Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log Please Help!


  • This topic is locked This topic is locked
11 replies to this topic

#1 matrixred123

matrixred123

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 19 March 2009 - 03:10 AM

This virus/hijack locked me out of all administrative functions, has crashed my browsers (both IE and firefox), and set my desktop to a blank IE page. Someone please let me know which ones I need to delete. I sincerely appreciate your help!

- Red


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:33 AM, on 3/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {c5bf40a2-94f3-42bd-f434-1604812c8955} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ufseagnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [tkbellexe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [qzubonaduqiruh] rundll32.exe "C:\WINDOWS\unisumocare.dll",e
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [pcmservice] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iaanotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [google desktop search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dell aio printer a920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [atipta] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209691040468
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (WebEyeControl) - http://www.mikethetiger.com/cam/wg_webeye.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://atlas.lsu.edu/acgm/acgm.cab
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: wvUNfcaA - C:\WINDOWS\
O22 - SharedTaskScheduler: klj3r93iorkemnfaja93riemef - {C5BF40A2-94F3-42BD-F434-1604812C8955} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7731 bytes

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 19 March 2009 - 07:12 PM

Hi matrixred123,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 20 March 2009 - 02:04 PM

Hi matrixred123,

There are some unwanted guests in the log.

Firstly, please...

Posted Image

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker and then double click dds.scr to run the tool.

When done, DDS will open two logs:
  • DDS.txt
  • Attach.txt
Save both reports to your desktop first and then copy & paste them into your next reply.


Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please post all four logs in your next reply.

Thanks. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 matrixred123

matrixred123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 20 March 2009 - 08:46 PM

Hi m0le.

Here are the txt files (cut and pasted) that you wanted.

Thanks for your help!


DDS (Ver_09-03-16.01) - NTFSx86
Run by Bryan Landry at 18:33:11.20 on Fri 03/20/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.72 [GMT -7:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bryan Landry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com
{c5bf40a2-94f3-42bd-f434-1604812c8955}
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ufseagnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [sunjavaupdatesched] c:\program files\java\jre1.5.0_04\bin\jusched.exe
mRun: [qzubonaduqiruh] rundll32.exe "c:\windows\unisumocare.dll",e
mRun: [quicktime task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [pcmservice] "c:\program files\dell\media experience\PCMService.exe"
mRun: [ituneshelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iaanotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [google desktop search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dell aio printer a920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [atipta] c:\program files\ati technologies\ati control panel\atiptaxx.exe
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209691040468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: crypt - crypts.dll
Notify: wvUNfcaA -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {c5bf40a2-94f3-42bd-f434-1604812c8955}: klj3r93iorkemnfaja93riemef
LSA: Authentication Packages = msv1_0 c:\windows\system32\efcDWNhe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bryanl~1\applic~1\mozilla\firefox\profiles\duiqztl3.default\
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\bryan landry\application data\mozilla\firefox\profiles\duiqztl3.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: XUL Cache: {617B0D4A-371E-4EBC-ABB3-03C86899FD4C} - c:\documents and settings\bryan landry\local settings\application data\{617B0D4A-371E-4EBC-ABB3-03C86899FD4C}

============= SERVICES / DRIVERS ===============

R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2004-12-13 53760]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-10-20 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2008-10-20 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-7-30 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-10-20 677128]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-7-30 335376]
S2 EjupwoYvkz;EjupwoYvkz;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-16 30192]
S3 musbehco;musbehco;\??\c:\docume~1\bryanl~1\locals~1\temp\musbehco.sys --> c:\docume~1\bryanl~1\locals~1\temp\musbehco.sys [?]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2008-10-20 30080]

=============== Created Last 30 ================

2009-03-17 22:02 99,816 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-15 20:57 16,384 a---h--- c:\windows\DCEBoot.exe
2009-03-15 20:51 5,849 a------- c:\windows\system32\win32hlp.cnf
2009-03-15 20:25 683 a---h--- c:\windows\WIN.INI
2009-03-15 20:25 435 a---h--- c:\windows\SYSTEM.INI
2009-03-15 19:16 2,206 a------- c:\windows\system32\wpa.dbl
2009-03-15 09:35 132,096 a---h--- c:\windows\unisumocare.dll
2009-03-15 09:25 5,835 a------- c:\windows\system32\ntdll64.exe
2009-03-15 09:24 5,821 a------- c:\windows\system32\ahtn.htm
2009-03-15 09:24 4,785 a------- c:\windows\system32\warning.gif
2009-03-15 09:23 114,158 a------- c:\windows\system32\drivers\c33955.sys
2009-03-15 09:23 104,960 a------- c:\windows\system32\dllcache\userinit.exe
2009-03-14 21:23 5,941 a------- c:\windows\system32\qjeihdxx.dll
2009-03-14 05:57 1,912,642 a--sh--- c:\windows\system32\qdoxlwjl.ini
2009-03-14 05:54 129,024 a------- c:\windows\system32\vutumo.dll
2009-03-14 05:54 129,024 a------- c:\windows\system32\destthfi.dll
2009-03-13 17:57 129,024 a------- c:\windows\system32\cdlven.dll
2009-03-13 17:57 129,024 a------- c:\windows\system32\gbvoxlnw.dll
2009-03-13 17:54 1,912,642 a--sh--- c:\windows\system32\rcqgffwp.ini
2009-03-13 05:57 1,911,778 a--sh--- c:\windows\system32\ftnecwst.ini
2009-03-12 17:57 1,807,293 a--sh--- c:\windows\system32\emnakdpo.ini
2009-03-12 05:55 1,807,280 a--sh--- c:\windows\system32\pkpcchjw.ini
2009-03-11 17:54 5,941 a------- c:\windows\system32\juomkwgo.dll
2009-03-11 17:52 5,943 a------- c:\windows\system32\swnxukgo.dll
2009-03-11 03:28 5,941 a------- c:\windows\system32\hftkevap.dll
2009-03-11 03:25 5,943 a------- c:\windows\system32\pjciivwn.dll
2009-03-10 15:28 5,943 a------- c:\windows\system32\kdwqbxxp.dll
2009-03-10 15:25 5,941 a------- c:\windows\system32\mvbglpjr.dll
2009-03-09 20:40 5,941 a------- c:\windows\system32\tlbgeaht.dll
2009-03-09 20:37 5,943 a------- c:\windows\system32\kqogsbmb.dll
2009-03-08 21:25 5,941 a------- c:\windows\system32\nubjmjsn.dll
2009-03-08 21:22 5,943 a------- c:\windows\system32\pernpakt.dll
2009-03-08 09:23 5,941 a------- c:\windows\system32\pwfjwfvp.dll
2009-03-08 09:20 5,943 a------- c:\windows\system32\dhrlbxhg.dll
2009-03-07 21:23 5,941 a------- c:\windows\system32\mnendopg.dll
2009-03-07 21:21 5,943 a------- c:\windows\system32\iybfywqd.dll
2009-03-07 09:24 5,941 a------- c:\windows\system32\uaointuy.dll
2009-03-07 09:21 5,943 a------- c:\windows\system32\jdsbvuuf.dll
2009-03-06 21:24 5,941 a------- c:\windows\system32\wvjtjaqi.dll
2009-03-06 21:21 5,943 a------- c:\windows\system32\orourfrj.dll
2009-03-06 09:22 5,941 a------- c:\windows\system32\vsnimfrd.dll
2009-03-06 09:19 5,943 a------- c:\windows\system32\vmmtcdtr.dll
2009-03-05 21:22 5,941 a------- c:\windows\system32\xdvxojhl.dll
2009-03-05 21:19 5,943 a------- c:\windows\system32\ucudaaor.dll
2009-03-05 04:00 5,941 a------- c:\windows\system32\veanhedc.dll
2009-03-05 03:57 5,943 a------- c:\windows\system32\ygmnkeld.dll
2009-03-04 13:29 5,941 a------- c:\windows\system32\hqgiylef.dll
2009-03-04 13:27 5,943 a------- c:\windows\system32\ndajoftr.dll
2009-03-03 19:14 5,943 a------- c:\windows\system32\tdevcxqk.dll
2009-03-03 19:11 5,941 a------- c:\windows\system32\tvtliyos.dll
2009-03-03 07:14 5,943 a------- c:\windows\system32\wogpnmny.dll
2009-03-03 07:11 5,941 a------- c:\windows\system32\fdtwfwpy.dll
2009-03-02 19:14 5,941 a------- c:\windows\system32\dxmhwxaj.dll
2009-03-02 19:11 5,943 a------- c:\windows\system32\oephivqq.dll
2009-03-01 22:22 5,941 a------- c:\windows\system32\pvuderph.dll
2009-03-01 22:19 5,943 a------- c:\windows\system32\eoxwqjmj.dll
2009-03-01 10:22 5,941 a------- c:\windows\system32\xbktkdgs.dll
2009-03-01 10:19 5,943 a------- c:\windows\system32\tmprdgvy.dll
2009-02-28 22:19 5,943 a------- c:\windows\system32\owdatfjn.dll
2009-02-28 22:17 5,941 a------- c:\windows\system32\myspplxd.dll
2009-02-28 05:14 5,943 a------- c:\windows\system32\gyiujvly.dll
2009-02-28 05:11 5,941 a------- c:\windows\system32\vmvrqgnc.dll
2009-02-27 17:14 5,943 a------- c:\windows\system32\smrfiikr.dll
2009-02-27 17:11 5,941 a------- c:\windows\system32\rlfdnmlo.dll
2009-02-27 05:13 5,941 a------- c:\windows\system32\optdjijg.dll
2009-02-27 05:10 5,943 a------- c:\windows\system32\dltsagcm.dll
2009-02-26 17:13 5,943 a------- c:\windows\system32\ojcikpca.dll
2009-02-26 17:10 5,941 a------- c:\windows\system32\bcaqdrko.dll
2009-02-26 01:21 5,941 a------- c:\windows\system32\mrpcpkla.dll
2009-02-26 01:18 5,943 a------- c:\windows\system32\leiirkmj.dll
2009-02-25 13:18 5,943 a------- c:\windows\system32\ngarvhok.dll
2009-02-25 13:15 5,941 a------- c:\windows\system32\oxvtjckv.dll
2009-02-24 20:56 5,941 a------- c:\windows\system32\yewnpgap.dll
2009-02-24 20:54 5,943 a------- c:\windows\system32\ndmsrwkg.dll
2009-02-24 06:26 5,943 a------- c:\windows\system32\kohxdcim.dll
2009-02-24 06:23 5,941 a------- c:\windows\system32\yvadtkjp.dll
2009-02-23 18:23 5,943 a------- c:\windows\system32\mtlupylt.dll
2009-02-23 18:21 5,944 a------- c:\windows\system32\jmqjeyaf.dll
2009-02-22 21:06 5,943 a------- c:\windows\system32\sqnidycl.dll
2009-02-22 21:03 5,944 a------- c:\windows\system32\cxorccol.dll
2009-02-22 09:06 5,943 a------- c:\windows\system32\ndbpsvdh.dll
2009-02-22 09:03 5,944 a------- c:\windows\system32\nmordkax.dll
2009-02-21 21:06 5,943 a------- c:\windows\system32\absraxce.dll
2009-02-21 21:03 5,944 a------- c:\windows\system32\ghuiiksf.dll
2009-02-21 09:07 5,943 a------- c:\windows\system32\vohycbhi.dll
2009-02-21 09:04 5,944 a------- c:\windows\system32\ioyctwub.dll
2009-02-20 21:04 5,943 a------- c:\windows\system32\jikunhtm.dll
2009-02-20 21:02 5,944 a------- c:\windows\system32\xrhpxjol.dll
2009-02-19 20:05 5,943 a------- c:\windows\system32\gxiypeen.dll
2009-02-19 20:02 5,944 a------- c:\windows\system32\wbxbmwpn.dll
2009-02-18 18:38 5,943 a------- c:\windows\system32\ekvpqbhi.dll
2009-02-18 18:35 5,944 a------- c:\windows\system32\oijwvcsq.dll

==================== Find3M ====================

2009-03-15 09:23 104,960 a------- c:\windows\system32\userinit.exe
2009-03-15 09:21 35,354 a--sh--- c:\windows\system32\ehNWDcfe.ini2
2009-03-05 19:17 1,195,512 a------- c:\windows\system32\drivers\vsapint.sys
2009-03-05 19:17 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-03-05 19:17 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-03-03 16:12 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-03-03 02:08 335,376 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-03-03 01:34 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-03-03 01:34 150,032 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-03 01:34 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-02-18 06:39 5,943 a------- c:\windows\system32\afbvtfdd.dll
2009-02-18 06:36 5,944 a------- c:\windows\system32\vmgsigxl.dll
2009-02-17 18:36 5,944 a------- c:\windows\system32\mxwutbwc.dll
2009-02-17 18:33 5,943 a------- c:\windows\system32\vmlewckf.dll
2009-02-17 05:30 5,943 a------- c:\windows\system32\evjbwbrh.dll
2009-02-17 04:48 5,944 a------- c:\windows\system32\xkyujkku.dll
2009-02-17 03:48 6,220 a------- c:\windows\system32\nnnoLeBq.dll
2009-02-17 02:47 6,220 a------- c:\windows\system32\vtUnopNd.dll
2009-02-17 01:46 6,220 a------- c:\windows\system32\nnnoPGXp.dll
2009-02-17 00:45 6,220 a------- c:\windows\system32\ssqNDUOG.dll
2009-02-16 23:45 6,220 a------- c:\windows\system32\cbXQjhef.dll
2009-02-16 22:44 6,220 a------- c:\windows\system32\tuvTkhfF.dll
2009-02-16 21:44 6,220 a------- c:\windows\system32\xxyyxxxW.dll
2009-02-16 20:43 6,220 a------- c:\windows\system32\cbXqOgfc.dll
2009-02-16 19:43 6,220 a------- c:\windows\system32\pmnLEXrs.dll
2009-02-16 18:43 6,220 a------- c:\windows\system32\nnnoOiHA.dll
2009-02-16 06:41 6,220 a------- c:\windows\system32\geBuUnop.dll
2009-02-15 14:04 6,220 a------- c:\windows\system32\opnmMeBq.dll
2009-02-15 13:03 6,220 a------- c:\windows\system32\iifcBuVN.dll
2009-02-15 12:03 6,220 a------- c:\windows\system32\ljJDVlJa.dll
2009-02-15 11:02 6,220 a------- c:\windows\system32\efcCvWMf.dll
2009-02-15 10:02 6,220 a------- c:\windows\system32\opnlJdaY.dll
2009-02-15 09:01 6,220 a------- c:\windows\system32\yayyVooO.dll
2009-02-15 08:01 6,220 a------- c:\windows\system32\rqRJcdDS.dll
2009-02-15 07:01 6,220 a------- c:\windows\system32\jkkHYqqq.dll
2009-02-15 06:00 6,220 a------- c:\windows\system32\ljJAQJCt.dll
2009-02-15 04:59 6,220 a------- c:\windows\system32\pmnnLFvW.dll
2009-02-15 03:59 6,220 a------- c:\windows\system32\rqRKAQGV.dll
2009-02-15 02:58 6,220 a------- c:\windows\system32\tuvUOHxx.dll
2009-02-15 01:57 6,220 a------- c:\windows\system32\nnnmkICS.dll
2009-02-15 00:57 6,220 a------- c:\windows\system32\yayVppQH.dll
2009-02-14 23:56 6,220 a------- c:\windows\system32\efcdCttu.dll
2009-02-14 22:55 6,220 a------- c:\windows\system32\xxyayVMd.dll
2009-02-14 21:55 6,220 a------- c:\windows\system32\ddcCssRI.dll
2009-02-14 20:55 6,220 a------- c:\windows\system32\tuvSiJdC.dll
2009-02-14 20:50 5,888 a------- c:\windows\system32\opnkhggH.dll
2009-01-07 06:47 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-19 23:36 13,033 ac--h--- c:\docume~1\alluse~1\applic~1\nyqawi.pif
2008-10-19 23:36 11,070 ac--h--- c:\docume~1\alluse~1\applic~1\vanupumy.pif
2008-10-19 23:36 18,503 ac------ c:\docume~1\bryanl~1\applic~1\levijihe.bat
2008-10-19 23:36 11,672 ac------ c:\docume~1\bryanl~1\applic~1\egedemade.dll
2008-10-19 23:36 10,532 ac------ c:\program files\common files\pogoxove.reg
2007-02-12 19:10 2,682,880 -c--h--- c:\documents and settings\all users\VCREDI~3.EXE

============= FINISH: 18:34:14.03 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/21/2004 4:38:41 PM
System Uptime: 3/20/2009 6:27:22 PM (0 hours ago)

Motherboard: Dell Inc. | | 0J3492
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 106.036 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 3/18/2009 11:25:36 PM - RegCure Backup
RP2: 3/18/2009 11:25:47 PM - RegCure Backup
RP3: 3/19/2009 3:19:38 AM - RegCure Backup

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Control Panel
ATI Display Driver
AutoUpdate
Banctec Service Agreement
Belkin Wireless USB Utility
Bonjour
Bonjour Core for Windows
Broadcom Advanced Control Suite 2
Civilization III - Gold Edition
Compact Wireless-G USB Adapter
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
CutePDF Writer 2.7
DA920EN
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support 5.0.0 (766)
Digital Line Detect
DivX Converter
DivX Player
DivX Web Player
DNA
Google Desktop
Goombah Partner COM Server
Help and Support Customization
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
IMPLAN Professional 2.0
Intel Application Accelerator
Internet Explorer Default Page
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
K-Lite Codec Pack 4.1.7 (Full)
Lizardtech DjVu Control (autoinstall)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.0.7)
Netflix Movie Viewer
NetWaiting
Octoshape add-in for Adobe Flash Player
PixiePack Codec Pack
QuickTime
RealPlayer
RegCure 1.5.2.7
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Internet Explorer 8 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shockwave
TBS WMP Plug-in
Trend Micro Internet Security
TripleA Version 1_0_0_3
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Beta 2
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
WinZip Self-Extractor
Yahoo! Internet Mail

==== Event Viewer Messages From Past Week ========

3/16/2009 4:49:42 AM, error: Service Control Manager [7023] - The EjupwoYvkz service terminated with the following error: The specified module could not be found.
3/15/2009 9:22:22 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
3/15/2009 5:32:39 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/16/2009 5:07:22 AM, error: sfsync02 [12] -
3/16/2009 5:07:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/16/2009 5:07:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/16/2009 5:08:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/16/2009 5:08:51 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2009 5:08:51 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2009 5:08:51 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2009 5:08:51 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2009 5:08:51 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2009 5:08:51 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2009 5:08:51 AM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2009 5:08:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT prodrv06 RasAcd Rdbss Tcpip tmtdi WS2IFSL
3/16/2009 5:48:29 AM, error: Service Control Manager [7023] - The EjupwoYvkz service terminated with the following error: The system cannot find the file specified.
3/17/2009 5:35:49 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/17/2009 5:35:49 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
3/17/2009 9:58:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service SfCtlCom with arguments "" in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
3/19/2009 12:47:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT prodrv06 RasAcd Rdbss Tcpip tmtdi
3/19/2009 12:51:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm prodrv06 tmtdi

==== End Of File ===========================
OTViewIt logfile created on: 3/20/2009 6:37:48 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Bryan Landry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.09 Mb Total Physical Memory | 183.77 Mb Available Physical Memory | 36.03% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 69.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.99 Gb Total Space | 106.04 Gb Free Space | 71.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LANDRYPC
Current User Name: Bryan Landry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/05/25 21:15:48 | 00,397,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
[2003/05/02 16:44:48 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
[2003/05/02 16:42:06 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
[2009/03/03 01:46:13 | 00,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2004/03/23 10:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
[2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2009/03/13 18:39:14 | 00,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
[2009/03/13 18:39:26 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
[2009/03/13 18:39:28 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
[2006/08/29 00:23:44 | 05,527,040 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
[2009/03/15 09:23:41 | 00,104,960 | ---- | M] () -- C:\WINDOWS\SYSTEM32\userinit.exe
[2009/03/13 18:39:30 | 00,995,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
[2008/02/02 02:21:18 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2005/06/03 01:52:54 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
[2003/08/26 17:47:34 | 00,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
[2008/07/30 11:05:00 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2004/03/23 10:16:16 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
[2003/05/02 16:46:04 | 00,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
[2003/05/02 17:06:44 | 00,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2009/03/05 13:19:18 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2004/08/04 00:56:57 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
[2004/08/04 00:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\notepad.exe
[2009/03/20 18:34:43 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bryan Landry\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004/05/25 21:15:48 | 00,397,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2004/08/06 23:30:38 | 00,000,000 | ---D | M] -- C:\WINDOWS\System32\bits -- (BITS [On_Demand | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/12/16 15:40:00 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331 [On_Demand | Stopped])
[2004/03/23 10:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon [Auto | Running])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2003/05/02 16:44:48 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2009/03/13 18:39:14 | 00,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
[2009/03/03 01:46:13 | 00,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
[2009/03/13 18:39:26 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [Auto | Running])
[2009/03/13 18:39:28 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (WUSB54GCSVC [Auto | Running])

========== Driver Services ==========

[2002/04/01 11:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2007/12/14 15:45:21 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Disabled | Stopped])
[2004/08/03 23:07:42 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Disabled | Stopped])
[2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Disabled | Stopped])
[2004/05/25 21:19:00 | 00,729,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/05/29 15:41:54 | 00,186,112 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2005/02/01 18:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\bcm42rly.sys -- (BCM42RLY [On_Demand | Stopped])
[2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Disabled | Stopped])
[2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Disabled | Stopped])
[2001/08/17 10:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/11/17 13:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2003/11/17 13:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2004/08/03 22:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
[2004/08/03 22:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0 [On_Demand | Stopped])
[2004/08/03 22:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1 [On_Demand | Stopped])
[2004/08/03 22:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2 [On_Demand | Stopped])
[2004/08/03 22:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3 [On_Demand | Stopped])
[2004/08/03 22:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4 [On_Demand | Stopped])
[2004/08/03 22:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0 [On_Demand | Stopped])
[2004/08/03 22:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1 [On_Demand | Stopped])
[2004/08/03 22:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3 [On_Demand | Stopped])
[2004/08/03 22:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4 [On_Demand | Stopped])
[2003/04/09 11:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 11:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Disabled | Stopped])
[2004/08/03 22:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2002/11/08 11:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2003/10/10 06:06:24 | 00,052,128 | ---- | M] (Protection Technology) -- C:\WINDOWS\SYSTEM32\DRIVERS\prodrv06.sys -- (prodrv06 [System | Running])
[2003/10/10 07:06:26 | 00,062,720 | ---- | M] (Protection Technology) -- C:\WINDOWS\SYSTEM32\DRIVERS\prohlp02.sys -- (prohlp02 [Boot | Running])
[2002/08/29 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2008/05/30 10:22:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Disabled | Stopped])
[2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Disabled | Stopped])
[2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Disabled | Stopped])
[2008/09/16 18:09:24 | 00,030,080 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\RKHit.sys -- (RkHit [On_Demand | Stopped])
[2005/11/24 19:51:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73 [On_Demand | Running])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
[2005/08/10 05:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2003/12/01 08:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfhlp01.sys -- (sfhlp01 [Boot | Running])
[2005/05/16 06:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/08/10 07:06:28 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfsync02.sys -- (sfsync02 [Boot | Running])
[2004/08/03 23:07:42 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
[2004/04/09 10:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Disabled | Stopped])
[2004/12/13 20:21:28 | 00,053,760 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\SSHDRV76.sys -- (SSHDRV76 [System | Running])
[2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Disabled | Stopped])
[2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Disabled | Stopped])
[2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Disabled | Stopped])
[2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Disabled | Stopped])
[2008/09/25 12:33:16 | 00,043,552 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\SYSTEM32\DRIVERS\tbhsd.sys -- (tbhsd [On_Demand | Stopped])
[2009/03/03 01:34:17 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmactmon.sys -- (tmactmon [Auto | Running])
[2009/03/03 02:08:15 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2009/03/03 01:34:20 | 00,150,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm [Auto | Running])
[2009/03/03 01:34:24 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
[2009/03/05 19:17:48 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2009/03/03 16:12:44 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmtdi.sys -- (tmtdi [System | Running])
[2009/03/05 19:17:48 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Disabled | Stopped])
[2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2009/03/05 19:17:48 | 01,195,512 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\vsapint.sys -- (vsapint [Auto | Running])
[2003/11/17 13:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2002/08/29 03:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [Disabled | Stopped])
[2004/03/23 10:13:58 | 00,467,200 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor [Boot | Running])
[2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\SYSTEM32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://www.google.com/ie
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://www.google.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.ask.com/?o=101760&l=dis

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.default\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Start Page"=http://www.dell4me.com/myway

[HKEY_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Start Page"=http://www.dell4me.com/myway

[HKEY_USERS\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\s-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\s-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.ask.com/?o=101760&l=dis

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{c5bf40a2-94f3-42bd-f434-1604812c8955} (HKLM) -- Reg Error: Value does not exist. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atipta"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"dell aio printer a920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" (Dell Computer Corporation)
"google desktop search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"iaanotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
"ituneshelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"pcmservice"="C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
"quicktime task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"qzubonaduqiruh"=rundll32.exe "C:\WINDOWS\unisumocare.dll",e (Mozilla Foundation)
"sunjavaupdatesched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
"tkbellexe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"ufseagnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)

[HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

[HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

[HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

[HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoFolderOptions"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoFolderOptions"=1

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.default\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\s-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\s-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\s-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [2005/06/03 02:09:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> [2005/06/03 02:09:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.default\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> [2005/06/03 02:09:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> [2005/06/03 02:09:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> [2005/06/03 02:09:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0000000A-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/d/4...0367/wmavax.CAB -- Reg Error: Key does not exist or could not be opened.
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}: http://download.yahoo.com/dl/installs/yinst0401.cab -- YInstStarter Class
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc.cab -- Office Update Installation Engine
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1209691040468 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_04
{B9191F79-5613-4C76-AA2A-398534BB8999}: http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_01
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_04
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{715E995D-625B-4E9B-8EE5-92103AA3DB05} (Servers: | Description: Compact Wireless-G USB Adapter)
{7819814B-4D37-4ED2-8412-786EB8E8B923} (Servers: | Description: Compact Wireless-G USB Adapter)
{94DB5791-6222-43FA-8C17-0453A6B0F56E} (Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"=C:\WINDOWS\system32\userinit.exe,
>[2009/03/15 09:23:41 | 00,104,960 | ---- | M] () -- C:\WINDOWS\SYSTEM32\userinit.exe


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt: "DllName" = crypts.dll -- File not found
wvUNfcaA: "DllName" = -- File not found

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C5BF40A2-94F3-42BD-F434-1604812C8955}" (HKLM) = klj3r93iorkemnfaja93riemef -- Reg Error: Value does not exist or could not be read. File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\efcDWNhe,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2002/09/03 06:59:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/03/20 18:34:26 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bryan Landry\Desktop\OTViewIt.exe
[2009/03/20 18:32:46 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Bryan Landry\Desktop\dds.scr
[2009/03/19 00:56:45 | 53,494,1696 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/19 00:46:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Bryan Landry\Desktop\HijackThis.lnk
[2009/03/17 22:02:19 | 00,099,816 | ---- | C] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/03/16 05:22:54 | 00,000,452 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/03/16 05:22:54 | 00,000,386 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2009/03/16 05:22:49 | 00,000,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/03/16 05:22:49 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/03/15 20:57:42 | 00,016,384 | -H-- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/03/15 20:51:49 | 00,005,849 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/03/15 20:25:20 | 00,000,683 | -H-- | C] () -- C:\WINDOWS\WIN.INI
[2009/03/15 20:25:20 | 00,000,435 | -H-- | C] () -- C:\WINDOWS\SYSTEM.INI
[2009/03/15 19:16:12 | 00,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/15 12:07:28 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/03/15 09:35:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bryan Landry\Local Settings\Application Data\{617B0D4A-371E-4EBC-ABB3-03C86899FD4C}
[2009/03/15 09:35:41 | 00,132,096 | -H-- | C] (Mozilla Foundation) -- C:\WINDOWS\unisumocare.dll
[2009/03/15 09:25:04 | 00,005,835 | ---- | C] () -- C:\WINDOWS\System32\ntdll64.exe
[2009/03/15 09:24:08 | 00,005,821 | ---- | C] () -- C:\WINDOWS\System32\ahtn.htm
[2009/03/15 09:24:07 | 00,004,785 | ---- | C] () -- C:\WINDOWS\System32\warning.gif
[2009/03/15 09:23:58 | 00,114,158 | ---- | C] () -- C:\WINDOWS\System32\drivers\c33955.sys
[2009/03/15 09:23:54 | 00,104,960 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/03/14 21:23:21 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\qjeihdxx.dll
[2009/03/14 05:57:50 | 01,912,642 | -HS- | C] () -- C:\WINDOWS\System32\qdoxlwjl.ini
[2009/03/14 05:54:49 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\vutumo.dll
[2009/03/14 05:54:49 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\destthfi.dll
[2009/03/13 17:57:53 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\cdlven.dll
[2009/03/13 17:57:49 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\gbvoxlnw.dll
[2009/03/13 17:54:50 | 01,912,642 | -HS- | C] () -- C:\WINDOWS\System32\rcqgffwp.ini
[2009/03/13 05:57:49 | 01,911,778 | -HS- | C] () -- C:\WINDOWS\System32\ftnecwst.ini
[2009/03/12 17:57:52 | 01,807,293 | -HS- | C] () -- C:\WINDOWS\System32\emnakdpo.ini
[2009/03/12 05:55:02 | 01,807,280 | -HS- | C] () -- C:\WINDOWS\System32\pkpcchjw.ini
[2009/03/11 17:54:49 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\juomkwgo.dll
[2009/03/11 17:52:15 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\swnxukgo.dll
[2009/03/11 03:28:15 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\hftkevap.dll
[2009/03/11 03:25:16 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\pjciivwn.dll
[2009/03/10 15:28:20 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\kdwqbxxp.dll
[2009/03/10 15:25:20 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\mvbglpjr.dll
[2009/03/09 20:40:12 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\tlbgeaht.dll
[2009/03/09 20:37:12 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\kqogsbmb.dll
[2009/03/08 21:25:51 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\nubjmjsn.dll
[2009/03/08 21:22:51 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\pernpakt.dll
[2009/03/08 09:23:58 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\pwfjwfvp.dll
[2009/03/08 09:20:59 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\dhrlbxhg.dll
[2009/03/07 21:23:58 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\mnendopg.dll
[2009/03/07 21:21:00 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\iybfywqd.dll
[2009/03/07 09:24:06 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\uaointuy.dll
[2009/03/07 09:21:07 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\jdsbvuuf.dll
[2009/03/06 21:24:06 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\wvjtjaqi.dll
[2009/03/06 21:21:07 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\orourfrj.dll
[2009/03/06 09:22:49 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\vsnimfrd.dll
[2009/03/06 09:19:49 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\vmmtcdtr.dll
[2009/03/05 21:22:49 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\xdvxojhl.dll
[2009/03/05 21:19:49 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\ucudaaor.dll
[2009/03/05 04:00:01 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\veanhedc.dll
[2009/03/05 03:57:02 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\ygmnkeld.dll
[2009/03/04 13:29:53 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\hqgiylef.dll
[2009/03/04 13:27:15 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\ndajoftr.dll
[2009/03/03 19:14:47 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\tdevcxqk.dll
[2009/03/03 19:11:47 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\tvtliyos.dll
[2009/03/03 07:14:47 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\wogpnmny.dll
[2009/03/03 07:11:47 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\fdtwfwpy.dll
[2009/03/02 19:14:47 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\dxmhwxaj.dll
[2009/03/02 19:11:47 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\oephivqq.dll
[2009/03/01 22:22:48 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\pvuderph.dll
[2009/03/01 22:19:49 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\eoxwqjmj.dll
[2009/03/01 10:22:48 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\xbktkdgs.dll
[2009/03/01 10:19:49 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\tmprdgvy.dll
[2009/02/28 22:19:49 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\owdatfjn.dll
[2009/02/28 22:17:14 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\myspplxd.dll
[2009/02/28 05:14:37 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\gyiujvly.dll
[2009/02/28 05:11:38 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\vmvrqgnc.dll
[2009/02/27 17:14:38 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\smrfiikr.dll
[2009/02/27 17:11:39 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\rlfdnmlo.dll
[2009/02/27 05:13:20 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\optdjijg.dll
[2009/02/27 05:10:21 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\dltsagcm.dll
[2009/02/26 17:13:20 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\ojcikpca.dll
[2009/02/26 17:10:20 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\bcaqdrko.dll
[2009/02/26 01:21:10 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\mrpcpkla.dll
[2009/02/26 01:18:11 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\leiirkmj.dll
[2009/02/25 13:18:10 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\ngarvhok.dll
[2009/02/25 13:15:41 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\oxvtjckv.dll
[2009/02/24 20:56:49 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\yewnpgap.dll
[2009/02/24 20:54:21 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\ndmsrwkg.dll
[2009/02/24 06:26:48 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\kohxdcim.dll
[2009/02/24 06:23:49 | 00,005,941 | ---- | C] () -- C:\WINDOWS\System32\yvadtkjp.dll
[2009/02/23 18:23:48 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\mtlupylt.dll
[2009/02/23 18:21:09 | 00,005,944 | ---- | C] () -- C:\WINDOWS\System32\jmqjeyaf.dll
[2009/02/22 21:06:48 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\sqnidycl.dll
[2009/02/22 21:03:53 | 00,005,944 | ---- | C] () -- C:\WINDOWS\System32\cxorccol.dll
[2009/02/22 09:06:48 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\ndbpsvdh.dll
[2009/02/22 09:03:49 | 00,005,944 | ---- | C] () -- C:\WINDOWS\System32\nmordkax.dll
[2009/02/21 21:06:48 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\absraxce.dll
[2009/02/21 21:03:50 | 00,005,944 | ---- | C] () -- C:\WINDOWS\System32\ghuiiksf.dll
[2009/02/21 09:07:42 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\vohycbhi.dll
[2009/02/21 09:04:44 | 00,005,944 | ---- | C] () -- C:\WINDOWS\System32\ioyctwub.dll
[2009/02/20 21:04:42 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\jikunhtm.dll
[2009/02/19 20:05:55 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\gxiypeen.dll
[2009/02/19 20:02:53 | 00,005,944 | ---- | C] () -- C:\WINDOWS\System32\wbxbmwpn.dll
[2009/02/18 18:38:36 | 00,005,943 | ---- | C] () -- C:\WINDOWS\System32\ekvpqbhi.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/20 18:38:28 | 00,114,158 | ---- | M] () -- C:\WINDOWS\System32\drivers\c33955.sys
[2009/03/20 18:34:43 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bryan Landry\Desktop\OTViewIt.exe
[2009/03/20 18:32:47 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Bryan Landry\Desktop\dds.scr
[2009/03/20 18:29:57 | 00,000,452 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/03/20 18:29:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/20 18:29:54 | 00,005,849 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/03/20 18:27:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/20 18:27:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/03/20 18:27:43 | 53,494,1696 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/19 07:58:07 | 02,143,104 | -H-- | M] () -- C:\Documents and Settings\Bryan Landry\Local Settings\Application Data\IconCache.db
[2009/03/19 03:19:59 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/03/19 01:24:00 | 00,000,435 | -H-- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/03/19 00:54:06 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Bryan Landry\Desktop\HijackThis.lnk
[2009/03/19 00:37:04 | 00,016,384 | -H-- | M] () -- C:\WINDOWS\DCEBoot.exe
[2009/03/17 22:12:59 | 00,000,683 | -H-- | M] () -- C:\WINDOWS\WIN.INI
[2009/03/17 22:12:59 | 00,000,211 | -HS- | M] () -- C:\BOOT.INI
[2009/03/17 22:02:19 | 00,099,816 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/03/16 05:22:49 | 00,000,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/03/15 18:18:56 | 00,005,821 | ---- | M] () -- C:\WINDOWS\System32\ahtn.htm
[2009/03/15 18:18:56 | 00,004,785 | ---- | M] () -- C:\WINDOWS\System32\warning.gif
[2009/03/15 18:18:55 | 00,005,835 | ---- | M] () -- C:\WINDOWS\System32\ntdll64.exe
[2009/03/15 16:49:20 | 00,001,917 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/15 09:35:43 | 00,132,096 | -H-- | M] (Mozilla Foundation) -- C:\WINDOWS\unisumocare.dll
[2009/03/15 09:23:41 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009/03/15 09:23:41 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/03/15 09:23:34 | 00,004,448 | -HS- | M] () -- C:\WINDOWS\System32\ehNWDcfe.ini
[2009/03/15 09:21:23 | 00,035,354 | -HS- | M] () -- C:\WINDOWS\System32\ehNWDcfe.ini2
[2009/03/15 06:19:47 | 01,912,642 | -HS- | M] () -- C:\WINDOWS\System32\qdoxlwjl.ini
[2009/03/14 21:23:21 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\qjeihdxx.dll
[2009/03/13 19:12:14 | 04,067,328 | ---- | M] () -- C:\Documents and Settings\Bryan Landry\My Documents\Landry2008.mny
[2009/03/13 19:12:14 | 03,974,471 | R--- | M] () -- C:\Documents and Settings\Bryan Landry\My Documents\Landry2008 Backup.mbf
[2009/03/13 18:16:13 | 01,912,642 | -HS- | M] () -- C:\WINDOWS\System32\rcqgffwp.ini
[2009/03/13 06:20:11 | 01,911,778 | -HS- | M] () -- C:\WINDOWS\System32\ftnecwst.ini
[2009/03/12 18:45:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/12 18:19:13 | 01,807,293 | -HS- | M] () -- C:\WINDOWS\System32\emnakdpo.ini
[2009/03/12 06:16:12 | 01,807,280 | -HS- | M] () -- C:\WINDOWS\System32\pkpcchjw.ini
[2009/03/11 17:54:49 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\juomkwgo.dll
[2009/03/11 17:52:15 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\swnxukgo.dll
[2009/03/11 03:28:15 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\hftkevap.dll
[2009/03/11 03:25:16 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\pjciivwn.dll
[2009/03/10 15:28:20 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\kdwqbxxp.dll
[2009/03/10 15:25:20 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\mvbglpjr.dll
[2009/03/09 20:40:12 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\tlbgeaht.dll
[2009/03/09 20:37:12 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\kqogsbmb.dll
[2009/03/08 21:25:51 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\nubjmjsn.dll
[2009/03/08 21:22:51 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\pernpakt.dll
[2009/03/08 09:23:58 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\pwfjwfvp.dll
[2009/03/08 09:20:59 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\dhrlbxhg.dll
[2009/03/07 21:23:58 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\mnendopg.dll
[2009/03/07 21:21:00 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\iybfywqd.dll
[2009/03/07 09:24:06 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\uaointuy.dll
[2009/03/07 09:21:07 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\jdsbvuuf.dll
[2009/03/06 21:24:06 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\wvjtjaqi.dll
[2009/03/06 21:21:07 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\orourfrj.dll
[2009/03/06 09:22:49 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\vsnimfrd.dll
[2009/03/06 09:19:49 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\vmmtcdtr.dll
[2009/03/05 21:22:49 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\xdvxojhl.dll
[2009/03/05 21:19:49 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\ucudaaor.dll
[2009/03/05 19:17:48 | 01,195,512 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys
[2009/03/05 19:17:48 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys
[2009/03/05 19:17:48 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys
[2009/03/05 04:00:01 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\veanhedc.dll
[2009/03/05 03:57:02 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\ygmnkeld.dll
[2009/03/04 13:29:53 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\hqgiylef.dll
[2009/03/04 13:27:15 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\ndajoftr.dll
[2009/03/03 19:14:47 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\tdevcxqk.dll
[2009/03/03 19:11:47 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\tvtliyos.dll
[2009/03/03 16:12:44 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2009/03/03 07:14:47 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\wogpnmny.dll
[2009/03/03 07:11:47 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\fdtwfwpy.dll
[2009/03/03 02:08:15 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2009/03/03 01:34:24 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/03/03 01:34:20 | 00,150,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/03 01:34:17 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/03/02 19:14:47 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\dxmhwxaj.dll
[2009/03/02 19:11:47 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\oephivqq.dll
[2009/03/01 22:22:48 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\pvuderph.dll
[2009/03/01 22:19:49 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\eoxwqjmj.dll
[2009/03/01 10:22:48 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\xbktkdgs.dll
[2009/03/01 10:19:49 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\tmprdgvy.dll
[2009/02/28 22:19:49 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\owdatfjn.dll
[2009/02/28 22:17:14 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\myspplxd.dll
[2009/02/28 05:14:37 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\gyiujvly.dll
[2009/02/28 05:11:38 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\vmvrqgnc.dll
[2009/02/27 17:14:38 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\smrfiikr.dll
[2009/02/27 17:11:39 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\rlfdnmlo.dll
[2009/02/27 05:13:20 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\optdjijg.dll
[2009/02/27 05:10:21 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\dltsagcm.dll
[2009/02/26 17:13:20 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\ojcikpca.dll
[2009/02/26 17:10:20 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\bcaqdrko.dll
[2009/02/26 01:21:10 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\mrpcpkla.dll
[2009/02/26 01:18:11 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\leiirkmj.dll
[2009/02/25 13:18:10 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\ngarvhok.dll
[2009/02/25 13:15:41 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\oxvtjckv.dll
[2009/02/24 20:56:49 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\yewnpgap.dll
[2009/02/24 20:54:21 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\ndmsrwkg.dll
[2009/02/24 06:26:48 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\kohxdcim.dll
[2009/02/24 06:23:49 | 00,005,941 | ---- | M] () -- C:\WINDOWS\System32\yvadtkjp.dll
[2009/02/23 18:23:48 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\mtlupylt.dll
[2009/02/23 18:21:09 | 00,005,944 | ---- | M] () -- C:\WINDOWS\System32\jmqjeyaf.dll
[2009/02/22 21:06:48 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\sqnidycl.dll
[2009/02/22 21:03:53 | 00,005,944 | ---- | M] () -- C:\WINDOWS\System32\cxorccol.dll
[2009/02/22 09:06:48 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\ndbpsvdh.dll
[2009/02/22 09:03:49 | 00,005,944 | ---- | M] () -- C:\WINDOWS\System32\nmordkax.dll
[2009/02/21 21:06:48 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\absraxce.dll
[2009/02/21 21:03:50 | 00,005,944 | ---- | M] () -- C:\WINDOWS\System32\ghuiiksf.dll
[2009/02/21 09:07:42 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\vohycbhi.dll
[2009/02/21 09:04:44 | 00,005,944 | ---- | M] () -- C:\WINDOWS\System32\ioyctwub.dll
[2009/02/20 21:04:42 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\jikunhtm.dll
[2009/02/19 20:05:55 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\gxiypeen.dll
[2009/02/19 20:02:53 | 00,005,944 | ---- | M] () -- C:\WINDOWS\System32\wbxbmwpn.dll
[2009/02/18 18:38:36 | 00,005,943 | ---- | M] () -- C:\WINDOWS\System32\ekvpqbhi.dll
< End of report >
OTViewIt Extras logfile created on: 3/20/2009 6:37:48 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Bryan Landry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.09 Mb Total Physical Memory | 183.77 Mb Available Physical Memory | 36.03% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 69.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.99 Gb Total Space | 106.04 Gb Free Space | 71.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LANDRYPC
Current User Name: Bryan Landry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 00:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 00:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\WINDOWS\kdx\khost.exe:*:Disabled:Secure Delivery Plug-In
File not found -- C:\Program Files\Valve\Steam\Steam.exe:*:Disabled:Steam
File not found -- C:\Program Files\Day of Defeat\dod.exe:*:Enabled:Day of Defeat Launcher
File not found -- C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel
[2008/08/22 03:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2008/02/02 02:21:20 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
File not found -- C:\Program Files\StreamCast\Morpheus\Morpheus.exe:*:Enabled:M5Shell
File not found -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word
File not found -- C:\Program Files\Firefly Studios\CivCity Rome\CivCity Rome.exe:*:Enabled:CivCity Rome
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/19 21:08:32 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
File not found -- C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}"=Dell Solution Center
"{13515135-48BB-4184-8C1F-2FAE0138E200}"=TBS WMP Plug-in
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}"=Microsoft Money 2004
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Dell Media Experience
"{2E086814-7392-4E0F-ADB8-54A81E47406C}"=Broadcom Advanced Control Suite 2
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150010}"=J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150040}"=J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}"=Trend Micro Internet Security
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}"=Banctec Service Agreement
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}"=Bonjour Core for Windows
"{57257606-31DA-46A5-BD2F-5235955A7D41}"=Civilization III - Gold Edition
"{68D60342-7686-45C9-B8EB-40EF843D0460}"=Dell Networking Guide
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}"=Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8C64E145-54BA-11D6-91B1-00500462BE80}"=Microsoft Money 2004 System Pack
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel Application Accelerator
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}"=Help and Support Customization
"{91120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A6359CCF-215D-43D9-8366-479D231F2A72}"=Belkin Wireless USB Utility
"{AC76BA86-0000-7EC8-7489-000000000702}"=Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
"{AC76BA86-0000-7EC8-7489-000000000703}"=Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000704}"=Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}"=PixiePack Codec Pack
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{C1E5DF32-8248-4347-908C-E030EDAE4368}"=DA920EN
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}"=Goombah Partner COM Server
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}"=Compact Wireless-G USB Adapter
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}"=Banctec Service Agreement
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Ask Toolbar_is1"=Ask Toolbar
"ATI Display Driver"=ATI Display Driver
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1"=Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"CutePDF Writer Installation"=CutePDF Writer 2.7
"Dell AIO Printer A920"=Dell AIO Printer A920
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"DellSupport"=Dell Support 5.0.0 (766)
"DjVu"=Lizardtech DjVu Control (autoinstall)
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie8"=Windows Internet Explorer 8 Beta 2
"IMPLAN Professional 2.0"=IMPLAN Professional 2.0
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}"=TBS WMP Plug-in
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}"=Broadcom Advanced Control Suite 2
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}"=Belkin Wireless USB Utility
"KLiteCodecPack_is1"=K-Lite Codec Pack 4.1.7 (Full)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.7)"=Mozilla Firefox (3.0.7)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PROPLUSR"=Microsoft Office Professional Plus 2007
"RealPlayer 6.0"=RealPlayer
"regcure"=RegCure 1.5.2.7
"Shockwave"=Shockwave
"ShockwaveFlash"=Macromedia Flash Player 8
"TripleAVersion1_0_0_3"=TripleA Version 1_0_0_3
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 2
"WinZip"=WinZip
"WinZip Self-Extractor"=WinZip Self-Extractor
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail"=Yahoo! Internet Mail

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\s-1-5-21-936697006-1323337204-2065363705-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/16/2009 10:10:57 PM | Computer Name = LANDRYPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2009 3:00:27 AM | Computer Name = LANDRYPC | Source = Application Error | ID = 1000
Description = Faulting application userinit.exe, version 0.0.0.0, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 3/17/2009 3:02:35 AM | Computer Name = LANDRYPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2009 3:04:35 AM | Computer Name = LANDRYPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2009 3:10:12 AM | Computer Name = LANDRYPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2009 10:09:29 AM | Computer Name = LANDRYPC | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Bryan Landry\Desktop\MBSASetup-x64-DE.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 3/18/2009 1:17:47 AM | Computer Name = LANDRYPC | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Bryan Landry\Desktop\MBSASetup-x64-DE.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 3/19/2009 2:16:50 AM | Computer Name = LANDRYPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18241, faulting
module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 3/19/2009 2:17:55 AM | Computer Name = LANDRYPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18241, faulting
module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 3/19/2009 2:43:24 AM | Computer Name = LANDRYPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18241, faulting
module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

[ System Events ]
Error - 3/19/2009 3:52:16 AM | Computer Name = LANDRYPC | Source = sfsync02 | ID = 262156
Description =

Error - 3/19/2009 3:53:45 AM | Computer Name = LANDRYPC | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI
Driver service which failed to start because of the following error: %%31

Error - 3/19/2009 3:53:45 AM | Computer Name = LANDRYPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm prodrv06 tmtdi

Error - 3/19/2009 3:53:52 AM | Computer Name = LANDRYPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/19/2009 3:55:31 AM | Computer Name = LANDRYPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/19/2009 3:56:12 AM | Computer Name = LANDRYPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/19/2009 3:56:57 AM | Computer Name = LANDRYPC | Source = Service Control Manager | ID = 7023
Description = The EjupwoYvkz service terminated with the following error: %%2

Error - 3/19/2009 10:59:24 AM | Computer Name = LANDRYPC | Source = Service Control Manager | ID = 7023
Description = The EjupwoYvkz service terminated with the following error: %%2

Error - 3/19/2009 12:34:52 PM | Computer Name = LANDRYPC | Source = Service Control Manager | ID = 7023
Description = The EjupwoYvkz service terminated with the following error: %%2

Error - 3/20/2009 9:27:49 PM | Computer Name = LANDRYPC | Source = Service Control Manager | ID = 7023
Description = The EjupwoYvkz service terminated with the following error: %%2


< End of report >

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 21 March 2009 - 01:20 PM

Hi matrixred123,

The malware has affected your registry policies so let's reset those first.

Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here: http://downloads.malwareremoval.com/BillCa...FixPolicies.exe
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box should briefly appear and then close. This will enable your Control Panel and stop the Administrative warnings, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like. A permanent fix requires removing the infection.
You have quite a few nasties there so let's get rid of them for you.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Please also post a fresh DDS log :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 23 March 2009 - 07:44 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. If I haven't had a reply by 12pm GMT then I will close the topic.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#7 matrixred123

matrixred123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 23 March 2009 - 09:31 PM

sorry about that!

Here is my log.txt file. Thanks for your help!


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ufseagnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-03-13 995528]
"tkbellexe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-02 185896]
"sunjavaupdatesched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"qzubonaduqiruh"="c:\windows\unisumocare.dll" [2009-03-15 132096]
"quicktime task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"pcmservice"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"ituneshelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"iaanotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"google desktop search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-16 30192]
"dell aio printer a920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"atipta"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 335872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21013:TCP"= 21013:TCP:BitComet 21013 TCP
"21013:UDP"= 21013:UDP:BitComet 21013 UDP

R1 SSHDRV76;SSHDRV76;c:\windows\SYSTEM32\DRIVERS\SSHDRV76.sys [2004-12-13 53760]
R2 tmpreflt;tmpreflt;c:\windows\SYSTEM32\DRIVERS\tmpreflt.sys [2008-07-30 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\SYSTEM32\DRIVERS\TM_CFW.sys [2008-07-30 335376]
S2 EjupwoYvkz;EjupwoYvkz;c:\windows\System32\svchost.exe -k netsvcs [2002-08-29 14336]
S2 tmevtmgr;tmevtmgr;c:\windows\SYSTEM32\DRIVERS\tmevtmgr.sys [2008-10-20 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2008-10-20 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-10-20 677128]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-16 30192]
S3 musbehco;musbehco;\??\c:\docume~1\BRYANL~1\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\BRYANL~1\LOCALS~1\Temp\musbehco.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - gtndis5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
EjupwoYvkz

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]

2009-03-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{c5bf40a2-94f3-42bd-f434-1604812c8955} - (no file)
SharedTaskScheduler-{C5BF40A2-94F3-42BD-F434-1604812C8955} - (no file)
Notify-wvUNfcaA - (no file)
MSConfigStartUp-501abfa5 - c:\windows\system32\ljwlxodq.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bryan Landry\Application Data\Mozilla\Firefox\Profiles\duiqztl3.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Bryan Landry\Application Data\Mozilla\Firefox\Profiles\duiqztl3.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 19:22:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c33955]
"ImagePath"="\SystemRoot\System32\drivers\c33955.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-23 19:24:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-24 02:24:46

Pre-Run: 116,656,046,080 bytes free
Post-Run: 116,541,788,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

275 --- E O F --- 2009-02-11 10:05:14

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 24 March 2009 - 02:29 PM

Hi matrixred123,

:step1: Can you confirm that you ran FixPolicies?

:step4: Also, you didn't post the entire Combofix log. Please post the whole log from this location:

C:\ComboFix.txt

:) Finally, please download and run DDS

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker and then double click dds.scr to run the tool.

When done, DDS will open two logs:
  • DDS.txt
  • Attach.txt
Save both reports to your desktop first and then copy & paste them into your next reply.

Just to recap:
  • Confirmation that you ran FixPolicies
  • The full Combofix log
  • Both logs from DDS
Thanks. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 matrixred123

matrixred123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 24 March 2009 - 09:19 PM

Hi Mole,

Thanks again for your help.
* I did run FixPolicies.
* The full Combofix log is below
* The full logs from DDS are also below

ComboFix 09-03-22.01 - Bryan Landry 2009-03-24 18:50:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.111 [GMT -7:00]
Running from: c:\documents and settings\Bryan Landry\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-17 22:02 . 2009-03-17 22:02 99,816 --a------ c:\windows\SYSTEM32\GDIPFONTCACHEV1.DAT
2009-03-16 05:22 . 2009-03-16 05:40 <DIR> d-------- c:\program files\RegCure
2009-03-15 20:57 . 2009-03-19 00:37 16,384 --ah----- c:\windows\DCEBoot.exe
2009-03-15 20:25 . 2009-03-17 22:12 683 --ah----- c:\windows\WIN.INI
2009-03-15 20:25 . 2009-03-24 18:53 435 --a--c--- c:\windows\system.ini
2009-03-15 19:16 . 2009-03-24 18:33 2,206 --a------ c:\windows\SYSTEM32\wpa.dbl
2009-03-15 19:01 . 2004-07-16 21:41 <DIR> d--h-c--- c:\documents and settings\Administrator\Application Data\Symantec
2009-03-15 19:01 . 2004-07-16 21:40 <DIR> d--h-c--- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-03-15 19:01 . 2005-05-26 03:28 <DIR> d--h-c--- c:\documents and settings\Administrator\Application Data\Gtek
2009-03-15 19:01 . 2009-03-15 19:01 <DIR> d--h-c--- c:\documents and settings\Administrator
2009-03-15 09:35 . 2009-03-15 09:35 132,096 --ah----- c:\windows\unisumocare.dll
2009-03-15 09:23 . 2009-03-24 18:53 114,158 --a------ c:\windows\SYSTEM32\DRIVERS\c33955.sys
2009-03-14 21:23 . 2009-03-14 21:23 5,941 --a------ c:\windows\SYSTEM32\qjeihdxx.dll
2009-03-11 17:54 . 2009-03-11 17:54 5,941 --a------ c:\windows\SYSTEM32\juomkwgo.dll
2009-03-11 17:52 . 2009-03-11 17:52 5,943 --a------ c:\windows\SYSTEM32\swnxukgo.dll
2009-03-11 03:28 . 2009-03-11 03:28 5,941 --a------ c:\windows\SYSTEM32\hftkevap.dll
2009-03-11 03:25 . 2009-03-11 03:25 5,943 --a------ c:\windows\SYSTEM32\pjciivwn.dll
2009-03-10 15:28 . 2009-03-10 15:28 5,943 --a------ c:\windows\SYSTEM32\kdwqbxxp.dll
2009-03-10 15:25 . 2009-03-10 15:25 5,941 --a------ c:\windows\SYSTEM32\mvbglpjr.dll
2009-03-09 20:40 . 2009-03-09 20:40 5,941 --a------ c:\windows\SYSTEM32\tlbgeaht.dll
2009-03-09 20:37 . 2009-03-09 20:37 5,943 --a------ c:\windows\SYSTEM32\kqogsbmb.dll
2009-03-08 21:25 . 2009-03-08 21:25 5,941 --a------ c:\windows\SYSTEM32\nubjmjsn.dll
2009-03-08 21:22 . 2009-03-08 21:22 5,943 --a------ c:\windows\SYSTEM32\pernpakt.dll
2009-03-08 09:23 . 2009-03-08 09:23 5,941 --a------ c:\windows\SYSTEM32\pwfjwfvp.dll
2009-03-08 09:20 . 2009-03-08 09:20 5,943 --a------ c:\windows\SYSTEM32\dhrlbxhg.dll
2009-03-07 21:23 . 2009-03-07 21:23 5,941 --a------ c:\windows\SYSTEM32\mnendopg.dll
2009-03-07 21:21 . 2009-03-07 21:21 5,943 --a------ c:\windows\SYSTEM32\iybfywqd.dll
2009-03-07 09:24 . 2009-03-07 09:24 5,941 --a------ c:\windows\SYSTEM32\uaointuy.dll
2009-03-07 09:21 . 2009-03-07 09:21 5,943 --a------ c:\windows\SYSTEM32\jdsbvuuf.dll
2009-03-06 21:24 . 2009-03-06 21:24 5,941 --a------ c:\windows\SYSTEM32\wvjtjaqi.dll
2009-03-06 21:21 . 2009-03-06 21:21 5,943 --a------ c:\windows\SYSTEM32\orourfrj.dll
2009-03-06 09:22 . 2009-03-06 09:22 5,941 --a------ c:\windows\SYSTEM32\vsnimfrd.dll
2009-03-06 09:19 . 2009-03-06 09:19 5,943 --a------ c:\windows\SYSTEM32\vmmtcdtr.dll
2009-03-05 21:22 . 2009-03-05 21:22 5,941 --a------ c:\windows\SYSTEM32\xdvxojhl.dll
2009-03-05 21:19 . 2009-03-05 21:19 5,943 --a------ c:\windows\SYSTEM32\ucudaaor.dll
2009-03-05 04:00 . 2009-03-05 04:00 5,941 --a------ c:\windows\SYSTEM32\veanhedc.dll
2009-03-05 03:57 . 2009-03-05 03:57 5,943 --a------ c:\windows\SYSTEM32\ygmnkeld.dll
2009-03-04 13:29 . 2009-03-04 13:29 5,941 --a------ c:\windows\SYSTEM32\hqgiylef.dll
2009-03-04 13:27 . 2009-03-04 13:27 5,943 --a------ c:\windows\SYSTEM32\ndajoftr.dll
2009-03-03 19:14 . 2009-03-03 19:14 5,943 --a------ c:\windows\SYSTEM32\tdevcxqk.dll
2009-03-03 19:11 . 2009-03-03 19:11 5,941 --a------ c:\windows\SYSTEM32\tvtliyos.dll
2009-03-03 07:14 . 2009-03-03 07:14 5,943 --a------ c:\windows\SYSTEM32\wogpnmny.dll
2009-03-03 07:11 . 2009-03-03 07:11 5,941 --a------ c:\windows\SYSTEM32\fdtwfwpy.dll
2009-03-02 19:14 . 2009-03-02 19:14 5,941 --a------ c:\windows\SYSTEM32\dxmhwxaj.dll
2009-03-02 19:11 . 2009-03-02 19:11 5,943 --a------ c:\windows\SYSTEM32\oephivqq.dll
2009-03-01 22:22 . 2009-03-01 22:22 5,941 --a------ c:\windows\SYSTEM32\pvuderph.dll
2009-03-01 22:19 . 2009-03-01 22:19 5,943 --a------ c:\windows\SYSTEM32\eoxwqjmj.dll
2009-03-01 10:22 . 2009-03-01 10:22 5,941 --a------ c:\windows\SYSTEM32\xbktkdgs.dll
2009-03-01 10:19 . 2009-03-01 10:19 5,943 --a------ c:\windows\SYSTEM32\tmprdgvy.dll
2009-02-28 22:19 . 2009-02-28 22:19 5,943 --a------ c:\windows\SYSTEM32\owdatfjn.dll
2009-02-28 22:17 . 2009-02-28 22:17 5,941 --a------ c:\windows\SYSTEM32\myspplxd.dll
2009-02-28 05:14 . 2009-02-28 05:14 5,943 --a------ c:\windows\SYSTEM32\gyiujvly.dll
2009-02-28 05:11 . 2009-02-28 05:11 5,941 --a------ c:\windows\SYSTEM32\vmvrqgnc.dll
2009-02-27 17:14 . 2009-02-27 17:14 5,943 --a------ c:\windows\SYSTEM32\smrfiikr.dll
2009-02-27 17:11 . 2009-02-27 17:11 5,941 --a------ c:\windows\SYSTEM32\rlfdnmlo.dll
2009-02-27 05:13 . 2009-02-27 05:13 5,941 --a------ c:\windows\SYSTEM32\optdjijg.dll
2009-02-27 05:10 . 2009-02-27 05:10 5,943 --a------ c:\windows\SYSTEM32\dltsagcm.dll
2009-02-26 17:13 . 2009-02-26 17:13 5,943 --a------ c:\windows\SYSTEM32\ojcikpca.dll
2009-02-26 17:10 . 2009-02-26 17:10 5,941 --a------ c:\windows\SYSTEM32\bcaqdrko.dll
2009-02-26 01:21 . 2009-02-26 01:21 5,941 --a------ c:\windows\SYSTEM32\mrpcpkla.dll
2009-02-26 01:18 . 2009-02-26 01:18 5,943 --a------ c:\windows\SYSTEM32\leiirkmj.dll
2009-02-25 13:18 . 2009-02-25 13:18 5,943 --a------ c:\windows\SYSTEM32\ngarvhok.dll
2009-02-25 13:15 . 2009-02-25 13:15 5,941 --a------ c:\windows\SYSTEM32\oxvtjckv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 11:05 --------- d-----w c:\program files\Trend Micro
2009-03-16 01:22 --------- d-----w c:\documents and settings\Bryan Landry\Application Data\DNA
2009-03-16 01:18 --------- d-----w c:\program files\DNA
2009-03-06 02:17 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys
2009-03-06 02:17 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys
2009-03-06 02:17 1,195,512 ----a-w c:\windows\system32\drivers\vsapint.sys
2009-03-03 23:12 80,400 ----a-w c:\windows\system32\drivers\tmtdi.sys
2009-03-03 09:08 335,376 ----a-w c:\windows\system32\drivers\TM_CFW.sys
2009-03-03 08:34 50,192 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-03-03 08:34 50,192 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-03-03 08:34 150,032 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-02-25 03:56 5,941 ----a-w c:\windows\SYSTEM32\yewnpgap.dll
2009-02-25 03:54 5,943 ----a-w c:\windows\SYSTEM32\ndmsrwkg.dll
2009-02-24 13:26 5,943 ----a-w c:\windows\SYSTEM32\kohxdcim.dll
2009-02-24 13:23 5,941 ----a-w c:\windows\SYSTEM32\yvadtkjp.dll
2009-02-24 01:23 5,943 ----a-w c:\windows\SYSTEM32\mtlupylt.dll
2009-02-24 01:21 5,944 ----a-w c:\windows\SYSTEM32\jmqjeyaf.dll
2009-02-23 04:06 5,943 ----a-w c:\windows\SYSTEM32\sqnidycl.dll
2009-02-23 04:03 5,944 ----a-w c:\windows\SYSTEM32\cxorccol.dll
2009-02-22 16:06 5,943 ----a-w c:\windows\SYSTEM32\ndbpsvdh.dll
2009-02-22 16:03 5,944 ----a-w c:\windows\SYSTEM32\nmordkax.dll
2009-02-22 04:06 5,943 ----a-w c:\windows\SYSTEM32\absraxce.dll
2009-02-22 04:03 5,944 ----a-w c:\windows\SYSTEM32\ghuiiksf.dll
2009-02-21 16:07 5,943 ----a-w c:\windows\SYSTEM32\vohycbhi.dll
2009-02-21 16:04 5,944 ----a-w c:\windows\SYSTEM32\ioyctwub.dll
2009-02-21 04:04 5,943 ----a-w c:\windows\SYSTEM32\jikunhtm.dll
2009-02-21 04:02 5,944 ----a-w c:\windows\SYSTEM32\xrhpxjol.dll
2009-02-20 03:05 5,943 ----a-w c:\windows\SYSTEM32\gxiypeen.dll
2009-02-20 03:02 5,944 ----a-w c:\windows\SYSTEM32\wbxbmwpn.dll
2009-02-19 01:38 5,943 ----a-w c:\windows\SYSTEM32\ekvpqbhi.dll
2009-02-19 01:35 5,944 ----a-w c:\windows\SYSTEM32\oijwvcsq.dll
2009-02-18 13:39 5,943 ----a-w c:\windows\SYSTEM32\afbvtfdd.dll
2009-02-18 13:36 5,944 ----a-w c:\windows\SYSTEM32\vmgsigxl.dll
2009-02-18 01:36 5,944 ----a-w c:\windows\SYSTEM32\mxwutbwc.dll
2009-02-18 01:33 5,943 ----a-w c:\windows\SYSTEM32\vmlewckf.dll
2009-02-17 12:30 5,943 ----a-w c:\windows\SYSTEM32\evjbwbrh.dll
2009-02-17 11:48 5,944 ----a-w c:\windows\SYSTEM32\xkyujkku.dll
2009-02-17 10:48 6,220 ----a-w c:\windows\SYSTEM32\nnnoLeBq.dll
2009-02-17 09:47 6,220 ----a-w c:\windows\SYSTEM32\vtUnopNd.dll
2009-02-17 08:46 6,220 ----a-w c:\windows\SYSTEM32\nnnoPGXp.dll
2009-02-17 07:45 6,220 ----a-w c:\windows\SYSTEM32\ssqNDUOG.dll
2009-02-17 06:45 6,220 ----a-w c:\windows\SYSTEM32\cbXQjhef.dll
2009-02-17 05:44 6,220 ----a-w c:\windows\SYSTEM32\tuvTkhfF.dll
2009-02-17 04:44 6,220 ----a-w c:\windows\SYSTEM32\xxyyxxxW.dll
2009-02-17 03:43 6,220 ----a-w c:\windows\SYSTEM32\cbXqOgfc.dll
2009-02-17 02:43 6,220 ----a-w c:\windows\SYSTEM32\pmnLEXrs.dll
2009-02-17 01:43 6,220 ----a-w c:\windows\SYSTEM32\nnnoOiHA.dll
2009-02-16 13:41 6,220 ----a-w c:\windows\SYSTEM32\geBuUnop.dll
2009-02-15 21:04 6,220 ----a-w c:\windows\SYSTEM32\opnmMeBq.dll
2009-02-15 20:03 6,220 ----a-w c:\windows\SYSTEM32\iifcBuVN.dll
2009-02-15 19:03 6,220 ----a-w c:\windows\SYSTEM32\ljJDVlJa.dll
2009-02-15 18:02 6,220 ----a-w c:\windows\SYSTEM32\efcCvWMf.dll
2009-02-15 17:02 6,220 ----a-w c:\windows\SYSTEM32\opnlJdaY.dll
2009-02-15 16:01 6,220 ----a-w c:\windows\SYSTEM32\yayyVooO.dll
2009-02-15 15:01 6,220 ----a-w c:\windows\SYSTEM32\rqRJcdDS.dll
2009-02-15 14:01 6,220 ----a-w c:\windows\SYSTEM32\jkkHYqqq.dll
2009-02-15 13:00 6,220 ----a-w c:\windows\SYSTEM32\ljJAQJCt.dll
2009-02-15 11:59 6,220 ----a-w c:\windows\SYSTEM32\pmnnLFvW.dll
2009-02-15 10:59 6,220 ----a-w c:\windows\SYSTEM32\rqRKAQGV.dll
2009-02-15 09:58 6,220 ----a-w c:\windows\SYSTEM32\tuvUOHxx.dll
2009-02-15 08:57 6,220 ----a-w c:\windows\SYSTEM32\nnnmkICS.dll
2009-02-15 07:57 6,220 ----a-w c:\windows\SYSTEM32\yayVppQH.dll
2009-02-15 06:56 6,220 ----a-w c:\windows\SYSTEM32\efcdCttu.dll
2009-02-15 05:55 6,220 ----a-w c:\windows\SYSTEM32\xxyayVMd.dll
2009-02-15 04:55 6,220 ----a-w c:\windows\SYSTEM32\ddcCssRI.dll
2009-02-15 03:55 6,220 ----a-w c:\windows\SYSTEM32\tuvSiJdC.dll
2009-02-15 03:50 5,888 ----a-w c:\windows\SYSTEM32\opnkhggH.dll
2009-02-11 10:02 --------- dc-h--w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-25 03:17 --------- d-----w c:\program files\MSBuild
2009-01-25 03:17 --------- d-----w c:\program files\Microsoft Works
2009-01-25 03:15 --------- d-----w c:\program files\Microsoft.NET
2009-01-07 13:47 5,699,584 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-10-20 06:36 18,503 -c--a-w c:\documents and settings\Bryan Landry\Application Data\levijihe.bat
2008-10-20 06:36 13,033 -c-ha-w c:\documents and settings\All Users\Application Data\nyqawi.pif
2008-10-20 06:36 11,672 -c--a-w c:\documents and settings\Bryan Landry\Application Data\egedemade.dll
2008-10-20 06:36 11,070 -c-ha-w c:\documents and settings\All Users\Application Data\vanupumy.pif
2008-10-20 06:36 10,532 -c-ha-w c:\program files\Common Files\pogoxove.reg
2007-02-13 02:10 2,682,880 -c-h--w c:\documents and settings\All Users\VCREDI~3.EXE
2008-12-16 22:40 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ufseagnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-03-13 995528]
"tkbellexe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-02 185896]
"sunjavaupdatesched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"qzubonaduqiruh"="c:\windows\unisumocare.dll" [2009-03-15 132096]
"quicktime task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"pcmservice"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"ituneshelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"iaanotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"google desktop search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-16 30192]
"dell aio printer a920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"atipta"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 335872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21013:TCP"= 21013:TCP:BitComet 21013 TCP
"21013:UDP"= 21013:UDP:BitComet 21013 UDP

R1 SSHDRV76;SSHDRV76;c:\windows\SYSTEM32\DRIVERS\SSHDRV76.sys [2004-12-13 53760]
R2 tmpreflt;tmpreflt;c:\windows\SYSTEM32\DRIVERS\tmpreflt.sys [2008-07-30 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\SYSTEM32\DRIVERS\TM_CFW.sys [2008-07-30 335376]
S2 EjupwoYvkz;EjupwoYvkz;c:\windows\System32\svchost.exe -k netsvcs [2002-08-29 14336]
S2 tmevtmgr;tmevtmgr;c:\windows\SYSTEM32\DRIVERS\tmevtmgr.sys [2008-10-20 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2008-10-20 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-10-20 677128]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-16 30192]
S3 musbehco;musbehco;\??\c:\docume~1\BRYANL~1\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\BRYANL~1\LOCALS~1\Temp\musbehco.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - gtndis5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
EjupwoYvkz

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-25 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]

2009-03-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bryan Landry\Application Data\Mozilla\Firefox\Profiles\duiqztl3.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Bryan Landry\Application Data\Mozilla\Firefox\Profiles\duiqztl3.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 18:53:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c33955]
"ImagePath"="\SystemRoot\System32\drivers\c33955.sys"
.
Completion time: 2009-03-24 18:54:55
ComboFix-quarantined-files.txt 2009-03-25 01:54:53

Pre-Run: 118,958,522,368 bytes free
Post-Run: 118,963,105,792 bytes free

275 --- E O F --- 2009-02-11 10:05:14


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/21/2004 4:38:41 PM
System Uptime: 3/24/2009 6:32:36 PM (1 hours ago)

Motherboard: Dell Inc. | | 0J3492
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 110.805 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 3/18/2009 11:25:36 PM - RegCure Backup
RP2: 3/18/2009 11:25:47 PM - RegCure Backup
RP3: 3/19/2009 3:19:38 AM - RegCure Backup
RP4: 3/23/2009 7:12:34 PM - ComboFix created restore point

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Control Panel
ATI Display Driver
AutoUpdate
Banctec Service Agreement
Belkin Wireless USB Utility
Bonjour
Bonjour Core for Windows
Broadcom Advanced Control Suite 2
Civilization III - Gold Edition
Compact Wireless-G USB Adapter
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
CutePDF Writer 2.7
DA920EN
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support 5.0.0 (766)
Digital Line Detect
DivX Converter
DivX Player
DivX Web Player
DNA
Google Desktop
Goombah Partner COM Server
Help and Support Customization
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
IMPLAN Professional 2.0
Intel Application Accelerator
Internet Explorer Default Page
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
K-Lite Codec Pack 4.1.7 (Full)
Lizardtech DjVu Control (autoinstall)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.0.7)
Netflix Movie Viewer
NetWaiting
Octoshape add-in for Adobe Flash Player
PixiePack Codec Pack
QuickTime
RealPlayer
RegCure 1.5.2.7
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Internet Explorer 8 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shockwave
TBS WMP Plug-in
Trend Micro Internet Security
TripleA Version 1_0_0_3
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Beta 2
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
WinZip Self-Extractor
Yahoo! Internet Mail

==== Event Viewer Messages From Past Week ========

3/17/2009 12:15:11 AM, error: Service Control Manager [7023] - The EjupwoYvkz service terminated with the following error: The system cannot find the file specified.
3/17/2009 5:35:49 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/17/2009 5:35:49 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
3/17/2009 6:06:46 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/17/2009 6:55:53 AM, error: sfsync02 [12] -
3/17/2009 7:10:27 AM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
3/17/2009 9:48:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/17/2009 9:48:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/17/2009 9:49:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2009 9:49:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2009 9:49:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2009 9:49:29 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2009 9:49:29 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2009 9:49:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2009 9:49:29 PM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2009 9:49:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT prodrv06 RasAcd Rdbss Tcpip tmtdi WS2IFSL
3/17/2009 9:55:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/17/2009 9:58:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service SfCtlCom with arguments "" in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
3/19/2009 12:47:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT prodrv06 RasAcd Rdbss Tcpip tmtdi
3/19/2009 12:51:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm prodrv06 tmtdi

==== End Of File ===========================

DDS (Ver_09-03-16.01) - NTFSx86
Run by Bryan Landry at 19:17:00.90 on Tue 03/24/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.119 [GMT -7:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bryan Landry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ufseagnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [sunjavaupdatesched] c:\program files\java\jre1.5.0_04\bin\jusched.exe
mRun: [qzubonaduqiruh] rundll32.exe "c:\windows\unisumocare.dll",e
mRun: [quicktime task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [pcmservice] "c:\program files\dell\media experience\PCMService.exe"
mRun: [ituneshelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iaanotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [google desktop search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dell aio printer a920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [atipta] c:\program files\ati technologies\ati control panel\atiptaxx.exe
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209691040468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bryanl~1\applic~1\mozilla\firefox\profiles\duiqztl3.default\
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\bryan landry\application data\mozilla\firefox\profiles\duiqztl3.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: XUL Cache: {617B0D4A-371E-4EBC-ABB3-03C86899FD4C} - c:\documents and settings\bryan landry\local settings\application data\{617B0D4A-371E-4EBC-ABB3-03C86899FD4C}

============= SERVICES / DRIVERS ===============

R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2004-12-13 53760]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-7-30 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-7-30 335376]
S2 EjupwoYvkz;EjupwoYvkz;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-10-20 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2008-10-20 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-10-20 677128]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-16 30192]
S3 musbehco;musbehco;\??\c:\docume~1\bryanl~1\locals~1\temp\musbehco.sys --> c:\docume~1\bryanl~1\locals~1\temp\musbehco.sys [?]

=============== Created Last 30 ================

2009-03-23 19:14 <DIR> acdshr-- C:\cmdcons
2009-03-23 19:12 161,792 a------- c:\windows\SWREG.exe
2009-03-23 19:12 98,816 a------- c:\windows\sed.exe
2009-03-17 22:02 99,816 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-15 20:57 16,384 a---h--- c:\windows\DCEBoot.exe
2009-03-15 20:25 435 ac------ c:\windows\system.ini
2009-03-15 20:25 683 a---h--- c:\windows\WIN.INI
2009-03-15 19:16 2,206 a------- c:\windows\system32\wpa.dbl
2009-03-15 09:35 132,096 a---h--- c:\windows\unisumocare.dll
2009-03-15 09:23 114,158 a------- c:\windows\system32\drivers\c33955.sys
2009-03-14 21:23 5,941 a------- c:\windows\system32\qjeihdxx.dll
2009-03-11 17:54 5,941 a------- c:\windows\system32\juomkwgo.dll
2009-03-11 17:52 5,943 a------- c:\windows\system32\swnxukgo.dll
2009-03-11 03:28 5,941 a------- c:\windows\system32\hftkevap.dll
2009-03-11 03:25 5,943 a------- c:\windows\system32\pjciivwn.dll
2009-03-10 15:28 5,943 a------- c:\windows\system32\kdwqbxxp.dll
2009-03-10 15:25 5,941 a------- c:\windows\system32\mvbglpjr.dll
2009-03-09 20:40 5,941 a------- c:\windows\system32\tlbgeaht.dll
2009-03-09 20:37 5,943 a------- c:\windows\system32\kqogsbmb.dll
2009-03-08 21:25 5,941 a------- c:\windows\system32\nubjmjsn.dll
2009-03-08 21:22 5,943 a------- c:\windows\system32\pernpakt.dll
2009-03-08 09:23 5,941 a------- c:\windows\system32\pwfjwfvp.dll
2009-03-08 09:20 5,943 a------- c:\windows\system32\dhrlbxhg.dll
2009-03-07 21:23 5,941 a------- c:\windows\system32\mnendopg.dll
2009-03-07 21:21 5,943 a------- c:\windows\system32\iybfywqd.dll
2009-03-07 09:24 5,941 a------- c:\windows\system32\uaointuy.dll
2009-03-07 09:21 5,943 a------- c:\windows\system32\jdsbvuuf.dll
2009-03-06 21:24 5,941 a------- c:\windows\system32\wvjtjaqi.dll
2009-03-06 21:21 5,943 a------- c:\windows\system32\orourfrj.dll
2009-03-06 09:22 5,941 a------- c:\windows\system32\vsnimfrd.dll
2009-03-06 09:19 5,943 a------- c:\windows\system32\vmmtcdtr.dll
2009-03-05 21:22 5,941 a------- c:\windows\system32\xdvxojhl.dll
2009-03-05 21:19 5,943 a------- c:\windows\system32\ucudaaor.dll
2009-03-05 04:00 5,941 a------- c:\windows\system32\veanhedc.dll
2009-03-05 03:57 5,943 a------- c:\windows\system32\ygmnkeld.dll
2009-03-04 13:29 5,941 a------- c:\windows\system32\hqgiylef.dll
2009-03-04 13:27 5,943 a------- c:\windows\system32\ndajoftr.dll
2009-03-03 19:14 5,943 a------- c:\windows\system32\tdevcxqk.dll
2009-03-03 19:11 5,941 a------- c:\windows\system32\tvtliyos.dll
2009-03-03 07:14 5,943 a------- c:\windows\system32\wogpnmny.dll
2009-03-03 07:11 5,941 a------- c:\windows\system32\fdtwfwpy.dll
2009-03-02 19:14 5,941 a------- c:\windows\system32\dxmhwxaj.dll
2009-03-02 19:11 5,943 a------- c:\windows\system32\oephivqq.dll
2009-03-01 22:22 5,941 a------- c:\windows\system32\pvuderph.dll
2009-03-01 22:19 5,943 a------- c:\windows\system32\eoxwqjmj.dll
2009-03-01 10:22 5,941 a------- c:\windows\system32\xbktkdgs.dll
2009-03-01 10:19 5,943 a------- c:\windows\system32\tmprdgvy.dll
2009-02-28 22:19 5,943 a------- c:\windows\system32\owdatfjn.dll
2009-02-28 22:17 5,941 a------- c:\windows\system32\myspplxd.dll
2009-02-28 05:14 5,943 a------- c:\windows\system32\gyiujvly.dll
2009-02-28 05:11 5,941 a------- c:\windows\system32\vmvrqgnc.dll
2009-02-27 17:14 5,943 a------- c:\windows\system32\smrfiikr.dll
2009-02-27 17:11 5,941 a------- c:\windows\system32\rlfdnmlo.dll
2009-02-27 05:13 5,941 a------- c:\windows\system32\optdjijg.dll
2009-02-27 05:10 5,943 a------- c:\windows\system32\dltsagcm.dll
2009-02-26 17:13 5,943 a------- c:\windows\system32\ojcikpca.dll
2009-02-26 17:10 5,941 a------- c:\windows\system32\bcaqdrko.dll
2009-02-26 01:21 5,941 a------- c:\windows\system32\mrpcpkla.dll
2009-02-26 01:18 5,943 a------- c:\windows\system32\leiirkmj.dll
2009-02-25 13:18 5,943 a------- c:\windows\system32\ngarvhok.dll
2009-02-25 13:15 5,941 a------- c:\windows\system32\oxvtjckv.dll
2009-02-24 20:56 5,941 a------- c:\windows\system32\yewnpgap.dll
2009-02-24 20:54 5,943 a------- c:\windows\system32\ndmsrwkg.dll
2009-02-24 06:26 5,943 a------- c:\windows\system32\kohxdcim.dll
2009-02-24 06:23 5,941 a------- c:\windows\system32\yvadtkjp.dll
2009-02-23 18:23 5,943 a------- c:\windows\system32\mtlupylt.dll
2009-02-23 18:21 5,944 a------- c:\windows\system32\jmqjeyaf.dll
2009-02-22 21:06 5,943 a------- c:\windows\system32\sqnidycl.dll
2009-02-22 21:03 5,944 a------- c:\windows\system32\cxorccol.dll

==================== Find3M ====================

2009-03-05 19:17 1,195,512 a------- c:\windows\system32\drivers\vsapint.sys
2009-03-05 19:17 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-03-05 19:17 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-03-03 16:12 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-03-03 02:08 335,376 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-03-03 01:34 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-03-03 01:34 150,032 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-03 01:34 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-02-22 09:06 5,943 a------- c:\windows\system32\ndbpsvdh.dll
2009-02-22 09:03 5,944 a------- c:\windows\system32\nmordkax.dll
2009-02-21 21:06 5,943 a------- c:\windows\system32\absraxce.dll
2009-02-21 21:03 5,944 a------- c:\windows\system32\ghuiiksf.dll
2009-02-21 09:07 5,943 a------- c:\windows\system32\vohycbhi.dll
2009-02-21 09:04 5,944 a------- c:\windows\system32\ioyctwub.dll
2009-02-20 21:04 5,943 a------- c:\windows\system32\jikunhtm.dll
2009-02-20 21:02 5,944 a------- c:\windows\system32\xrhpxjol.dll
2009-02-19 20:05 5,943 a------- c:\windows\system32\gxiypeen.dll
2009-02-19 20:02 5,944 a------- c:\windows\system32\wbxbmwpn.dll
2009-02-18 18:38 5,943 a------- c:\windows\system32\ekvpqbhi.dll
2009-02-18 18:35 5,944 a------- c:\windows\system32\oijwvcsq.dll
2009-02-18 06:39 5,943 a------- c:\windows\system32\afbvtfdd.dll
2009-02-18 06:36 5,944 a------- c:\windows\system32\vmgsigxl.dll
2009-02-17 18:36 5,944 a------- c:\windows\system32\mxwutbwc.dll
2009-02-17 18:33 5,943 a------- c:\windows\system32\vmlewckf.dll
2009-02-17 05:30 5,943 a------- c:\windows\system32\evjbwbrh.dll
2009-02-17 04:48 5,944 a------- c:\windows\system32\xkyujkku.dll
2009-02-17 03:48 6,220 a------- c:\windows\system32\nnnoLeBq.dll
2009-02-17 02:47 6,220 a------- c:\windows\system32\vtUnopNd.dll
2009-02-17 01:46 6,220 a------- c:\windows\system32\nnnoPGXp.dll
2009-02-17 00:45 6,220 a------- c:\windows\system32\ssqNDUOG.dll
2009-02-16 23:45 6,220 a------- c:\windows\system32\cbXQjhef.dll
2009-02-16 22:44 6,220 a------- c:\windows\system32\tuvTkhfF.dll
2009-02-16 21:44 6,220 a------- c:\windows\system32\xxyyxxxW.dll
2009-02-16 20:43 6,220 a------- c:\windows\system32\cbXqOgfc.dll
2009-02-16 19:43 6,220 a------- c:\windows\system32\pmnLEXrs.dll
2009-02-16 18:43 6,220 a------- c:\windows\system32\nnnoOiHA.dll
2009-02-16 06:41 6,220 a------- c:\windows\system32\geBuUnop.dll
2009-02-15 14:04 6,220 a------- c:\windows\system32\opnmMeBq.dll
2009-02-15 13:03 6,220 a------- c:\windows\system32\iifcBuVN.dll
2009-02-15 12:03 6,220 a------- c:\windows\system32\ljJDVlJa.dll
2009-02-15 11:02 6,220 a------- c:\windows\system32\efcCvWMf.dll
2009-02-15 10:02 6,220 a------- c:\windows\system32\opnlJdaY.dll
2009-02-15 09:01 6,220 a------- c:\windows\system32\yayyVooO.dll
2009-02-15 08:01 6,220 a------- c:\windows\system32\rqRJcdDS.dll
2009-02-15 07:01 6,220 a------- c:\windows\system32\jkkHYqqq.dll
2009-02-15 06:00 6,220 a------- c:\windows\system32\ljJAQJCt.dll
2009-02-15 04:59 6,220 a------- c:\windows\system32\pmnnLFvW.dll
2009-02-15 03:59 6,220 a------- c:\windows\system32\rqRKAQGV.dll
2009-02-15 02:58 6,220 a------- c:\windows\system32\tuvUOHxx.dll
2009-02-15 01:57 6,220 a------- c:\windows\system32\nnnmkICS.dll
2009-02-15 00:57 6,220 a------- c:\windows\system32\yayVppQH.dll
2009-02-14 23:56 6,220 a------- c:\windows\system32\efcdCttu.dll
2009-02-14 22:55 6,220 a------- c:\windows\system32\xxyayVMd.dll
2009-02-14 21:55 6,220 a------- c:\windows\system32\ddcCssRI.dll
2009-02-14 20:55 6,220 a------- c:\windows\system32\tuvSiJdC.dll
2009-02-14 20:50 5,888 a------- c:\windows\system32\opnkhggH.dll
2009-01-07 06:47 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-19 23:36 13,033 ac--h--- c:\docume~1\alluse~1\applic~1\nyqawi.pif
2008-10-19 23:36 11,070 ac--h--- c:\docume~1\alluse~1\applic~1\vanupumy.pif
2008-10-19 23:36 10,532 ac--h--- c:\program files\common files\pogoxove.reg
2008-10-19 23:36 18,503 ac------ c:\docume~1\bryanl~1\applic~1\levijihe.bat
2008-10-19 23:36 11,672 ac------ c:\docume~1\bryanl~1\applic~1\egedemade.dll
2007-02-12 19:10 2,682,880 -c--h--- c:\documents and settings\all users\VCREDI~3.EXE

============= FINISH: 19:17:20.64 ===============

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 26 March 2009 - 01:23 PM

Hi matrixred123,

You're welcome for the help. :)

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent and Limewire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

----------------------------------------------

The Ask toolbar is also not recommended at Bleeping Computer so I suggest that you Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick (or right-click, if you are using Vista) the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Ask Toolbar

Additional instructions can be found here if needed.

-------------------------------------------------------------------

Reg clean is a registry cleaner. These are not recommended either.
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

------------------------------------------------------------------

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Go to Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\SYSTEM32\DRIVERS\c33955.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at VirusTotal


Next...

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it: Make sure you get all of it, it's scrollable.

File::c:\windows\unisumocare.dllc:\windows\SYSTEM32\qjeihdxx.dllc:\windows\SYSTEM32\juomkwgo.dllc:\windows\SYSTEM32\swnxukgo.dllc:\windows\SYSTEM32\hftkevap.dllc:\windows\SYSTEM32\pjciivwn.dllc:\windows\SYSTEM32\kdwqbxxp.dllc:\windows\SYSTEM32\mvbglpjr.dllc:\windows\SYSTEM32\tlbgeaht.dllc:\windows\SYSTEM32\kqogsbmb.dllc:\windows\SYSTEM32\nubjmjsn.dllc:\windows\SYSTEM32\pernpakt.dllc:\windows\SYSTEM32\pwfjwfvp.dllc:\windows\SYSTEM32\dhrlbxhg.dllc:\windows\SYSTEM32\mnendopg.dllc:\windows\SYSTEM32\iybfywqd.dllc:\windows\SYSTEM32\uaointuy.dllc:\windows\SYSTEM32\jdsbvuuf.dllc:\windows\SYSTEM32\wvjtjaqi.dllc:\windows\SYSTEM32\orourfrj.dllc:\windows\SYSTEM32\vsnimfrd.dllc:\windows\SYSTEM32\vmmtcdtr.dllc:\windows\SYSTEM32\xdvxojhl.dllc:\windows\SYSTEM32\ucudaaor.dllc:\windows\SYSTEM32\veanhedc.dllc:\windows\SYSTEM32\ygmnkeld.dllc:\windows\SYSTEM32\hqgiylef.dllc:\windows\SYSTEM32\ndajoftr.dllc:\windows\SYSTEM32\tdevcxqk.dllc:\windows\SYSTEM32\tvtliyos.dllc:\windows\SYSTEM32\wogpnmny.dllc:\windows\SYSTEM32\fdtwfwpy.dllc:\windows\SYSTEM32\dxmhwxaj.dllc:\windows\SYSTEM32\oephivqq.dllc:\windows\SYSTEM32\pvuderph.dllc:\windows\SYSTEM32\eoxwqjmj.dllc:\windows\SYSTEM32\xbktkdgs.dllc:\windows\SYSTEM32\tmprdgvy.dllc:\windows\SYSTEM32\owdatfjn.dllc:\windows\SYSTEM32\myspplxd.dllc:\windows\SYSTEM32\gyiujvly.dllc:\windows\SYSTEM32\vmvrqgnc.dllc:\windows\SYSTEM32\smrfiikr.dllc:\windows\SYSTEM32\rlfdnmlo.dllc:\windows\SYSTEM32\optdjijg.dllc:\windows\SYSTEM32\dltsagcm.dllc:\windows\SYSTEM32\ojcikpca.dllc:\windows\SYSTEM32\bcaqdrko.dllc:\windows\SYSTEM32\mrpcpkla.dllc:\windows\SYSTEM32\leiirkmj.dllc:\windows\SYSTEM32\ngarvhok.dllc:\windows\SYSTEM32\oxvtjckv.dllc:\windows\SYSTEM32\yewnpgap.dllc:\windows\SYSTEM32\ndmsrwkg.dllc:\windows\SYSTEM32\kohxdcim.dllc:\windows\SYSTEM32\yvadtkjp.dllc:\windows\SYSTEM32\mtlupylt.dllc:\windows\SYSTEM32\jmqjeyaf.dllc:\windows\SYSTEM32\sqnidycl.dllc:\windows\SYSTEM32\cxorccol.dllc:\windows\SYSTEM32\ndbpsvdh.dllc:\windows\SYSTEM32\nmordkax.dllc:\windows\SYSTEM32\absraxce.dllc:\windows\SYSTEM32\ghuiiksf.dllc:\windows\SYSTEM32\vohycbhi.dllc:\windows\SYSTEM32\ioyctwub.dllc:\windows\SYSTEM32\jikunhtm.dllc:\windows\SYSTEM32\xrhpxjol.dllc:\windows\SYSTEM32\gxiypeen.dllc:\windows\SYSTEM32\wbxbmwpn.dllc:\windows\SYSTEM32\ekvpqbhi.dllc:\windows\SYSTEM32\oijwvcsq.dllc:\windows\SYSTEM32\afbvtfdd.dllc:\windows\SYSTEM32\vmgsigxl.dllc:\windows\SYSTEM32\mxwutbwc.dllc:\windows\SYSTEM32\vmlewckf.dllc:\windows\SYSTEM32\evjbwbrh.dllc:\windows\SYSTEM32\xkyujkku.dllc:\windows\SYSTEM32\nnnoLeBq.dllc:\windows\SYSTEM32\vtUnopNd.dllc:\windows\SYSTEM32\nnnoPGXp.dllc:\windows\SYSTEM32\ssqNDUOG.dllc:\windows\SYSTEM32\cbXQjhef.dllc:\windows\SYSTEM32\tuvTkhfF.dllc:\windows\SYSTEM32\xxyyxxxW.dllc:\windows\SYSTEM32\cbXqOgfc.dllc:\windows\SYSTEM32\pmnLEXrs.dllc:\windows\SYSTEM32\nnnoOiHA.dllc:\windows\SYSTEM32\geBuUnop.dllc:\windows\SYSTEM32\opnmMeBq.dllc:\windows\SYSTEM32\iifcBuVN.dllc:\windows\SYSTEM32\ljJDVlJa.dllc:\windows\SYSTEM32\efcCvWMf.dllc:\windows\SYSTEM32\opnlJdaY.dllc:\windows\SYSTEM32\yayyVooO.dllc:\windows\SYSTEM32\rqRJcdDS.dllc:\windows\SYSTEM32\jkkHYqqq.dllc:\windows\SYSTEM32\ljJAQJCt.dllc:\windows\SYSTEM32\pmnnLFvW.dllc:\windows\SYSTEM32\rqRKAQGV.dllc:\windows\SYSTEM32\tuvUOHxx.dllc:\windows\SYSTEM32\nnnmkICS.dllc:\windows\SYSTEM32\yayVppQH.dllc:\windows\SYSTEM32\efcdCttu.dllc:\windows\SYSTEM32\xxyayVMd.dllc:\windows\SYSTEM32\ddcCssRI.dllc:\windows\SYSTEM32\tuvSiJdC.dllc:\windows\SYSTEM32\opnkhggH.dllc:\program files\Common Files\pogoxove.regRegistry::[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"qzubonaduqiruh"=-Driver::musbehcoEjupwoYvkz

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please also run DDS again and provide both logs. Remember the Jotti scan results as well.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 29 March 2009 - 12:31 AM

Hi,

I have not had a reply from you for 2 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#12 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 31 March 2009 - 12:51 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users