ComboFix 09-11-15.01 - Olivia yo 11/14/2009 14:00..2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2407 [GMT -8:00]
Running from: c:\documents and settings\Olivia yo\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1351 [VPS 091114-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Olivia yo\Local Settings\Application Data\ejlrye
c:\documents and settings\Olivia yo\Local Settings\Application Data\ejlrye\mmhtsysguard.exe
c:\windows\cdmxtras
c:\windows\kb913800.exe
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\fivuriji.dll
c:\windows\system32\UACknemjqfmumswaar.db
c:\windows\system32\UACnrkkikqddottkjl.log
c:\windows\system32\witukezo.dll
c:\windows\VPro610.exe
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UACD.SYS
((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.
2009-11-14 22:07 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\proquota.exe
2009-11-14 22:07 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-09 07:27 . 2009-11-09 07:27 -------- dc----w- c:\program files\Trend Micro
2009-11-09 06:00 . 2009-11-14 22:09 132 -c--a-w- c:\windows\system32\rezumatenoi.dat
2009-11-09 05:53 . 2009-09-24 16:55 229304 -c--a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-09 05:53 . 2009-10-07 00:31 87784 -c--a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-09 05:53 . 2009-09-24 00:10 207280 -c--a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-09 05:52 . 2009-09-03 17:45 70408 -c--a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-09 05:52 . 2009-11-09 05:58 -------- dc----w- c:\program files\Common Files\PC Tools
2009-11-09 05:52 . 2009-11-10 20:18 -------- dc----w- c:\program files\Spyware Doctor
2009-11-09 05:52 . 2009-11-09 05:52 -------- dc----w- c:\documents and settings\Olivia yo\Application Data\PC Tools
2009-11-09 05:52 . 2009-11-09 05:52 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-09 05:50 . 2009-11-10 20:18 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-08 22:24 . 2009-11-08 22:24 4 -c--a-w- c:\windows\system32\aspdict-en.dat
2009-11-08 22:24 . 2009-11-08 22:24 16 -c--a-w- c:\windows\system32\asdict.dat
2009-11-08 22:24 . 2009-11-08 22:24 0 -c--a-w- C:\pcwords2.dat
2009-11-08 22:24 . 2009-11-08 22:24 0 -c--a-w- C:\pcwords.dat
2009-11-08 22:01 . 2009-11-08 22:01 -------- dc----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-11-08 22:01 . 2009-11-08 22:01 -------- dc----w- c:\documents and settings\Olivia yo\Application Data\The Shield Deluxe
2009-11-08 22:00 . 2009-11-08 22:00 -------- dc----w- c:\program files\Common Files\The Shield Deluxe
2009-11-08 22:00 . 2009-11-08 22:00 -------- dc----w- c:\program files\The Shield Deluxe
2009-11-08 22:00 . 2009-11-08 22:00 -------- dc----w- c:\documents and settings\All Users\Application Data\The Shield Deluxe
2009-11-08 21:59 . 2009-11-08 21:59 -------- dc----w- c:\program files\Common Files\BitDefender
2009-11-08 21:38 . 2009-11-09 22:18 -------- dc----w- c:\documents and settings\Olivia yo\Malwarebytes' helper
2009-11-08 21:36 . 2009-11-08 21:36 -------- dc----w- c:\documents and settings\Olivia yo\Malwarebytes' Anti-Malware
2009-11-03 22:08 . 2009-11-03 22:08 -------- dc----w- c:\program files\Fake Perfect World Xtreme
2009-11-03 04:59 . 2009-11-03 04:59 162304 -c--a-w- c:\documents and settings\Olivia yo\unrar.dll
2009-11-02 21:47 . 2009-11-04 07:45 -------- dc----w- c:\documents and settings\Olivia yo\Tracing
2009-11-02 21:45 . 2009-11-02 21:45 -------- dc----w- c:\program files\Microsoft
2009-11-02 21:45 . 2009-11-02 21:45 -------- dc----w- c:\program files\Windows Live SkyDrive
2009-11-02 21:38 . 2009-11-02 21:38 -------- dc----w- c:\program files\Common Files\Windows Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 22:11 . 2008-09-04 06:24 -------- dc----w- c:\documents and settings\Olivia yo\Application Data\WTablet
2009-11-14 22:11 . 2008-09-27 22:11 -------- dc----w- c:\documents and settings\LocalService\Application Data\WTablet
2009-11-09 05:12 . 2009-06-11 22:15 2967799 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-08 23:26 . 2009-04-17 19:44 -------- dc----w- c:\program files\AV Vcs 7.0 DIAMOND
2009-11-08 21:32 . 2009-06-11 22:14 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 16:50 . 2007-10-07 07:00 -------- dc----w- c:\documents and settings\Olivia yo\Application Data\Skype
2009-11-02 21:47 . 2006-07-01 22:25 76568 -c--a-w- c:\documents and settings\Olivia yo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-02 21:44 . 2008-02-27 06:45 -------- dc----w- c:\program files\Windows Live
2009-10-17 09:20 . 2006-06-16 21:14 -------- dc----w- c:\program files\Microsoft Works
2009-10-11 23:23 . 2006-06-22 16:12 8884 -c--a-w- c:\documents and settings\Olivia yo\Application Data\wklnhst.dat
2009-10-06 02:10 . 2006-12-25 17:12 -------- dc----w- c:\documents and settings\Olivia yo\Application Data\U3
2009-09-18 00:12 . 2009-09-18 00:12 152328 -c--a-w- c:\windows\system32\drivers\bdfm.sys
2009-09-18 00:11 . 2009-09-18 00:11 105736 -c--a-w- c:\windows\system32\drivers\bdhv.sys
2009-09-16 11:20 . 2009-11-09 05:53 7383 -c--a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-11 14:18 . 2005-08-16 09:18 136192 -c--a-w- c:\windows\system32\msv1_0.dll
2009-09-10 22:54 . 2009-06-11 22:14 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 22:53 . 2009-06-11 22:14 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2005-08-16 09:18 58880 -c--a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2005-08-16 09:18 832512 -c--a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2005-08-16 09:18 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2005-08-16 09:18 17408 -c--a-w- c:\windows\system32\corpol.dll
2009-08-27 20:38 . 2009-08-27 20:38 1962544 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-26 08:00 . 2005-08-16 09:19 247326 -c--a-w- c:\windows\system32\strmdll.dll
2009-08-20 22:09 . 2009-08-20 22:09 1193832 -c--a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:10 . 2008-09-06 21:06 1279456 -c--a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-09-06 21:07 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-09-06 21:07 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-09-06 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-09-06 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-09-06 21:07 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-09-06 21:07 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-09-06 21:07 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-09-06 21:07 97480 ----a-w- c:\windows\system32\AvastSS.scr
2007-05-17 13:27 . 2007-05-17 13:27 594880 -c--a-w- c:\program files\kazaa_setup.exe
2009-08-10 12:08 . 2009-08-10 12:08 3 -csha-w- c:\windows\system32\domafewe.dll
2009-08-10 12:30 . 2009-08-10 12:30 3 -csha-w- c:\windows\system32\fazotapa.dll
2009-08-09 22:42 . 2009-08-09 22:42 3 -csha-w- c:\windows\system32\fohiyute.dll
2009-08-10 12:53 . 2009-08-10 12:53 3 -csha-w- c:\windows\system32\golosufu.dll
2009-08-10 12:30 . 2009-08-10 12:30 3 -csha-w- c:\windows\system32\haheboye.dll
2009-08-09 23:08 . 2009-08-09 23:08 3 -csha-w- c:\windows\system32\hihatofo.dll
2009-08-10 12:30 . 2009-08-10 12:30 3 -csha-w- c:\windows\system32\hirumeya.dll
2009-08-10 13:15 . 2009-08-10 13:15 3 -csha-w- c:\windows\system32\janeguwo.dll
2009-08-09 22:42 . 2009-08-09 22:42 3 -csha-w- c:\windows\system32\lazimiki.dll
2009-08-10 13:15 . 2009-08-10 13:15 3 -csha-w- c:\windows\system32\lokoyovi.dll
2009-08-10 13:15 . 2009-08-10 13:15 3 -csha-w- c:\windows\system32\lurivite.dll
2009-08-10 00:02 . 2009-08-10 00:02 3 -csha-w- c:\windows\system32\rizibuki.dll
2009-08-10 12:08 . 2009-08-10 12:08 3 -csha-w- c:\windows\system32\sabiyogi.dll
2009-08-09 23:08 . 2009-08-09 23:08 3 -csha-w- c:\windows\system32\sumovena.dll
2009-08-09 23:34 . 2009-08-09 23:34 3 -csha-w- c:\windows\system32\tajelavo.dll
2009-08-10 12:53 . 2009-08-10 12:53 3 -csha-w- c:\windows\system32\tufamovo.dll
2009-08-09 23:08 . 2009-08-09 23:08 3 -csha-w- c:\windows\system32\vagazodi.dll
2009-08-10 00:02 . 2009-08-10 00:02 3 -csha-w- c:\windows\system32\vanuvera.dll
2009-08-10 12:53 . 2009-08-10 12:53 3 -csha-w- c:\windows\system32\yogagove.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-11-13 1052672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"BitDefender Antiphishing Helper"="c:\program files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe" [2009-09-14 71152]
"BDAgent"="c:\program files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe" [2009-09-24 1114536]
"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Olivia yo\Malwarebytes' helper\mbam.exe" [2009-09-10 1312080]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ANYCOM\Bluetooth-USB\BTTray.exe [2008-4-14 596584]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-16 24576]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-11-13 271640]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\Wacom_Tablet.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"15597:TCP"= 15597:TCP:BitComet 15597 TCP
"15597:UDP"= 15597:UDP:BitComet 15597 UDP
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/8/2009 9:53 PM 207280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/6/2008 1:07 PM 114768]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/10/2007 11:45 PM 124832]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/6/2008 1:07 PM 20560]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [12/13/2007 11:07 AM 18944]
R2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [9/3/2008 10:22 PM 1373480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/5/2007 10:41 AM 24652]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [9/17/2009 4:12 PM 152328]
S3 Arrakis3;The Shield Deluxe Arrakis Server;c:\program files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe [9/13/2009 11:31 PM 183880]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/8/2009 9:52 PM 358600]
S3 USBCamera;Mega Camera Still Image Capture, Version 1.00;c:\windows\system32\Drivers\Bulk504.sys --> c:\windows\system32\Drivers\Bulk504.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
2009-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 20:42]
2009-11-08 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2007-12-13 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.facebook.com/uInternet Connection Wizard,ShellNext = iexplore
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Send to &Bluetooth Device... - c:\program files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} -
hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Corel Painter Essentials 21a - c:\program files\Corel\Corel Painter Essentials 2\registration.exe
SharedTaskScheduler-{202e4229-20e2-4d61-89de-a82deb385ddf} - c:\windows\system32\sowemame.dll
SSODL-ziyopezir-{202e4229-20e2-4d61-89de-a82deb385ddf} - c:\windows\system32\sowemame.dll
AddRemove-Fake Perfect World Full Client 3.9.5 - c:\program files\Fake Perfect World\Uninstall.exe
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-14 14:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-890585496-2387925784-1018619401-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4940)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\windows\ehome\RMSvc.exe
c:\program files\SafeConnect\scManager.sys
c:\windows\system32\wdfmgr.exe
c:\program files\Windows Media Connect 2\wmccds.exe
c:\windows\ehome\McrdSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-11-14 14:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-14 22:27
Pre-Run: 18,242,674,688 bytes free
Post-Run: 20,929,863,680 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - DA0FCD617FAEE0DE62BD030280F08F04