahoo Music. I don't know what happened after that. I have installed a lot of different programs lately to try and fix this thing. The thing is when I reinstall programs that don't work they don't reinstall correctly. I've looked at the program package in the program file and a number of the folders are empty. I ran the sfc /scannow and nothing was wrong. I did do an install of .NET framework 3.5 and I noticed that ver 1.1, 2.0, 3.0, and 3.5 were still installed. Since the files don't seem to be there I was thinking a FAT32 or Win32 issue, but not sure how to check it. Even when I reinstalled the soundcard the progam is there but the system still doesn't recognize the soundcard. In the sound and audio properties under the hardware tab I clicked the soundcard and opened properties and is says that the driver is enabled but not functioning properly. Anything else you need let me know.


BTW it won't let me post the Combofix log; it says that it's too big. I'll try to post it by itself
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You can attach the log here instead.
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP