Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"Access Denied " message

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: "Access Denied " message

Unread postby NoSound » May 26th, 2009, 1:04 am

Hi askey127:

I didn't do anything with the HOSTS file. I guess it's running ok. I don't see the same services as in the services.msc

Here's the log file:

Malwarebytes' Anti-Malware 1.36
Database version: 2179
Windows 5.1.2600 Service Pack 2

5/26/2009 12:57:02 AM
mbam-log-2009-05-26 (00-57-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 162503
Time elapsed: 1 hour(s), 41 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yijazowi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Twain.dll (Trojan.Agent) -> Quarantined and deleted successfully.
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm
Advertisement
Register to Remove

Re: "Access Denied " message

Unread postby askey127 » May 26th, 2009, 6:47 am

NoSound,
Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Do not panic if your antivirus software warns you about the file.
Please disable your TrendMicro Security just BEFORE running ComboFix!!
Usually you can right click the icon in the system tray and exit or turn it off.

  • Download ComboFix from here and save it to your desktop
  • Now start ComboFix
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it.
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts. When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • Do not touch the computer AT ALL while ComboFix is running!
  • When finished, the report will open. Reenable your TrendMicro software and post the log in your next reply
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 26th, 2009, 6:57 pm

Hi askey127:

Here's the log

ComboFix 09-05-26.02 - Owner 05/26/2009 18:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.168 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycled\Recycled
c:\windows\system32\acxjbwev.ini
c:\windows\system32\ahusokom.ini
c:\windows\system32\anbelrbm.ini
c:\windows\system32\biyhxugw.ini
c:\windows\system32\bjxqhqkh.ini
c:\windows\system32\bqtkwcyc.ini
c:\windows\system32\bsbioncd.ini
c:\windows\system32\bxlwntbw.ini
c:\windows\system32\clubuygp.ini
c:\windows\system32\cpjgtgul.ini
c:\windows\system32\cptbueht.ini
c:\windows\system32\ctibyttj.ini
c:\windows\system32\cxwfxpwk.ini
c:\windows\system32\cyjmbnpu.ini
c:\windows\system32\dfhkj.ini
c:\windows\system32\dfhkj.ini2
c:\windows\system32\djsrlmqc.ini
c:\windows\system32\djxunivo.ini
c:\windows\system32\dlaanuur.ini
c:\windows\system32\egahegar.ini
c:\windows\system32\egcofaro.ini
c:\windows\system32\fbulapkj.ini
c:\windows\system32\fmtyghtu.ini
c:\windows\system32\fsvctgxt.ini
c:\windows\system32\ftftdbeh.ini
c:\windows\system32\fwyebhhq.ini
c:\windows\system32\fymlosyk.ini
c:\windows\system32\gdlknubf.ini
c:\windows\system32\glorplrn.ini
c:\windows\system32\hbdwvtgw.ini
c:\windows\system32\hbleqnid.ini
c:\windows\system32\hldjvexg.ini
c:\windows\system32\hyklmaco.ini
c:\windows\system32\idejuroj.ini
c:\windows\system32\idmhroht.ini
c:\windows\system32\ikagivul.ini
c:\windows\system32\imahivez.ini
c:\windows\system32\imifipop.ini
c:\windows\system32\iribjwtx.ini
c:\windows\system32\irlxqiwr.ini
c:\windows\system32\isswmjru.ini
c:\windows\system32\jdklmrqh.ini
c:\windows\system32\jihffsec.ini
c:\windows\system32\jjkikagp.ini
c:\windows\system32\jkwrntyr.ini
c:\windows\system32\jmmkqywe.ini
c:\windows\system32\jmotocka.ini
c:\windows\system32\joxlnfit.ini
c:\windows\system32\jqplgnxr.ini
c:\windows\system32\jvnkyead.ini
c:\windows\system32\jyxuaieq.ini
c:\windows\system32\keolysly.ini
c:\windows\system32\kmpjvbxq.ini
c:\windows\system32\knibvbsl.ini
c:\windows\system32\kykacohr.ini
c:\windows\system32\lcuxvokr.ini
c:\windows\system32\lmxayaoh.ini
c:\windows\system32\maqnkrcy.ini
c:\windows\system32\mivltiif.ini
c:\windows\system32\mwqgovny.ini
c:\windows\system32\nvcknmnj.ini
c:\windows\system32\nwapfgoo.ini
c:\windows\system32\obnueoqk.ini
c:\windows\system32\oeaudebu.ini
c:\windows\system32\ogiyajem.ini
c:\windows\system32\onhglcvo.ini
c:\windows\system32\ouwjyijo.ini
c:\windows\system32\ozakokur.ini
c:\windows\system32\pnbqlxdu.ini
c:\windows\system32\polmtlsy.ini
c:\windows\system32\qkulwwob.ini
c:\windows\system32\rcbyghlt.ini
c:\windows\system32\rcclcmgc.ini
c:\windows\system32\rcjttvle.ini
c:\windows\system32\rmsbccqn.ini
c:\windows\system32\sarsuwoj.ini
c:\windows\system32\scabacer.ini
c:\windows\system32\sicsvnwo.ini
c:\windows\system32\sqsweaub.ini
c:\windows\system32\susopaya.dll
c:\windows\system32\syrlkvge.ini
c:\windows\system32\tdlwxdtw.ini
c:\windows\system32\tedugjit.ini
c:\windows\system32\tmp.exe
c:\windows\system32\tqheusay.ini
c:\windows\system32\tutjomol.ini
c:\windows\system32\uaupwrnk.ini
c:\windows\system32\ubxcpoyd.ini
c:\windows\system32\uepepcum.ini
c:\windows\system32\ufmmsjvn.ini
c:\windows\system32\uwqebpbo.ini
c:\windows\system32\vbssvysi.ini
c:\windows\system32\vrsddeku.ini
c:\windows\system32\vyxgebwe.ini
c:\windows\system32\wswglcag.ini
c:\windows\system32\xhitpoxt.ini
c:\windows\system32\xxaghewv.ini
c:\windows\system32\yaqhhdrp.ini
c:\windows\system32\yoskyvjp.ini
c:\windows\system32\yyscyqnh.ini
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-26 20:46 . 2009-05-26 20:46 -------- d-----w c:\program files\Viewpoint
2009-05-26 20:45 . 2009-05-26 20:48 -------- d-----w c:\program files\AIM6
2009-05-25 04:17 . 2009-05-25 04:17 -------- d-----w c:\documents and settings\Owner\Application Data\WinPatrol
2009-05-25 04:17 . 2009-05-25 04:17 -------- d-----w c:\docume~1\Owner\APPLIC~1\WinPatrol
2009-05-25 04:16 . 2009-05-25 04:16 -------- d-----w c:\program files\BillP Studios
2009-05-25 03:58 . 2009-05-25 03:58 -------- d-----w c:\program files\Bluetack
2009-05-22 04:54 . 2009-05-22 04:54 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-21 02:15 . 2009-05-21 02:15 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-21 02:15 . 2009-05-21 02:15 -------- d-----w c:\docume~1\Owner\APPLIC~1\Malwarebytes
2009-05-21 02:14 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-21 02:14 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 02:14 . 2009-05-21 02:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-21 02:14 . 2009-05-21 02:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-21 01:44 . 2009-05-21 01:44 -------- d-----w c:\program files\CCleaner
2009-05-18 03:04 . 2004-08-04 03:10 38912 -c--a-w c:\windows\system32\dllcache\avc.sys
2009-05-17 23:42 . 2009-05-17 23:42 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-17 23:40 . 2009-05-17 23:40 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2009-05-05 04:48 . 2004-08-04 04:56 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-05 04:48 . 2001-08-18 02:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-05 04:48 . 2001-08-18 02:36 17408 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-05-05 04:48 . 2001-08-18 02:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-05-05 04:48 . 2001-08-18 02:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-05-05 04:48 . 2001-08-18 02:37 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe
2009-05-05 04:47 . 2001-08-17 16:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys
2009-05-05 04:47 . 2004-08-04 02:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-05-05 04:47 . 2004-08-04 03:10 19328 -c--a-w c:\windows\system32\dllcache\wstcodec.sys
2009-05-05 04:47 . 2004-08-04 02:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys
2009-05-05 04:47 . 2004-08-04 04:56 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-05-05 04:47 . 2004-08-04 03:07 8832 -c--a-w c:\windows\system32\dllcache\wmiacpi.sys
2009-05-05 04:47 . 2004-08-04 02:31 154624 -c--a-w c:\windows\system32\dllcache\wlluc48.sys
2009-05-05 04:47 . 2001-08-17 16:12 34890 -c--a-w c:\windows\system32\dllcache\wlandrv2.sys
2009-05-05 04:47 . 2001-08-17 17:28 771581 -c--a-w c:\windows\system32\dllcache\winacisa.sys
2009-05-05 04:47 . 2001-08-18 02:36 53760 -c--a-w c:\windows\system32\dllcache\wiamsmud.dll
2009-05-05 04:45 . 2001-08-17 17:28 397502 -c--a-w c:\windows\system32\dllcache\vpctcom.sys
2009-05-05 04:45 . 2001-08-17 17:28 604253 -c--a-w c:\windows\system32\dllcache\vmodem.sys
2009-05-05 04:45 . 2001-08-17 16:14 249402 -c--a-w c:\windows\system32\dllcache\vinwm.sys
2009-05-05 04:45 . 2001-08-17 17:49 24576 -c--a-w c:\windows\system32\dllcache\viairda.sys
2009-05-05 04:45 . 2004-08-04 04:56 53760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-05 04:45 . 2004-08-04 04:56 11325 -c--a-w c:\windows\system32\dllcache\vchnt5.dll
2009-05-05 04:45 . 2001-08-17 17:28 687999 -c--a-w c:\windows\system32\dllcache\usrwdxjs.sys
2009-05-05 04:45 . 2001-08-17 17:28 765884 -c--a-w c:\windows\system32\dllcache\usrti.sys
2009-05-05 04:45 . 2001-08-17 17:28 113762 -c--a-w c:\windows\system32\dllcache\usrpda.sys
2009-05-05 04:45 . 2001-08-17 17:28 7556 -c--a-w c:\windows\system32\dllcache\usroslba.sys
2009-05-05 04:45 . 2001-08-17 17:28 224802 -c--a-w c:\windows\system32\dllcache\usr1807a.sys
2009-05-05 04:45 . 2001-08-17 17:28 794399 -c--a-w c:\windows\system32\dllcache\usr1806v.sys
2009-05-05 04:45 . 2001-08-17 17:28 793598 -c--a-w c:\windows\system32\dllcache\usr1806.sys
2009-05-05 04:43 . 2001-08-17 17:48 11520 -c--a-w c:\windows\system32\dllcache\twotrack.sys
2009-05-05 04:42 . 2001-08-17 16:14 123995 -c--a-w c:\windows\system32\dllcache\tjisdn.sys
2009-05-05 04:42 . 2001-08-17 16:51 138528 -c--a-w c:\windows\system32\dllcache\tgiulnt5.sys
2009-05-05 04:42 . 2001-08-17 18:56 81408 -c--a-w c:\windows\system32\dllcache\tgiul50.dll
2009-05-05 04:42 . 2004-08-04 03:00 149376 -c--a-w c:\windows\system32\dllcache\tffsport.sys
2009-05-05 04:42 . 2001-08-17 16:13 17129 -c--a-w c:\windows\system32\dllcache\tdkcd31.sys
2009-05-05 04:42 . 2001-08-17 16:13 37961 -c--a-w c:\windows\system32\dllcache\tdk100b.sys
2009-05-05 04:42 . 2001-08-17 17:49 30464 -c--a-w c:\windows\system32\dllcache\tbatm155.sys
2009-05-05 04:42 . 2001-08-17 17:52 7040 -c--a-w c:\windows\system32\dllcache\tandqic.sys
2009-05-05 04:42 . 2001-08-17 16:50 36640 -c--a-w c:\windows\system32\dllcache\t2r4mini.sys
2009-05-05 04:42 . 2001-08-17 18:56 172768 -c--a-w c:\windows\system32\dllcache\t2r4disp.dll
2009-05-05 04:42 . 2001-08-18 02:36 94293 -c--a-w c:\windows\system32\dllcache\sxports.dll
2009-05-05 04:42 . 2001-08-17 17:50 103936 -c--a-w c:\windows\system32\dllcache\sx.sys
2009-05-05 04:40 . 2001-08-18 02:36 106584 -c--a-w c:\windows\system32\dllcache\spdports.dll
2009-05-05 04:39 . 2004-08-04 03:07 6912 -c--a-w c:\windows\system32\dllcache\smbclass.sys
2009-05-05 04:38 . 2001-08-17 16:50 68608 -c--a-w c:\windows\system32\dllcache\sis6306p.sys
2009-05-05 04:37 . 2001-08-17 17:51 17280 -c--a-w c:\windows\system32\dllcache\scr111.sys
2009-05-05 04:36 . 2001-08-17 16:50 41216 -c--a-w c:\windows\system32\dllcache\s3mt3d.sys
2009-05-05 04:35 . 2004-08-04 03:10 59648 -c--a-w c:\windows\system32\dllcache\rfcomm.sys
2009-05-05 04:35 . 2001-08-18 02:36 86097 -c--a-w c:\windows\system32\dllcache\reslog32.dll
2009-05-05 04:35 . 2004-08-04 02:41 13776 -c--a-w c:\windows\system32\dllcache\recagent.sys
2009-05-05 04:35 . 2001-08-17 17:51 19584 -c--a-w c:\windows\system32\dllcache\rasirda.sys
2009-05-05 04:35 . 2001-08-17 17:28 714762 -c--a-w c:\windows\system32\dllcache\r2mdmkxx.sys
2009-05-05 04:35 . 2001-08-17 17:28 899146 -c--a-w c:\windows\system32\dllcache\r2mdkxga.sys
2009-05-05 04:35 . 2001-08-18 02:36 41472 -c--a-w c:\windows\system32\dllcache\qvusd.dll
2009-05-05 04:35 . 2001-08-17 17:53 3328 -c--a-w c:\windows\system32\dllcache\qv2kux.sys
2009-05-05 04:35 . 2004-08-04 03:00 6016 -c--a-w c:\windows\system32\dllcache\qic157.sys
2009-05-05 04:35 . 2001-08-17 17:28 130942 -c--a-w c:\windows\system32\dllcache\ptserlv.sys
2009-05-05 04:35 . 2001-08-17 17:28 112574 -c--a-w c:\windows\system32\dllcache\ptserlp.sys
2009-05-05 04:35 . 2001-08-17 17:28 128286 -c--a-w c:\windows\system32\dllcache\ptserli.sys
2009-05-05 04:35 . 2004-08-04 04:56 159232 -c--a-w c:\windows\system32\dllcache\ptpusd.dll
2009-05-05 04:33 . 2001-08-18 02:36 86016 -c--a-w c:\windows\system32\dllcache\pctspk.exe
2009-05-05 04:32 . 2001-08-17 18:05 25088 -c--a-w c:\windows\system32\dllcache\ovca.sys
2009-05-05 04:32 . 2001-08-17 17:28 54186 -c--a-w c:\windows\system32\dllcache\otcsercb.sys
2009-05-05 04:32 . 2001-08-17 16:12 43689 -c--a-w c:\windows\system32\dllcache\otceth5.sys
2009-05-05 04:32 . 2001-08-17 16:12 27209 -c--a-w c:\windows\system32\dllcache\otc06x5.sys
2009-05-05 04:32 . 2001-08-17 16:20 54528 -c--a-w c:\windows\system32\dllcache\opl3sax.sys
2009-05-05 04:32 . 2004-08-04 03:10 61056 -c--a-w c:\windows\system32\dllcache\ohci1394.sys
2009-05-05 04:32 . 2001-08-17 16:50 198144 -c--a-w c:\windows\system32\dllcache\nv3.sys
2009-05-05 04:32 . 2001-08-18 02:36 123776 -c--a-w c:\windows\system32\dllcache\nv3.dll
2009-05-05 04:32 . 2004-08-04 02:41 180360 -c--a-w c:\windows\system32\dllcache\ntmtlfax.sys
2009-05-05 04:32 . 2001-08-17 16:49 51552 -c--a-w c:\windows\system32\dllcache\ntgrip.sys
2009-05-05 04:32 . 2001-08-17 17:47 9344 -c--a-w c:\windows\system32\dllcache\ntapm.sys
2009-05-05 04:30 . 2001-08-17 18:56 35392 -c--a-w c:\windows\system32\dllcache\n9i128.dll
2009-05-05 04:29 . 2004-08-04 03:00 22016 -c--a-w c:\windows\system32\dllcache\msircomm.sys
2009-05-05 04:29 . 2001-08-17 18:02 35200 -c--a-w c:\windows\system32\dllcache\msgame.sys
2009-05-05 04:29 . 2001-08-17 17:48 6016 -c--a-w c:\windows\system32\dllcache\msfsio.sys
2009-05-05 04:29 . 2004-08-04 03:10 51328 -c--a-w c:\windows\system32\dllcache\msdv.sys
2009-05-05 04:29 . 2004-08-04 03:10 15360 -c--a-w c:\windows\system32\dllcache\mpe.sys
2009-05-05 04:29 . 2001-08-17 17:48 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-05-05 04:29 . 2001-08-17 17:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys
2009-05-05 04:29 . 2001-08-17 17:52 6528 -c--a-w c:\windows\system32\dllcache\miniqic.sys
2009-05-05 04:29 . 2001-08-17 16:50 320384 -c--a-w c:\windows\system32\dllcache\mgaum.sys
2009-05-05 04:29 . 2001-08-17 18:56 235648 -c--a-w c:\windows\system32\dllcache\mgaud.dll
2009-05-05 04:29 . 2004-08-04 03:00 26112 -c--a-w c:\windows\system32\dllcache\memstpci.sys
2009-05-05 04:27 . 2001-08-17 16:12 20573 -c--a-w c:\windows\system32\dllcache\lne100.sys
2009-05-05 04:27 . 2001-08-17 16:11 25065 -c--a-w c:\windows\system32\dllcache\lmndis3.sys
2009-05-05 04:27 . 2001-08-17 17:51 15744 -c--a-w c:\windows\system32\dllcache\lit220p.sys
2009-05-05 04:27 . 2004-08-04 02:59 34688 -c--a-w c:\windows\system32\dllcache\lbrtfdc.sys
2009-05-05 04:27 . 2001-08-17 16:12 26442 -c--a-w c:\windows\system32\dllcache\lanepic5.sys
2009-05-05 04:27 . 2001-08-17 16:12 19016 -c--a-w c:\windows\system32\dllcache\ktc111.sys
2009-05-05 04:27 . 2001-08-18 02:36 37376 -c--a-w c:\windows\system32\dllcache\kousd.dll
2009-05-05 04:27 . 2001-08-18 02:36 242176 -c--a-w c:\windows\system32\dllcache\kdsusd.dll
2009-05-05 04:27 . 2001-08-18 02:36 45568 -c--a-w c:\windows\system32\dllcache\kdsui.dll
2009-05-05 04:27 . 2004-08-04 02:58 14848 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-05-05 04:26 . 2001-08-17 17:49 26624 -c--a-w c:\windows\system32\dllcache\irstusb.sys
2009-05-05 04:26 . 2001-08-17 17:51 18688 -c--a-w c:\windows\system32\dllcache\irsir.sys
2009-05-05 04:26 . 2004-08-04 04:56 27136 -c--a-w c:\windows\system32\dllcache\irmon.dll
2009-05-05 04:26 . 2004-08-04 04:56 152576 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-05-05 04:26 . 2001-08-17 17:49 23552 -c--a-w c:\windows\system32\dllcache\irmk7.sys
2009-05-05 04:26 . 2004-08-04 03:00 87424 -c--a-w c:\windows\system32\dllcache\irda.sys
2009-05-05 04:26 . 2001-08-17 16:12 45632 -c--a-w c:\windows\system32\dllcache\ip5515.sys
2009-05-05 04:26 . 2001-08-18 02:36 90200 -c--a-w c:\windows\system32\dllcache\io8ports.dll
2009-05-05 04:26 . 2001-08-17 17:50 38784 -c--a-w c:\windows\system32\dllcache\io8.sys
2009-05-05 04:26 . 2001-08-17 17:47 13056 -c--a-w c:\windows\system32\dllcache\inport.sys
2009-05-05 04:24 . 2004-08-04 02:41 1041536 -c--a-w c:\windows\system32\dllcache\hsfdpsp2.sys
2009-05-05 04:23 . 2001-08-18 02:36 324608 -c--a-w c:\windows\system32\dllcache\hpojwia.dll
2009-05-05 04:22 . 2001-08-17 17:51 17408 -c--a-w c:\windows\system32\dllcache\gpr400.sys
2009-05-05 04:21 . 2001-08-17 16:13 27165 -c--a-w c:\windows\system32\dllcache\fetnd5.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 20:46 . 2006-02-01 09:32 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-26 20:45 . 2006-02-01 09:31 -------- d-----w c:\program files\Common Files\AOL
2009-05-26 02:32 . 2008-07-13 18:32 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-22 04:54 . 2006-02-01 09:26 -------- d-----w c:\program files\Java
2009-05-22 04:28 . 2006-02-01 09:29 -------- d-----w c:\program files\Common Files\Adobe
2009-05-20 21:43 . 2009-04-05 02:24 0 ----a-w c:\windows\Fzubaneyafisequ.bin
2009-05-17 23:43 . 2006-02-01 09:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-17 22:20 . 2008-03-15 23:54 16384 ----a-w c:\windows\DCEBoot.exe
2009-05-17 05:32 . 2008-01-22 00:17 -------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-05-17 05:32 . 2008-01-22 00:17 -------- d-----w c:\docume~1\Owner\APPLIC~1\LimeWire
2009-05-03 23:24 . 2009-04-22 14:17 7 ----a-w c:\windows\system32\nar.bin
2009-05-03 21:52 . 2006-04-23 15:31 -------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-05-03 21:51 . 2006-04-23 15:30 -------- d-----w c:\program files\Kodak
2009-04-23 18:59 . 2009-04-05 02:24 300 ----a-w c:\windows\Rgizakihe.dat
2009-04-22 13:19 . 2008-09-27 21:59 192512 ----a-w c:\windows\system32\kdfvmgr.exe
2009-04-22 13:19 . 2008-09-27 21:59 77824 ----a-w c:\windows\system32\kdfapi.dll
2009-04-22 13:19 . 2008-09-27 21:59 53248 ----a-w c:\windows\system32\Kdfhok.dll
2009-04-22 13:17 . 2008-09-27 21:59 722472 ----a-w c:\windows\system32\kdfmgr.exe
2009-04-19 07:14 . 2006-02-01 09:21 -------- d-----w c:\program files\CyberLink
2009-04-19 07:11 . 2006-02-01 09:31 -------- d-----w c:\program files\BigFix
2009-04-19 04:02 . 2009-04-19 04:01 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-19 04:02 . 2009-04-19 04:01 -------- d-----w c:\program files\iTunes
2009-04-19 04:01 . 2009-04-19 04:01 -------- d-----w c:\program files\iPod
2009-04-19 04:00 . 2009-04-19 04:00 -------- d-----w c:\program files\Bonjour
2009-04-19 04:00 . 2009-04-19 03:59 -------- d-----w c:\program files\QuickTime
2009-04-19 03:58 . 2009-04-19 03:58 -------- d-----w c:\program files\Apple Software Update
2009-04-13 22:55 . 2006-04-12 00:18 -------- d-----w c:\documents and settings\Owner\Application Data\Canon
2009-04-13 22:55 . 2006-04-12 00:18 -------- d-----w c:\docume~1\Owner\APPLIC~1\Canon
2009-04-13 22:54 . 2009-04-13 22:54 -------- d--h--w c:\program files\CanonBJ
2009-04-05 01:49 . 2009-04-05 01:49 -------- d-----w c:\documents and settings\Owner\Application Data\MSNInstaller
2009-04-05 01:49 . 2009-04-05 01:49 -------- d-----w c:\docume~1\Owner\APPLIC~1\MSNInstaller
2009-04-04 03:44 . 2009-03-28 19:37 0 ----a-w c:\windows\system32\drivers\da13ac3e.sys
2009-04-02 20:00 . 2008-09-27 19:02 52752 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-04-02 20:00 . 2008-09-27 19:02 52624 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 20:00 . 2008-09-27 19:02 142864 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-03-27 03:10 . 1601-01-01 00:12 61440 --sha-w c:\windows\system32\bajukeko.exe
2009-03-19 20:32 . 2009-04-19 04:02 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 18:18 . 2009-04-19 06:55 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 18:18 . 2009-04-19 06:55 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 18:18 . 2009-04-19 06:55 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 18:18 . 2009-04-19 06:55 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 19:27 . 2009-04-19 06:55 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 19:27 . 2009-04-19 06:55 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-09 19:27 . 2009-04-19 06:55 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-08 18:22 . 2009-03-08 18:22 1241088 ----a-w c:\windows\system32\SETC9.tmp
2009-03-08 18:21 . 2009-03-08 18:21 2771706 ------w c:\windows\inf\SETA4.tmp
2009-03-08 18:21 . 2009-03-08 18:21 2771706 ------w c:\windows\inf\SET50.tmp
2009-03-08 18:21 . 2009-03-08 18:21 13460 ------w c:\windows\inf\IEM\0409\SETA5.tmp
2009-03-08 18:21 . 2009-03-08 18:21 13460 ------w c:\windows\inf\IEM\0409\SET51.tmp
2009-03-08 18:21 . 2009-03-08 18:21 10240 ------w c:\windows\system32\SETB8.tmp
2009-03-08 18:09 . 2009-03-08 18:09 391536 ----a-w c:\windows\system32\SETC6.tmp
2009-03-08 08:41 . 2009-03-08 08:41 5937152 ----a-w c:\windows\system32\SETDB.tmp
2009-03-08 08:39 . 2009-03-08 08:39 11063808 ----a-w c:\windows\system32\SETC8.tmp
2009-03-08 08:35 . 2009-03-08 08:35 385024 ----a-w c:\windows\system32\SETBC.tmp
2009-03-08 08:34 . 2009-03-08 08:34 914944 ----a-w c:\windows\system32\SETEB.tmp
2009-03-08 08:34 . 2009-03-08 08:34 1206784 ----a-w c:\windows\system32\SETE7.tmp
2009-03-08 08:34 . 2009-03-08 08:34 1469440 ----a-w c:\windows\system32\SETD1.tmp
2009-03-08 08:34 . 2009-03-08 08:34 236544 ----a-w c:\windows\system32\SETE9.tmp
2009-03-08 08:34 . 2009-03-08 08:34 208384 ------w c:\windows\system32\SETEA.tmp
2009-03-08 08:34 . 2009-03-08 08:34 43008 ----a-w c:\windows\system32\SETD5.tmp
2009-03-08 08:34 . 2009-03-08 08:34 105984 ----a-w c:\windows\system32\SETE6.tmp
2009-03-08 08:34 . 2009-03-08 08:34 193536 ----a-w c:\windows\system32\SETE0.tmp
2009-03-08 08:34 . 2009-03-08 08:34 109568 ----a-w c:\windows\system32\SETE3.tmp
2009-03-08 08:33 . 2009-03-08 08:33 18944 ----a-w c:\windows\system32\SETB9.tmp
2009-03-08 08:33 . 2009-03-08 08:33 25600 ----a-w c:\windows\system32\SETD4.tmp
2009-03-08 08:33 . 2009-03-08 08:33 726528 ----a-w c:\windows\system32\SETD3.tmp
2009-03-08 08:33 . 2009-03-08 08:33 229376 ----a-w c:\windows\system32\SETC2.tmp
2009-03-08 08:33 . 2009-03-08 08:33 420352 ----a-w c:\windows\system32\SETE8.tmp
2009-03-08 08:33 . 2009-03-08 08:33 125952 ----a-w c:\windows\system32\SETC1.tmp
2009-03-08 08:32 . 2009-03-08 08:32 72704 ----a-w c:\windows\system32\SETB6.tmp
2009-03-08 08:32 . 2009-03-08 08:32 173056 ----a-w c:\windows\system32\SETBE.tmp
2009-03-08 08:32 . 2009-03-08 08:32 163840 ----a-w c:\windows\system32\SETC3.tmp
2009-03-08 08:32 . 2009-03-08 08:32 71680 ----a-w c:\windows\system32\SETCD.tmp
2009-03-08 08:32 . 2009-03-08 08:32 55808 ----a-w c:\windows\system32\SETCB.tmp
2009-03-08 08:32 . 2009-03-08 08:32 128512 ----a-w c:\windows\system32\SETB7.tmp
2009-03-08 08:32 . 2009-03-08 08:32 94720 ----a-w c:\windows\system32\SETD2.tmp
2009-03-08 08:32 . 2009-03-08 08:32 594432 ----a-w c:\windows\system32\SETD6.tmp
2009-03-08 08:32 . 2009-03-08 08:32 1985024 ----a-w c:\windows\system32\SETCC.tmp
2009-03-08 08:32 . 2009-03-08 08:32 611840 ----a-w c:\windows\system32\SETE2.tmp
2009-03-08 08:31 . 2009-03-08 08:31 183808 ----a-w c:\windows\system32\SETCA.tmp
2009-03-08 08:31 . 2009-03-08 08:31 13312 ------w c:\windows\system32\SETD8.tmp
2009-03-08 08:31 . 2009-03-08 08:31 59904 ----a-w c:\windows\system32\SETBD.tmp
2009-03-08 08:31 . 2009-03-08 08:31 55296 ----a-w c:\windows\system32\SETD7.tmp
2009-03-08 08:31 . 2009-03-08 08:31 348160 ----a-w c:\windows\system32\SETBA.tmp
2009-03-08 08:31 . 2009-03-08 08:31 34816 ----a-w c:\windows\system32\SETD0.tmp
2009-03-08 08:31 . 2009-03-08 08:31 216064 ----a-w c:\windows\system32\SETBB.tmp
2009-03-08 08:31 . 2009-03-08 08:31 46592 ----a-w c:\windows\system32\SETE4.tmp
2009-03-08 08:31 . 2009-03-08 08:31 66560 ----a-w c:\windows\system32\SETDD.tmp
2009-03-08 08:31 . 2009-03-08 08:31 48128 ----a-w c:\windows\system32\SETDE.tmp
2009-03-08 08:31 . 2009-03-08 08:31 45568 ----a-w c:\windows\system32\SETD9.tmp
2009-03-08 08:31 . 2009-03-08 08:31 1638912 ----a-w c:\windows\system32\SETDC.tmp
2009-03-08 08:30 . 2009-03-08 08:30 66560 ----a-w c:\windows\system32\SETE5.tmp
2009-03-08 08:22 . 2009-03-08 08:22 164352 ------w c:\windows\system32\SETCE.tmp
2009-03-08 08:22 . 2009-03-08 08:22 156160 ----a-w c:\windows\system32\SETDF.tmp
2009-03-08 08:15 . 2009-03-08 08:15 57667 ----a-w c:\windows\system32\SETCF.tmp
2009-03-08 08:11 . 2009-03-08 08:11 445952 ----a-w c:\windows\system32\SETC5.tmp
2008-09-12 02:33 . 2008-09-12 02:33 27976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-09-12 02:33 . 2008-09-12 02:33 125848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2006-07-13 01:10 . 2006-07-13 01:10 53283 ----a-w c:\program files\mozilla firefox\plugins\NCScnet.dll
2006-07-13 01:10 . 2006-07-13 01:10 1044514 ----a-w c:\program files\mozilla firefox\plugins\NCSEcw.dll
2006-07-13 01:10 . 2006-07-13 01:10 98339 ----a-w c:\program files\mozilla firefox\plugins\NCSUtil.dll
2007-12-28 22:24 . 2007-12-28 22:24 1031619 --sh--w c:\windows\system32\irlxqiwr.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-02-16 492808]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-22 148888]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 337216]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"<NO NAME>"= c:\\ocqkmoc.exe
"c:\\WINDOWS\\system32\\kdfmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 da13ac3e;da13ac3e;c:\windows\System32\drivers\da13ac3e.sys [2009-04-04 0]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~2\TmPfw.exe [2009-04-14 488768]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-04-02 52624]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
S2 WUSB54GSSVC;WUSB54GSSVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GS.exe [x]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2008-02-16 333328]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-02-16 648456]


--- Other Services/Drivers In Memory ---

*Deregistered* - abp480n5
*Deregistered* - adpu160m
*Deregistered* - AFD
*Deregistered* - agp440
*Deregistered* - agpCPQ
*Deregistered* - Aha154x
*Deregistered* - aic78u2
*Deregistered* - aic78xx
*Deregistered* - ALG
*Deregistered* - AliIde
*Deregistered* - alim1541
*Deregistered* - amdagp
*Deregistered* - amsint
*Deregistered* - Apple Mobile Device
*Deregistered* - asc
*Deregistered* - asc3350p
*Deregistered* - asc3550
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - cbidf
*Deregistered* - CCALib8
*Deregistered* - cd20xrnt
*Deregistered* - Cdfs
*Deregistered* - CmdIde
*Deregistered* - Cpqarray
*Deregistered* - CryptSvc
*Deregistered* - dac2w2k
*Deregistered* - dac960nt
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dpti2o
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - GTNDIS5
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - hpn
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - i2omgmt
*Deregistered* - i2omp
*Deregistered* - ImapiService
*Deregistered* - ini910u
*Deregistered* - IntelIde
*Deregistered* - IntuitUpdateService
*Deregistered* - IpNat
*Deregistered* - iPod Service
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDC8021X
*Deregistered* - mdmxsdk
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - mraid35x
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - perc2
*Deregistered* - perc2hib
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - PrismXL
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - ql1080
*Deregistered* - Ql10wnt
*Deregistered* - ql12160
*Deregistered* - ql1240
*Deregistered* - ql1280
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SfCtlCom
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - sisagp
*Deregistered* - Sparrow
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - sym_hi
*Deregistered* - sym_u3
*Deregistered* - symc810
*Deregistered* - symc8xx
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - tmactmon
*Deregistered* - TMBMServer
*Deregistered* - tmcfw
*Deregistered* - tmcomm
*Deregistered* - tmevtmgr
*Deregistered* - tmpreflt
*Deregistered* - tmproxy
*Deregistered* - tmtdi
*Deregistered* - tmxpflt
*Deregistered* - TosIde
*Deregistered* - TrkWks
*Deregistered* - ultra
*Deregistered* - UMWdf
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - viaagp
*Deregistered* - ViaIde
*Deregistered* - VolSnap
*Deregistered* - vsapint
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WUSB54GSSVC
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-13 21:38]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
SafeBoot-ALCXWDM.SYS
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\n7hnubt8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... Fab&query=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NP_NCS6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NP_NCSPB6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NP_NCSTB6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 18:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(228)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\AIM6\anotify.exe
c:\program files\Trend Micro\TrendSecure\TSCFCommander.exe
c:\program files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
c:\program files\Trend Micro\Internet Security\UfUpdUi.exe
c:\windows\SoftwareDistribution\Download\e3ca2e0ef97a267372f782044960ceac\update\update.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-05-26 18:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-26 22:34

Pre-Run: 67,244,380,160 bytes free
Post-Run: 67,053,154,304 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

639 --- E O F --- 2009-03-14 07:04
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » May 26th, 2009, 8:10 pm

NoSound,
-----------------------------------------------------------
Copy/Paste/Run a Registry Edit
Copy/paste the following quote box into a new notepad document:
Code: Select all
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"<NO NAME>"= -


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save it as File Type All Files (not as a Text document, or it won't work).
Save it to your Desktop as fixme.reg
Double click fixme.reg on your Desktop, and merge it into the registry when asked.
Reboot Windows.
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard
    Code: Select all
    File::
    c:\\ocqkmoc.exe
    
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 28th, 2009, 12:47 am

Hi askey127:

I followed your instructions. Here's the log file:

ComboFix 09-05-26.02 - Owner 05/28/2009 0:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.86 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\\ocqkmoc.exe"
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-27 00:35 . 2009-05-27 00:35 -------- d--h--w c:\windows\PIF
2009-05-27 00:29 . 2009-05-27 00:29 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2009-05-27 00:28 . 2009-05-27 00:29 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-05-26 20:46 . 2009-05-26 20:46 -------- d-----w c:\program files\Viewpoint
2009-05-26 20:45 . 2009-05-26 20:48 -------- d-----w c:\program files\AIM6
2009-05-25 04:17 . 2009-05-25 04:17 -------- d-----w c:\documents and settings\Owner\Application Data\WinPatrol
2009-05-25 04:17 . 2009-05-25 04:17 -------- d-----w c:\docume~1\Owner\APPLIC~1\WinPatrol
2009-05-25 04:16 . 2009-05-25 04:16 -------- d-----w c:\program files\BillP Studios
2009-05-25 03:58 . 2009-05-25 03:58 -------- d-----w c:\program files\Bluetack
2009-05-22 04:54 . 2009-05-22 04:54 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-21 02:15 . 2009-05-21 02:15 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-21 02:15 . 2009-05-21 02:15 -------- d-----w c:\docume~1\Owner\APPLIC~1\Malwarebytes
2009-05-21 02:14 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-21 02:14 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 02:14 . 2009-05-21 02:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-21 02:14 . 2009-05-21 02:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-21 01:44 . 2009-05-21 01:44 -------- d-----w c:\program files\CCleaner
2009-05-18 03:04 . 2004-08-04 03:10 38912 -c--a-w c:\windows\system32\dllcache\avc.sys
2009-05-17 23:42 . 2009-05-17 23:42 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-17 23:40 . 2009-05-17 23:40 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2009-05-05 04:48 . 2004-08-04 04:56 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-05 04:48 . 2001-08-18 02:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-05 04:48 . 2001-08-18 02:36 17408 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-05-05 04:48 . 2001-08-18 02:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-05-05 04:48 . 2001-08-18 02:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-05-05 04:48 . 2001-08-18 02:37 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe
2009-05-05 04:47 . 2001-08-17 16:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys
2009-05-05 04:47 . 2004-08-04 02:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-05-05 04:47 . 2004-08-04 03:10 19328 -c--a-w c:\windows\system32\dllcache\wstcodec.sys
2009-05-05 04:47 . 2004-08-04 02:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys
2009-05-05 04:47 . 2004-08-04 04:56 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-05-05 04:47 . 2004-08-04 03:07 8832 -c--a-w c:\windows\system32\dllcache\wmiacpi.sys
2009-05-05 04:47 . 2004-08-04 02:31 154624 -c--a-w c:\windows\system32\dllcache\wlluc48.sys
2009-05-05 04:47 . 2001-08-17 16:12 34890 -c--a-w c:\windows\system32\dllcache\wlandrv2.sys
2009-05-05 04:47 . 2001-08-17 17:28 771581 -c--a-w c:\windows\system32\dllcache\winacisa.sys
2009-05-05 04:47 . 2001-08-18 02:36 53760 -c--a-w c:\windows\system32\dllcache\wiamsmud.dll
2009-05-05 04:45 . 2001-08-17 17:28 397502 -c--a-w c:\windows\system32\dllcache\vpctcom.sys
2009-05-05 04:45 . 2001-08-17 17:28 604253 -c--a-w c:\windows\system32\dllcache\vmodem.sys
2009-05-05 04:45 . 2001-08-17 16:14 249402 -c--a-w c:\windows\system32\dllcache\vinwm.sys
2009-05-05 04:45 . 2001-08-17 17:49 24576 -c--a-w c:\windows\system32\dllcache\viairda.sys
2009-05-05 04:45 . 2004-08-04 04:56 53760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-05 04:45 . 2004-08-04 04:56 11325 -c--a-w c:\windows\system32\dllcache\vchnt5.dll
2009-05-05 04:45 . 2001-08-17 17:28 687999 -c--a-w c:\windows\system32\dllcache\usrwdxjs.sys
2009-05-05 04:45 . 2001-08-17 17:28 765884 -c--a-w c:\windows\system32\dllcache\usrti.sys
2009-05-05 04:45 . 2001-08-17 17:28 113762 -c--a-w c:\windows\system32\dllcache\usrpda.sys
2009-05-05 04:45 . 2001-08-17 17:28 7556 -c--a-w c:\windows\system32\dllcache\usroslba.sys
2009-05-05 04:45 . 2001-08-17 17:28 224802 -c--a-w c:\windows\system32\dllcache\usr1807a.sys
2009-05-05 04:45 . 2001-08-17 17:28 794399 -c--a-w c:\windows\system32\dllcache\usr1806v.sys
2009-05-05 04:45 . 2001-08-17 17:28 793598 -c--a-w c:\windows\system32\dllcache\usr1806.sys
2009-05-05 04:43 . 2001-08-17 17:48 11520 -c--a-w c:\windows\system32\dllcache\twotrack.sys
2009-05-05 04:42 . 2001-08-17 16:14 123995 -c--a-w c:\windows\system32\dllcache\tjisdn.sys
2009-05-05 04:42 . 2001-08-17 16:51 138528 -c--a-w c:\windows\system32\dllcache\tgiulnt5.sys
2009-05-05 04:42 . 2001-08-17 18:56 81408 -c--a-w c:\windows\system32\dllcache\tgiul50.dll
2009-05-05 04:42 . 2004-08-04 03:00 149376 -c--a-w c:\windows\system32\dllcache\tffsport.sys
2009-05-05 04:42 . 2001-08-17 16:13 17129 -c--a-w c:\windows\system32\dllcache\tdkcd31.sys
2009-05-05 04:42 . 2001-08-17 16:13 37961 -c--a-w c:\windows\system32\dllcache\tdk100b.sys
2009-05-05 04:42 . 2001-08-17 17:49 30464 -c--a-w c:\windows\system32\dllcache\tbatm155.sys
2009-05-05 04:42 . 2001-08-17 17:52 7040 -c--a-w c:\windows\system32\dllcache\tandqic.sys
2009-05-05 04:42 . 2001-08-17 16:50 36640 -c--a-w c:\windows\system32\dllcache\t2r4mini.sys
2009-05-05 04:42 . 2001-08-17 18:56 172768 -c--a-w c:\windows\system32\dllcache\t2r4disp.dll
2009-05-05 04:42 . 2001-08-18 02:36 94293 -c--a-w c:\windows\system32\dllcache\sxports.dll
2009-05-05 04:42 . 2001-08-17 17:50 103936 -c--a-w c:\windows\system32\dllcache\sx.sys
2009-05-05 04:40 . 2001-08-18 02:36 106584 -c--a-w c:\windows\system32\dllcache\spdports.dll
2009-05-05 04:39 . 2004-08-04 03:07 6912 -c--a-w c:\windows\system32\dllcache\smbclass.sys
2009-05-05 04:38 . 2001-08-17 16:50 68608 -c--a-w c:\windows\system32\dllcache\sis6306p.sys
2009-05-05 04:37 . 2001-08-17 17:51 17280 -c--a-w c:\windows\system32\dllcache\scr111.sys
2009-05-05 04:36 . 2001-08-17 16:50 41216 -c--a-w c:\windows\system32\dllcache\s3mt3d.sys
2009-05-05 04:35 . 2004-08-04 03:10 59648 -c--a-w c:\windows\system32\dllcache\rfcomm.sys
2009-05-05 04:35 . 2001-08-18 02:36 86097 -c--a-w c:\windows\system32\dllcache\reslog32.dll
2009-05-05 04:35 . 2004-08-04 02:41 13776 -c--a-w c:\windows\system32\dllcache\recagent.sys
2009-05-05 04:35 . 2001-08-17 17:51 19584 -c--a-w c:\windows\system32\dllcache\rasirda.sys
2009-05-05 04:35 . 2001-08-17 17:28 714762 -c--a-w c:\windows\system32\dllcache\r2mdmkxx.sys
2009-05-05 04:35 . 2001-08-17 17:28 899146 -c--a-w c:\windows\system32\dllcache\r2mdkxga.sys
2009-05-05 04:35 . 2001-08-18 02:36 41472 -c--a-w c:\windows\system32\dllcache\qvusd.dll
2009-05-05 04:35 . 2001-08-17 17:53 3328 -c--a-w c:\windows\system32\dllcache\qv2kux.sys
2009-05-05 04:35 . 2004-08-04 03:00 6016 -c--a-w c:\windows\system32\dllcache\qic157.sys
2009-05-05 04:35 . 2001-08-17 17:28 130942 -c--a-w c:\windows\system32\dllcache\ptserlv.sys
2009-05-05 04:35 . 2001-08-17 17:28 112574 -c--a-w c:\windows\system32\dllcache\ptserlp.sys
2009-05-05 04:35 . 2001-08-17 17:28 128286 -c--a-w c:\windows\system32\dllcache\ptserli.sys
2009-05-05 04:35 . 2004-08-04 04:56 159232 -c--a-w c:\windows\system32\dllcache\ptpusd.dll
2009-05-05 04:33 . 2001-08-18 02:36 86016 -c--a-w c:\windows\system32\dllcache\pctspk.exe
2009-05-05 04:32 . 2001-08-17 18:05 25088 -c--a-w c:\windows\system32\dllcache\ovca.sys
2009-05-05 04:32 . 2001-08-17 17:28 54186 -c--a-w c:\windows\system32\dllcache\otcsercb.sys
2009-05-05 04:32 . 2001-08-17 16:12 43689 -c--a-w c:\windows\system32\dllcache\otceth5.sys
2009-05-05 04:32 . 2001-08-17 16:12 27209 -c--a-w c:\windows\system32\dllcache\otc06x5.sys
2009-05-05 04:32 . 2001-08-17 16:20 54528 -c--a-w c:\windows\system32\dllcache\opl3sax.sys
2009-05-05 04:32 . 2004-08-04 03:10 61056 -c--a-w c:\windows\system32\dllcache\ohci1394.sys
2009-05-05 04:32 . 2001-08-17 16:50 198144 -c--a-w c:\windows\system32\dllcache\nv3.sys
2009-05-05 04:32 . 2001-08-18 02:36 123776 -c--a-w c:\windows\system32\dllcache\nv3.dll
2009-05-05 04:32 . 2004-08-04 02:41 180360 -c--a-w c:\windows\system32\dllcache\ntmtlfax.sys
2009-05-05 04:32 . 2001-08-17 16:49 51552 -c--a-w c:\windows\system32\dllcache\ntgrip.sys
2009-05-05 04:32 . 2001-08-17 17:47 9344 -c--a-w c:\windows\system32\dllcache\ntapm.sys
2009-05-05 04:30 . 2001-08-17 18:56 35392 -c--a-w c:\windows\system32\dllcache\n9i128.dll
2009-05-05 04:29 . 2004-08-04 03:00 22016 -c--a-w c:\windows\system32\dllcache\msircomm.sys
2009-05-05 04:29 . 2001-08-17 18:02 35200 -c--a-w c:\windows\system32\dllcache\msgame.sys
2009-05-05 04:29 . 2001-08-17 17:48 6016 -c--a-w c:\windows\system32\dllcache\msfsio.sys
2009-05-05 04:29 . 2004-08-04 03:10 51328 -c--a-w c:\windows\system32\dllcache\msdv.sys
2009-05-05 04:29 . 2004-08-04 03:10 15360 -c--a-w c:\windows\system32\dllcache\mpe.sys
2009-05-05 04:29 . 2001-08-17 17:48 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-05-05 04:29 . 2001-08-17 17:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys
2009-05-05 04:29 . 2001-08-17 17:52 6528 -c--a-w c:\windows\system32\dllcache\miniqic.sys
2009-05-05 04:29 . 2001-08-17 16:50 320384 -c--a-w c:\windows\system32\dllcache\mgaum.sys
2009-05-05 04:29 . 2001-08-17 18:56 235648 -c--a-w c:\windows\system32\dllcache\mgaud.dll
2009-05-05 04:29 . 2004-08-04 03:00 26112 -c--a-w c:\windows\system32\dllcache\memstpci.sys
2009-05-05 04:27 . 2001-08-17 16:12 20573 -c--a-w c:\windows\system32\dllcache\lne100.sys
2009-05-05 04:27 . 2001-08-17 16:11 25065 -c--a-w c:\windows\system32\dllcache\lmndis3.sys
2009-05-05 04:27 . 2001-08-17 17:51 15744 -c--a-w c:\windows\system32\dllcache\lit220p.sys
2009-05-05 04:27 . 2004-08-04 02:59 34688 -c--a-w c:\windows\system32\dllcache\lbrtfdc.sys
2009-05-05 04:27 . 2001-08-17 16:12 26442 -c--a-w c:\windows\system32\dllcache\lanepic5.sys
2009-05-05 04:27 . 2001-08-17 16:12 19016 -c--a-w c:\windows\system32\dllcache\ktc111.sys
2009-05-05 04:27 . 2001-08-18 02:36 37376 -c--a-w c:\windows\system32\dllcache\kousd.dll
2009-05-05 04:27 . 2001-08-18 02:36 242176 -c--a-w c:\windows\system32\dllcache\kdsusd.dll
2009-05-05 04:27 . 2001-08-18 02:36 45568 -c--a-w c:\windows\system32\dllcache\kdsui.dll
2009-05-05 04:27 . 2004-08-04 02:58 14848 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-05-05 04:26 . 2001-08-17 17:49 26624 -c--a-w c:\windows\system32\dllcache\irstusb.sys
2009-05-05 04:26 . 2001-08-17 17:51 18688 -c--a-w c:\windows\system32\dllcache\irsir.sys
2009-05-05 04:26 . 2004-08-04 04:56 27136 -c--a-w c:\windows\system32\dllcache\irmon.dll
2009-05-05 04:26 . 2004-08-04 04:56 152576 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-05-05 04:26 . 2001-08-17 17:49 23552 -c--a-w c:\windows\system32\dllcache\irmk7.sys
2009-05-05 04:26 . 2004-08-04 03:00 87424 -c--a-w c:\windows\system32\dllcache\irda.sys
2009-05-05 04:26 . 2001-08-17 16:12 45632 -c--a-w c:\windows\system32\dllcache\ip5515.sys
2009-05-05 04:26 . 2001-08-18 02:36 90200 -c--a-w c:\windows\system32\dllcache\io8ports.dll
2009-05-05 04:26 . 2001-08-17 17:50 38784 -c--a-w c:\windows\system32\dllcache\io8.sys
2009-05-05 04:26 . 2001-08-17 17:47 13056 -c--a-w c:\windows\system32\dllcache\inport.sys
2009-05-05 04:24 . 2004-08-04 02:41 1041536 -c--a-w c:\windows\system32\dllcache\hsfdpsp2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 20:46 . 2006-02-01 09:32 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-26 20:45 . 2006-02-01 09:31 -------- d-----w c:\program files\Common Files\AOL
2009-05-26 02:32 . 2008-07-13 18:32 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-22 04:54 . 2006-02-01 09:26 -------- d-----w c:\program files\Java
2009-05-22 04:28 . 2006-02-01 09:29 -------- d-----w c:\program files\Common Files\Adobe
2009-05-20 21:43 . 2009-04-05 02:24 0 ----a-w c:\windows\Fzubaneyafisequ.bin
2009-05-17 23:43 . 2006-02-01 09:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-17 22:20 . 2008-03-15 23:54 16384 ----a-w c:\windows\DCEBoot.exe
2009-05-17 05:32 . 2008-01-22 00:17 -------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-05-17 05:32 . 2008-01-22 00:17 -------- d-----w c:\docume~1\Owner\APPLIC~1\LimeWire
2009-05-03 23:24 . 2009-04-22 14:17 7 ----a-w c:\windows\system32\nar.bin
2009-05-03 21:52 . 2006-04-23 15:31 -------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-05-03 21:51 . 2006-04-23 15:30 -------- d-----w c:\program files\Kodak
2009-04-23 18:59 . 2009-04-05 02:24 300 ----a-w c:\windows\Rgizakihe.dat
2009-04-22 13:19 . 2008-09-27 21:59 192512 ----a-w c:\windows\system32\kdfvmgr.exe
2009-04-22 13:19 . 2008-09-27 21:59 77824 ----a-w c:\windows\system32\kdfapi.dll
2009-04-22 13:19 . 2008-09-27 21:59 53248 ----a-w c:\windows\system32\Kdfhok.dll
2009-04-22 13:17 . 2008-09-27 21:59 722472 ----a-w c:\windows\system32\kdfmgr.exe
2009-04-19 07:14 . 2006-02-01 09:21 -------- d-----w c:\program files\CyberLink
2009-04-19 07:11 . 2006-02-01 09:31 -------- d-----w c:\program files\BigFix
2009-04-19 04:02 . 2009-04-19 04:01 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-19 04:02 . 2009-04-19 04:01 -------- d-----w c:\program files\iTunes
2009-04-19 04:01 . 2009-04-19 04:01 -------- d-----w c:\program files\iPod
2009-04-19 04:00 . 2009-04-19 04:00 -------- d-----w c:\program files\Bonjour
2009-04-19 04:00 . 2009-04-19 03:59 -------- d-----w c:\program files\QuickTime
2009-04-19 03:58 . 2009-04-19 03:58 -------- d-----w c:\program files\Apple Software Update
2009-04-13 22:55 . 2006-04-12 00:18 -------- d-----w c:\documents and settings\Owner\Application Data\Canon
2009-04-13 22:55 . 2006-04-12 00:18 -------- d-----w c:\docume~1\Owner\APPLIC~1\Canon
2009-04-13 22:54 . 2009-04-13 22:54 -------- d--h--w c:\program files\CanonBJ
2009-04-05 01:49 . 2009-04-05 01:49 -------- d-----w c:\documents and settings\Owner\Application Data\MSNInstaller
2009-04-05 01:49 . 2009-04-05 01:49 -------- d-----w c:\docume~1\Owner\APPLIC~1\MSNInstaller
2009-04-04 03:44 . 2009-03-28 19:37 0 ----a-w c:\windows\system32\drivers\da13ac3e.sys
2009-04-02 20:00 . 2008-09-27 19:02 52752 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-04-02 20:00 . 2008-09-27 19:02 52624 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 20:00 . 2008-09-27 19:02 142864 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-03-27 03:10 . 1601-01-01 00:12 61440 --sha-w c:\windows\system32\bajukeko.exe
2009-03-19 20:32 . 2009-04-19 04:02 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 18:18 . 2009-04-19 06:55 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 18:18 . 2009-04-19 06:55 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 18:18 . 2009-04-19 06:55 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 18:18 . 2009-04-19 06:55 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 19:27 . 2009-04-19 06:55 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 19:27 . 2009-04-19 06:55 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-09 19:27 . 2009-04-19 06:55 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-08 18:22 . 2009-03-08 18:22 1241088 ----a-w c:\windows\system32\SETC9.tmp
2009-03-08 18:21 . 2009-03-08 18:21 2771706 ------w c:\windows\inf\SETA4.tmp
2009-03-08 18:21 . 2009-03-08 18:21 2771706 ------w c:\windows\inf\SET50.tmp
2009-03-08 18:21 . 2009-03-08 18:21 13460 ------w c:\windows\inf\IEM\0409\SETA5.tmp
2009-03-08 18:21 . 2009-03-08 18:21 13460 ------w c:\windows\inf\IEM\0409\SET51.tmp
2009-03-08 18:21 . 2009-03-08 18:21 10240 ------w c:\windows\system32\SETB8.tmp
2009-03-08 18:09 . 2009-03-08 18:09 391536 ----a-w c:\windows\system32\SETC6.tmp
2009-03-08 08:41 . 2009-03-08 08:41 5937152 ----a-w c:\windows\system32\SETDB.tmp
2009-03-08 08:39 . 2009-03-08 08:39 11063808 ----a-w c:\windows\system32\SETC8.tmp
2009-03-08 08:35 . 2009-03-08 08:35 385024 ----a-w c:\windows\system32\SETBC.tmp
2009-03-08 08:34 . 2009-03-08 08:34 914944 ----a-w c:\windows\system32\SETEB.tmp
2009-03-08 08:34 . 2009-03-08 08:34 1206784 ----a-w c:\windows\system32\SETE7.tmp
2009-03-08 08:34 . 2009-03-08 08:34 1469440 ----a-w c:\windows\system32\SETD1.tmp
2009-03-08 08:34 . 2009-03-08 08:34 236544 ----a-w c:\windows\system32\SETE9.tmp
2009-03-08 08:34 . 2009-03-08 08:34 208384 ------w c:\windows\system32\SETEA.tmp
2009-03-08 08:34 . 2009-03-08 08:34 43008 ----a-w c:\windows\system32\SETD5.tmp
2009-03-08 08:34 . 2009-03-08 08:34 105984 ----a-w c:\windows\system32\SETE6.tmp
2009-03-08 08:34 . 2009-03-08 08:34 193536 ----a-w c:\windows\system32\SETE0.tmp
2009-03-08 08:34 . 2009-03-08 08:34 109568 ----a-w c:\windows\system32\SETE3.tmp
2009-03-08 08:33 . 2009-03-08 08:33 18944 ----a-w c:\windows\system32\SETB9.tmp
2009-03-08 08:33 . 2009-03-08 08:33 25600 ----a-w c:\windows\system32\SETD4.tmp
2009-03-08 08:33 . 2009-03-08 08:33 726528 ----a-w c:\windows\system32\SETD3.tmp
2009-03-08 08:33 . 2009-03-08 08:33 229376 ----a-w c:\windows\system32\SETC2.tmp
2009-03-08 08:33 . 2009-03-08 08:33 420352 ----a-w c:\windows\system32\SETE8.tmp
2009-03-08 08:33 . 2009-03-08 08:33 125952 ----a-w c:\windows\system32\SETC1.tmp
2009-03-08 08:32 . 2009-03-08 08:32 72704 ----a-w c:\windows\system32\SETB6.tmp
2009-03-08 08:32 . 2009-03-08 08:32 173056 ----a-w c:\windows\system32\SETBE.tmp
2009-03-08 08:32 . 2009-03-08 08:32 163840 ----a-w c:\windows\system32\SETC3.tmp
2009-03-08 08:32 . 2009-03-08 08:32 71680 ----a-w c:\windows\system32\SETCD.tmp
2009-03-08 08:32 . 2009-03-08 08:32 55808 ----a-w c:\windows\system32\SETCB.tmp
2009-03-08 08:32 . 2009-03-08 08:32 128512 ----a-w c:\windows\system32\SETB7.tmp
2009-03-08 08:32 . 2009-03-08 08:32 94720 ----a-w c:\windows\system32\SETD2.tmp
2009-03-08 08:32 . 2009-03-08 08:32 594432 ----a-w c:\windows\system32\SETD6.tmp
2009-03-08 08:32 . 2009-03-08 08:32 1985024 ----a-w c:\windows\system32\SETCC.tmp
2009-03-08 08:32 . 2009-03-08 08:32 611840 ----a-w c:\windows\system32\SETE2.tmp
2009-03-08 08:31 . 2009-03-08 08:31 183808 ----a-w c:\windows\system32\SETCA.tmp
2009-03-08 08:31 . 2009-03-08 08:31 13312 ------w c:\windows\system32\SETD8.tmp
2009-03-08 08:31 . 2009-03-08 08:31 59904 ----a-w c:\windows\system32\SETBD.tmp
2009-03-08 08:31 . 2009-03-08 08:31 55296 ----a-w c:\windows\system32\SETD7.tmp
2009-03-08 08:31 . 2009-03-08 08:31 348160 ----a-w c:\windows\system32\SETBA.tmp
2009-03-08 08:31 . 2009-03-08 08:31 34816 ----a-w c:\windows\system32\SETD0.tmp
2009-03-08 08:31 . 2009-03-08 08:31 216064 ----a-w c:\windows\system32\SETBB.tmp
2009-03-08 08:31 . 2009-03-08 08:31 46592 ----a-w c:\windows\system32\SETE4.tmp
2009-03-08 08:31 . 2009-03-08 08:31 66560 ----a-w c:\windows\system32\SETDD.tmp
2009-03-08 08:31 . 2009-03-08 08:31 48128 ----a-w c:\windows\system32\SETDE.tmp
2009-03-08 08:31 . 2009-03-08 08:31 45568 ----a-w c:\windows\system32\SETD9.tmp
2009-03-08 08:31 . 2009-03-08 08:31 1638912 ----a-w c:\windows\system32\SETDC.tmp
2009-03-08 08:30 . 2009-03-08 08:30 66560 ----a-w c:\windows\system32\SETE5.tmp
2009-03-08 08:22 . 2009-03-08 08:22 164352 ------w c:\windows\system32\SETCE.tmp
2009-03-08 08:22 . 2009-03-08 08:22 156160 ----a-w c:\windows\system32\SETDF.tmp
2009-03-08 08:15 . 2009-03-08 08:15 57667 ----a-w c:\windows\system32\SETCF.tmp
2009-03-08 08:11 . 2009-03-08 08:11 445952 ----a-w c:\windows\system32\SETC5.tmp
2009-03-06 14:00 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-26 16:12 826368 ----a-w c:\windows\system32\wininet.dll
2008-09-12 02:33 . 2008-09-12 02:33 27976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-09-12 02:33 . 2008-09-12 02:33 125848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2006-07-13 01:10 . 2006-07-13 01:10 53283 ----a-w c:\program files\mozilla firefox\plugins\NCScnet.dll
2006-07-13 01:10 . 2006-07-13 01:10 1044514 ----a-w c:\program files\mozilla firefox\plugins\NCSEcw.dll
2006-07-13 01:10 . 2006-07-13 01:10 98339 ----a-w c:\program files\mozilla firefox\plugins\NCSUtil.dll
2007-12-28 22:24 . 2007-12-28 22:24 1031619 --sh--w c:\windows\system32\irlxqiwr.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-05-26_22.14.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-28 03:41 . 2009-05-28 03:41 16384 c:\windows\Temp\Perflib_Perfdata_108.dat
+ 2004-08-26 16:12 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2004-08-26 16:12 . 2004-08-04 19:00 55808 c:\windows\system32\secur32.dll
+ 2004-08-26 16:12 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe
+ 2004-08-26 16:12 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
- 2004-08-26 16:12 . 2009-03-08 16:40 60828 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2009-05-26 23:29 60828 c:\windows\system32\perfc009.dat
+ 2004-08-26 18:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-26 16:12 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-26 16:12 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2007-08-13 23:54 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-26 18:00 . 2004-08-04 19:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-26 18:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 23:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2004-08-26 16:11 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2007-08-13 22:45 . 2007-08-13 22:45 78336 c:\windows\system32\ieencode.dll
+ 2007-08-13 22:45 . 2009-02-20 18:09 78336 c:\windows\system32\ieencode.dll
- 2004-08-26 16:11 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-26 16:11 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 23:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
- 2007-08-13 23:36 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
+ 2004-08-26 16:12 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2004-08-26 16:12 . 2004-08-04 19:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-26 16:12 . 2009-02-06 09:54 35328 c:\windows\system32\dllcache\sc.exe
- 2004-08-26 16:12 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-26 18:00 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-26 16:12 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-26 16:12 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2007-10-10 23:55 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-10-10 23:55 . 2008-12-20 23:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-26 18:00 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-26 18:00 . 2004-08-04 19:00 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-10-10 10:59 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-10-10 10:59 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-26 16:11 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 22:45 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-13 22:45 . 2007-08-13 22:45 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-26 16:11 . 2008-12-19 09:10 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-26 16:11 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-10-10 23:55 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-10-10 23:55 . 2008-12-20 23:15 63488 c:\windows\system32\dllcache\icardie.dll
- 2004-08-26 18:00 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-08-26 18:00 . 2005-07-26 04:20 60416 c:\windows\system32\dllcache\colbact.dll
- 2004-08-26 18:00 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2004-08-26 18:00 . 2005-07-26 04:20 60416 c:\windows\system32\colbact.dll
+ 2009-05-27 00:29 . 2009-05-27 00:29 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}\IconCD95F6617.exe
+ 2009-05-26 23:15 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-05-26 23:15 . 2007-08-13 22:39 13312 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-05-26 23:15 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-05-26 23:15 . 2007-08-13 22:45 78336 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-05-26 23:15 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-05-26 23:15 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
- 2004-08-26 16:12 . 2004-08-04 19:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-26 16:12 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
+ 2004-08-26 18:00 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-26 18:00 . 2009-02-10 22:31 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-26 18:00 . 2009-02-09 10:01 473088 c:\windows\system32\wbem\fastprox.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2004-08-26 16:12 . 2009-02-06 10:22 110592 c:\windows\system32\services.exe
+ 2004-08-26 16:12 . 2009-02-09 10:01 401408 c:\windows\system32\rpcss.dll
- 2004-08-26 16:12 . 2009-03-08 16:40 400794 c:\windows\system32\perfh009.dat
+ 2004-08-26 16:12 . 2009-05-26 23:29 400794 c:\windows\system32\perfh009.dat
+ 2004-08-26 16:12 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
+ 2004-08-26 16:12 . 2009-02-09 10:01 715264 c:\windows\system32\ntdll.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 23:54 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
+ 2004-08-26 18:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-26 18:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-26 18:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-26 16:11 . 2009-02-09 10:01 728576 c:\windows\system32\lsasrv.dll
+ 2004-08-26 16:11 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2007-08-13 23:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 17:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 17:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2004-08-26 16:11 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
+ 2004-08-26 16:11 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-26 18:00 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-26 18:00 . 2009-02-06 09:41 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2004-08-26 18:00 . 2009-02-10 22:31 453120 c:\windows\system32\dllcache\wmiprvsd.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 826368 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-26 16:12 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
- 2004-08-26 16:12 . 2004-08-04 19:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-26 16:12 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-26 16:12 . 2009-02-06 10:22 110592 c:\windows\system32\dllcache\services.exe
+ 2004-08-26 16:12 . 2009-02-09 10:01 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-26 16:12 . 2009-03-06 14:00 284160 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-26 16:12 . 2009-02-09 10:01 715264 c:\windows\system32\dllcache\ntdll.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-10-10 23:55 . 2008-12-20 23:15 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-10-10 23:55 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-26 18:00 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-26 18:00 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-26 18:00 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-26 16:11 . 2009-02-09 10:01 728576 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-26 16:11 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-26 18:01 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2007-10-10 23:55 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-10-10 23:55 . 2008-12-20 23:15 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-10-10 23:55 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-26 16:11 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-26 16:11 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-26 18:00 . 2009-02-09 10:01 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-26 16:11 . 2009-02-09 10:01 617984 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-26 16:11 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
+ 2004-08-26 16:11 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
+ 2004-08-26 16:11 . 2009-02-09 10:01 617984 c:\windows\system32\advapi32.dll
+ 2009-05-27 00:29 . 2009-05-27 00:29 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}\IconCD95F66110.exe
+ 2009-05-26 23:15 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-05-26 23:15 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-05-26 23:15 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-05-26 23:15 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-05-26 23:15 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-05-26 23:15 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-05-26 23:15 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2004-08-26 16:12 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
- 2004-08-26 16:12 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2004-08-26 16:12 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
+ 2004-08-26 16:12 . 2009-02-06 10:32 2186112 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 05:59 . 2009-02-06 09:49 2062976 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 05:59 . 2008-08-14 09:18 2062976 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-26 16:12 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
- 2007-02-12 21:10 . 2007-07-01 03:31 2455488 c:\windows\system32\ieapfltr.dat
+ 2007-02-12 21:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2004-08-26 16:12 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-26 16:12 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-26 16:12 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-26 16:12 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-26 16:12 . 2009-02-06 10:32 2186112 c:\windows\system32\dllcache\ntoskrnl.exe
- 2006-12-19 16:12 . 2008-08-14 09:18 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 16:12 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
- 2004-08-04 05:59 . 2008-08-14 09:18 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2004-08-04 05:59 . 2009-02-06 09:49 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 16:49 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2006-12-19 16:49 . 2008-08-14 09:55 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-26 16:12 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2007-10-10 23:55 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2007-07-01 03:31 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
- 2007-07-01 03:31 . 2007-07-01 03:31 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-05-26 23:15 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-05-26 23:15 . 2009-01-17 02:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-05-26 23:15 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-05-26 23:15 . 2007-07-01 03:31 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2006-02-01 09:39 . 2009-02-06 10:32 2186112 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2006-02-01 09:39 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2006-02-01 09:39 . 2008-08-14 09:18 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2006-02-01 09:39 . 2009-02-06 09:49 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2006-02-01 09:39 . 2008-08-14 09:18 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2006-02-01 09:39 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2006-02-01 09:39 . 2008-08-14 09:55 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-05-03 23:23 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-02-16 492808]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-22 148888]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 337216]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"<NO NAME>"= c:\\ocqkmoc.exe
"c:\\WINDOWS\\system32\\kdfmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [9/27/2008 3:02 PM 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/16/2008 5:00 AM 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2/16/2008 5:00 AM 333328]
S1 da13ac3e;da13ac3e;c:\windows\system32\drivers\da13ac3e.sys [3/28/2009 3:37 PM 0]

--- Other Services/Drivers In Memory ---

*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - PrismXL
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SfCtlCom
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TMBMServer
*Deregistered* - TmPfw
*Deregistered* - tmproxy
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WUSB54GSSVC
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-13 21:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\n7hnubt8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... Fab&query=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NP_NCS6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NP_NCSPB6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NP_NCSTB6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 00:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2900)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
Completion time: 2009-05-28 0:42
ComboFix-quarantined-files.txt 2009-05-28 04:42
ComboFix2.txt 2009-05-26 22:35

Pre-Run: 66,279,989,248 bytes free
Post-Run: 66,777,686,016 bytes free

600 --- E O F --- 2009-05-28 04:12
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » May 28th, 2009, 7:01 am

Does your Security Center show that it is monitoring the AntiVirus and Firewall?
(Control Panel, Security Center)
Did you run that Registry Fix first?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 28th, 2009, 7:07 pm

Hi askey127:

According to my Security Center, the Firewall, Automatic Updates, and Virus Protection are on. The Firewall and Virus Protection are both from Trend Micro.

I did run the registry fix and got a message that the registry was successfully changed.

Was I supposed to exit Trend micro before running the registry fix?

I tried looking for the driver for "Multimedia Audio Driver" to download, but couldn't find anything.
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » May 29th, 2009, 6:43 am

NoSound,
We need to run a Kaspersky scan again.
-----------------------------------------------------
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 29th, 2009, 2:26 pm

Hi askey127:

Here's the log from Kaspersky:

KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, May 29, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, May 29, 2009 17:19:00
Records in database: 2272378
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 86107
Threat name: 30
Infected objects: 127
Suspicious objects: 0
Duration of the scan: 02:28:49


File name / Threat name / Threats count
C:\Program Files\Trend Micro\Internet Security\Quarantine\10.tmp Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\11.tmp Infected: Trojan-Downloader.Win32.Small.gvr 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\12.tmp Infected: Trojan-Downloader.Win32.Small.gzs 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\13.tmp Infected: not-a-virus:AdWare.Win32.Agent.vv 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\13.tmp Infected: not-a-virus:AdWare.Win32.AdBand.h 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\13.tmp Infected: Trojan-Downloader.Win32.Agent.jjq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\14.tmp Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1471584640.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\15.tmp Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\16.tmp Infected: Worm.Win32.AutoRun.fjo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\17.tmp Infected: Worm.Win32.AutoRun.fjo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1775985426.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1781922926.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\18.tmp Infected: Packed.Win32.Krap.p 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1809767734.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1810080234.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1817522734.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1860280720.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1A.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1B.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1C.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1D.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1E.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1F.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\20.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2075571190.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\21.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\22.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2289224156.EXE Infected: Trojan-Downloader.Win32.Suurch.qs 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\23.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\233594102.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\233906602.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2344499404.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\24.tmp Infected: Trojan-Downloader.Win32.FraudLoad.vmrj 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\25.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\26.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2602205994.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2631268494.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\27.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\28.tmp Infected: Trojan-Downloader.Win32.Agent.bpcz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\29.tmp Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2A.tmp Infected: Exploit.Win32.Pidief.no 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2B.tmp Infected: Trojan-Downloader.Win32.Small.jmc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2C.tmp Infected: Trojan-Spy.Win32.Goldun.bpx 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2D.tmp Infected: Trojan-Spy.Win32.Goldun.bpx 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2E.tmp Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2F.tmp Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\30.tmp Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\31.tmp Infected: Trojan-Downloader.Win32.Small.jmc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\32.tmp Infected: Trojan-Spy.Win32.Goldun.bpx 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\33.tmp Infected: Trojan-Spy.Win32.Goldun.bpx 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3347660116.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3348128866.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3356094454.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\35.tmp Infected: Trojan-Downloader.Win32.Suurch.qs 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3533605084.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3540792584.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3544844498.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3545000748.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp Infected: Trojan-Downloader.Win32.Suurch.qs 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3858172882.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\4002082756.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\5.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\6.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\600799942.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\7.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\7F.tmp Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\8.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\9.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A.tmp Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0002011.dll Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0002012.dll Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0002191.dll Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0002192.dll Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\aasuper0[1].htm Infected: Trojan-Downloader.Win32.Boltolog.bfa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B.tmp Infected: Trojan-Downloader.Win32.FraudLoad.vmrj 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\UAC11ed.RB0 Infected: Trojan.Win32.Patched.fl 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\bhrob[1].htm Infected: Trojan.Win32.Agent2.hoc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C.tmp Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\cmjjtkllmv[1].htm Infected: Trojan-Downloader.Win32.Small.jmc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D.tmp Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E.tmp Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F.tmp Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\tsstduhii[1].htm Infected: Trojan.Win32.Agent2.hoc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACmsgtqsgi.dll Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACmsgtqsgi_12cc.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACmsgtqsgi_14d8.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACmsgtqsgi_228.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACmsgtqsgi_678.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACmsgtqsgi_6a4.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACmsgtqsgi_b38.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACmsgtqsgi_c3c.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACmsgtqsgi_d44.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACmsgtqsgi_e30.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACmsgtqsgi_e78.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACMSGTQSGI_f2c.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx.dll Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx_12cc.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx_14d8.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx_228.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx_678.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx_6a4.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx_b38.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx_c3c.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx_c58.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx_d44.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx_e30.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACoroowrtx_e78.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACpixwwrrn.dll Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACpixwwrrn_14d8.VIR Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACpixwwrrn_228.VIR Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACpixwwrrn_678.VIR Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACPIXWWRRN_8f8.VIR Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACpixwwrrn_e30.VIR Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACtnqoxvmd.dll Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACtnqoxvmd_14d8.VIR Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACtnqoxvmd_228.VIR Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACtnqoxvmd_678.VIR Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACtnqoxvmd_c54.VIR Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\UACtnqoxvmd_e30.VIR Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\update[1].exe Infected: Trojan-Spy.Win32.Goldun.bdu 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\xdmane[1].htm Infected: Trojan.Win32.Agent2.hoc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10.tmp Infected: Trojan.Win32.VB.aqt 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CD.tmp Infected: Worm.Win32.VB.fi 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EB.tmp Infected: Trojan.Win32.VB.aqt 1
C:\WINDOWS\system32\bajukeko.exe Infected: Trojan.Win32.AntiAV.aug 1
D:\i386\Apps\App17981\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » May 29th, 2009, 6:55 pm

NoSound,
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard
    Code: Select all
    File::
    C:\WINDOWS\system32\bajukeko.exe
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 29th, 2009, 10:48 pm

Hi askey127:

Here's the log file:

ComboFix 09-05-26.02 - Owner 05/29/2009 22:05.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.134 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

FILE ::
"c:\windows\system32\bajukeko.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bajukeko.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-27 00:35 . 2009-05-27 00:35 -------- d--h--w c:\windows\PIF
2009-05-27 00:29 . 2009-05-27 00:29 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2009-05-27 00:28 . 2009-05-27 00:29 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-05-26 20:46 . 2009-05-26 20:46 -------- d-----w c:\program files\Viewpoint
2009-05-26 20:45 . 2009-05-26 20:48 -------- d-----w c:\program files\AIM6
2009-05-25 04:17 . 2009-05-25 04:17 -------- d-----w c:\documents and settings\Owner\Application Data\WinPatrol
2009-05-25 04:17 . 2009-05-25 04:17 -------- d-----w c:\docume~1\Owner\APPLIC~1\WinPatrol
2009-05-25 04:16 . 2009-05-25 04:16 -------- d-----w c:\program files\BillP Studios
2009-05-25 03:58 . 2009-05-25 03:58 -------- d-----w c:\program files\Bluetack
2009-05-22 04:54 . 2009-05-22 04:54 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-21 02:15 . 2009-05-21 02:15 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-21 02:15 . 2009-05-21 02:15 -------- d-----w c:\docume~1\Owner\APPLIC~1\Malwarebytes
2009-05-21 02:14 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-21 02:14 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 02:14 . 2009-05-21 02:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-21 02:14 . 2009-05-21 02:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-21 01:44 . 2009-05-21 01:44 -------- d-----w c:\program files\CCleaner
2009-05-18 03:04 . 2004-08-04 03:10 38912 -c--a-w c:\windows\system32\dllcache\avc.sys
2009-05-17 23:42 . 2009-05-17 23:42 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-17 23:40 . 2009-05-17 23:40 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2009-05-05 04:48 . 2004-08-04 04:56 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-05 04:48 . 2001-08-18 02:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-05 04:48 . 2001-08-18 02:36 17408 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-05-05 04:48 . 2001-08-18 02:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-05-05 04:48 . 2001-08-18 02:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-05-05 04:48 . 2001-08-18 02:37 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe
2009-05-05 04:47 . 2001-08-17 16:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys
2009-05-05 04:47 . 2004-08-04 02:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-05-05 04:47 . 2004-08-04 03:10 19328 -c--a-w c:\windows\system32\dllcache\wstcodec.sys
2009-05-05 04:47 . 2004-08-04 02:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys
2009-05-05 04:47 . 2004-08-04 04:56 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-05-05 04:47 . 2004-08-04 03:07 8832 -c--a-w c:\windows\system32\dllcache\wmiacpi.sys
2009-05-05 04:47 . 2004-08-04 02:31 154624 -c--a-w c:\windows\system32\dllcache\wlluc48.sys
2009-05-05 04:47 . 2001-08-17 16:12 34890 -c--a-w c:\windows\system32\dllcache\wlandrv2.sys
2009-05-05 04:47 . 2001-08-17 17:28 771581 -c--a-w c:\windows\system32\dllcache\winacisa.sys
2009-05-05 04:47 . 2001-08-18 02:36 53760 -c--a-w c:\windows\system32\dllcache\wiamsmud.dll
2009-05-05 04:45 . 2001-08-17 17:28 397502 -c--a-w c:\windows\system32\dllcache\vpctcom.sys
2009-05-05 04:45 . 2001-08-17 17:28 604253 -c--a-w c:\windows\system32\dllcache\vmodem.sys
2009-05-05 04:45 . 2001-08-17 16:14 249402 -c--a-w c:\windows\system32\dllcache\vinwm.sys
2009-05-05 04:45 . 2001-08-17 17:49 24576 -c--a-w c:\windows\system32\dllcache\viairda.sys
2009-05-05 04:45 . 2004-08-04 04:56 53760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-05 04:45 . 2004-08-04 04:56 11325 -c--a-w c:\windows\system32\dllcache\vchnt5.dll
2009-05-05 04:45 . 2001-08-17 17:28 687999 -c--a-w c:\windows\system32\dllcache\usrwdxjs.sys
2009-05-05 04:45 . 2001-08-17 17:28 765884 -c--a-w c:\windows\system32\dllcache\usrti.sys
2009-05-05 04:45 . 2001-08-17 17:28 113762 -c--a-w c:\windows\system32\dllcache\usrpda.sys
2009-05-05 04:45 . 2001-08-17 17:28 7556 -c--a-w c:\windows\system32\dllcache\usroslba.sys
2009-05-05 04:45 . 2001-08-17 17:28 224802 -c--a-w c:\windows\system32\dllcache\usr1807a.sys
2009-05-05 04:45 . 2001-08-17 17:28 794399 -c--a-w c:\windows\system32\dllcache\usr1806v.sys
2009-05-05 04:45 . 2001-08-17 17:28 793598 -c--a-w c:\windows\system32\dllcache\usr1806.sys
2009-05-05 04:43 . 2001-08-17 17:48 11520 -c--a-w c:\windows\system32\dllcache\twotrack.sys
2009-05-05 04:42 . 2001-08-17 16:14 123995 -c--a-w c:\windows\system32\dllcache\tjisdn.sys
2009-05-05 04:42 . 2001-08-17 16:51 138528 -c--a-w c:\windows\system32\dllcache\tgiulnt5.sys
2009-05-05 04:42 . 2001-08-17 18:56 81408 -c--a-w c:\windows\system32\dllcache\tgiul50.dll
2009-05-05 04:42 . 2004-08-04 03:00 149376 -c--a-w c:\windows\system32\dllcache\tffsport.sys
2009-05-05 04:42 . 2001-08-17 16:13 17129 -c--a-w c:\windows\system32\dllcache\tdkcd31.sys
2009-05-05 04:42 . 2001-08-17 16:13 37961 -c--a-w c:\windows\system32\dllcache\tdk100b.sys
2009-05-05 04:42 . 2001-08-17 17:49 30464 -c--a-w c:\windows\system32\dllcache\tbatm155.sys
2009-05-05 04:42 . 2001-08-17 17:52 7040 -c--a-w c:\windows\system32\dllcache\tandqic.sys
2009-05-05 04:42 . 2001-08-17 16:50 36640 -c--a-w c:\windows\system32\dllcache\t2r4mini.sys
2009-05-05 04:42 . 2001-08-17 18:56 172768 -c--a-w c:\windows\system32\dllcache\t2r4disp.dll
2009-05-05 04:42 . 2001-08-18 02:36 94293 -c--a-w c:\windows\system32\dllcache\sxports.dll
2009-05-05 04:42 . 2001-08-17 17:50 103936 -c--a-w c:\windows\system32\dllcache\sx.sys
2009-05-05 04:40 . 2001-08-18 02:36 106584 -c--a-w c:\windows\system32\dllcache\spdports.dll
2009-05-05 04:39 . 2004-08-04 03:07 6912 -c--a-w c:\windows\system32\dllcache\smbclass.sys
2009-05-05 04:38 . 2001-08-17 16:50 68608 -c--a-w c:\windows\system32\dllcache\sis6306p.sys
2009-05-05 04:37 . 2001-08-17 17:51 17280 -c--a-w c:\windows\system32\dllcache\scr111.sys
2009-05-05 04:36 . 2001-08-17 16:50 41216 -c--a-w c:\windows\system32\dllcache\s3mt3d.sys
2009-05-05 04:35 . 2004-08-04 03:10 59648 -c--a-w c:\windows\system32\dllcache\rfcomm.sys
2009-05-05 04:35 . 2001-08-18 02:36 86097 -c--a-w c:\windows\system32\dllcache\reslog32.dll
2009-05-05 04:35 . 2004-08-04 02:41 13776 -c--a-w c:\windows\system32\dllcache\recagent.sys
2009-05-05 04:35 . 2001-08-17 17:51 19584 -c--a-w c:\windows\system32\dllcache\rasirda.sys
2009-05-05 04:35 . 2001-08-17 17:28 714762 -c--a-w c:\windows\system32\dllcache\r2mdmkxx.sys
2009-05-05 04:35 . 2001-08-17 17:28 899146 -c--a-w c:\windows\system32\dllcache\r2mdkxga.sys
2009-05-05 04:35 . 2001-08-18 02:36 41472 -c--a-w c:\windows\system32\dllcache\qvusd.dll
2009-05-05 04:35 . 2001-08-17 17:53 3328 -c--a-w c:\windows\system32\dllcache\qv2kux.sys
2009-05-05 04:35 . 2004-08-04 03:00 6016 -c--a-w c:\windows\system32\dllcache\qic157.sys
2009-05-05 04:35 . 2001-08-17 17:28 130942 -c--a-w c:\windows\system32\dllcache\ptserlv.sys
2009-05-05 04:35 . 2001-08-17 17:28 112574 -c--a-w c:\windows\system32\dllcache\ptserlp.sys
2009-05-05 04:35 . 2001-08-17 17:28 128286 -c--a-w c:\windows\system32\dllcache\ptserli.sys
2009-05-05 04:35 . 2004-08-04 04:56 159232 -c--a-w c:\windows\system32\dllcache\ptpusd.dll
2009-05-05 04:33 . 2001-08-18 02:36 86016 -c--a-w c:\windows\system32\dllcache\pctspk.exe
2009-05-05 04:32 . 2001-08-17 18:05 25088 -c--a-w c:\windows\system32\dllcache\ovca.sys
2009-05-05 04:32 . 2001-08-17 17:28 54186 -c--a-w c:\windows\system32\dllcache\otcsercb.sys
2009-05-05 04:32 . 2001-08-17 16:12 43689 -c--a-w c:\windows\system32\dllcache\otceth5.sys
2009-05-05 04:32 . 2001-08-17 16:12 27209 -c--a-w c:\windows\system32\dllcache\otc06x5.sys
2009-05-05 04:32 . 2001-08-17 16:20 54528 -c--a-w c:\windows\system32\dllcache\opl3sax.sys
2009-05-05 04:32 . 2004-08-04 03:10 61056 -c--a-w c:\windows\system32\dllcache\ohci1394.sys
2009-05-05 04:32 . 2001-08-17 16:50 198144 -c--a-w c:\windows\system32\dllcache\nv3.sys
2009-05-05 04:32 . 2001-08-18 02:36 123776 -c--a-w c:\windows\system32\dllcache\nv3.dll
2009-05-05 04:32 . 2004-08-04 02:41 180360 -c--a-w c:\windows\system32\dllcache\ntmtlfax.sys
2009-05-05 04:32 . 2001-08-17 16:49 51552 -c--a-w c:\windows\system32\dllcache\ntgrip.sys
2009-05-05 04:32 . 2001-08-17 17:47 9344 -c--a-w c:\windows\system32\dllcache\ntapm.sys
2009-05-05 04:30 . 2001-08-17 18:56 35392 -c--a-w c:\windows\system32\dllcache\n9i128.dll
2009-05-05 04:29 . 2004-08-04 03:00 22016 -c--a-w c:\windows\system32\dllcache\msircomm.sys
2009-05-05 04:29 . 2001-08-17 18:02 35200 -c--a-w c:\windows\system32\dllcache\msgame.sys
2009-05-05 04:29 . 2001-08-17 17:48 6016 -c--a-w c:\windows\system32\dllcache\msfsio.sys
2009-05-05 04:29 . 2004-08-04 03:10 51328 -c--a-w c:\windows\system32\dllcache\msdv.sys
2009-05-05 04:29 . 2004-08-04 03:10 15360 -c--a-w c:\windows\system32\dllcache\mpe.sys
2009-05-05 04:29 . 2001-08-17 17:48 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-05-05 04:29 . 2001-08-17 17:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys
2009-05-05 04:29 . 2001-08-17 17:52 6528 -c--a-w c:\windows\system32\dllcache\miniqic.sys
2009-05-05 04:29 . 2001-08-17 16:50 320384 -c--a-w c:\windows\system32\dllcache\mgaum.sys
2009-05-05 04:29 . 2001-08-17 18:56 235648 -c--a-w c:\windows\system32\dllcache\mgaud.dll
2009-05-05 04:29 . 2004-08-04 03:00 26112 -c--a-w c:\windows\system32\dllcache\memstpci.sys
2009-05-05 04:27 . 2001-08-17 16:12 20573 -c--a-w c:\windows\system32\dllcache\lne100.sys
2009-05-05 04:27 . 2001-08-17 16:11 25065 -c--a-w c:\windows\system32\dllcache\lmndis3.sys
2009-05-05 04:27 . 2001-08-17 17:51 15744 -c--a-w c:\windows\system32\dllcache\lit220p.sys
2009-05-05 04:27 . 2004-08-04 02:59 34688 -c--a-w c:\windows\system32\dllcache\lbrtfdc.sys
2009-05-05 04:27 . 2001-08-17 16:12 26442 -c--a-w c:\windows\system32\dllcache\lanepic5.sys
2009-05-05 04:27 . 2001-08-17 16:12 19016 -c--a-w c:\windows\system32\dllcache\ktc111.sys
2009-05-05 04:27 . 2001-08-18 02:36 37376 -c--a-w c:\windows\system32\dllcache\kousd.dll
2009-05-05 04:27 . 2001-08-18 02:36 242176 -c--a-w c:\windows\system32\dllcache\kdsusd.dll
2009-05-05 04:27 . 2001-08-18 02:36 45568 -c--a-w c:\windows\system32\dllcache\kdsui.dll
2009-05-05 04:27 . 2004-08-04 02:58 14848 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-05-05 04:26 . 2001-08-17 17:49 26624 -c--a-w c:\windows\system32\dllcache\irstusb.sys
2009-05-05 04:26 . 2001-08-17 17:51 18688 -c--a-w c:\windows\system32\dllcache\irsir.sys
2009-05-05 04:26 . 2004-08-04 04:56 27136 -c--a-w c:\windows\system32\dllcache\irmon.dll
2009-05-05 04:26 . 2004-08-04 04:56 152576 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-05-05 04:26 . 2001-08-17 17:49 23552 -c--a-w c:\windows\system32\dllcache\irmk7.sys
2009-05-05 04:26 . 2004-08-04 03:00 87424 -c--a-w c:\windows\system32\dllcache\irda.sys
2009-05-05 04:26 . 2001-08-17 16:12 45632 -c--a-w c:\windows\system32\dllcache\ip5515.sys
2009-05-05 04:26 . 2001-08-18 02:36 90200 -c--a-w c:\windows\system32\dllcache\io8ports.dll
2009-05-05 04:26 . 2001-08-17 17:50 38784 -c--a-w c:\windows\system32\dllcache\io8.sys
2009-05-05 04:26 . 2001-08-17 17:47 13056 -c--a-w c:\windows\system32\dllcache\inport.sys
2009-05-05 04:24 . 2004-08-04 02:41 1041536 -c--a-w c:\windows\system32\dllcache\hsfdpsp2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 10:57 . 2008-07-13 18:32 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-28 22:46 . 2006-02-01 12:32 86496 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 20:46 . 2006-02-01 09:32 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-26 20:45 . 2006-02-01 09:31 -------- d-----w c:\program files\Common Files\AOL
2009-05-22 04:54 . 2006-02-01 09:26 -------- d-----w c:\program files\Java
2009-05-22 04:28 . 2006-02-01 09:29 -------- d-----w c:\program files\Common Files\Adobe
2009-05-20 21:43 . 2009-04-05 02:24 0 ----a-w c:\windows\Fzubaneyafisequ.bin
2009-05-17 23:43 . 2006-02-01 09:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-17 22:20 . 2008-03-15 23:54 16384 ----a-w c:\windows\DCEBoot.exe
2009-05-17 05:32 . 2008-01-22 00:17 -------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-05-17 05:32 . 2008-01-22 00:17 -------- d-----w c:\docume~1\Owner\APPLIC~1\LimeWire
2009-05-03 23:24 . 2009-04-22 14:17 7 ----a-w c:\windows\system32\nar.bin
2009-05-03 21:52 . 2006-04-23 15:31 -------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-05-03 21:51 . 2006-04-23 15:30 -------- d-----w c:\program files\Kodak
2009-04-23 18:59 . 2009-04-05 02:24 300 ----a-w c:\windows\Rgizakihe.dat
2009-04-22 13:19 . 2008-09-27 21:59 192512 ----a-w c:\windows\system32\kdfvmgr.exe
2009-04-22 13:19 . 2008-09-27 21:59 77824 ----a-w c:\windows\system32\kdfapi.dll
2009-04-22 13:19 . 2008-09-27 21:59 53248 ----a-w c:\windows\system32\Kdfhok.dll
2009-04-22 13:17 . 2008-09-27 21:59 722472 ----a-w c:\windows\system32\kdfmgr.exe
2009-04-19 07:14 . 2006-02-01 09:21 -------- d-----w c:\program files\CyberLink
2009-04-19 07:11 . 2006-02-01 09:31 -------- d-----w c:\program files\BigFix
2009-04-19 04:02 . 2009-04-19 04:01 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-19 04:02 . 2009-04-19 04:01 -------- d-----w c:\program files\iTunes
2009-04-19 04:01 . 2009-04-19 04:01 -------- d-----w c:\program files\iPod
2009-04-19 04:00 . 2009-04-19 04:00 -------- d-----w c:\program files\Bonjour
2009-04-19 04:00 . 2009-04-19 03:59 -------- d-----w c:\program files\QuickTime
2009-04-19 03:58 . 2009-04-19 03:58 -------- d-----w c:\program files\Apple Software Update
2009-04-13 22:55 . 2006-04-12 00:18 -------- d-----w c:\documents and settings\Owner\Application Data\Canon
2009-04-13 22:55 . 2006-04-12 00:18 -------- d-----w c:\docume~1\Owner\APPLIC~1\Canon
2009-04-13 22:54 . 2009-04-13 22:54 -------- d--h--w c:\program files\CanonBJ
2009-04-05 01:49 . 2009-04-05 01:49 -------- d-----w c:\documents and settings\Owner\Application Data\MSNInstaller
2009-04-05 01:49 . 2009-04-05 01:49 -------- d-----w c:\docume~1\Owner\APPLIC~1\MSNInstaller
2009-04-04 03:44 . 2009-03-28 19:37 0 ----a-w c:\windows\system32\drivers\da13ac3e.sys
2009-04-02 20:00 . 2008-09-27 19:02 52752 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-04-02 20:00 . 2008-09-27 19:02 52624 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 20:00 . 2008-09-27 19:02 142864 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-03-19 20:32 . 2009-04-19 04:02 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 18:18 . 2009-04-19 06:55 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 18:18 . 2009-04-19 06:55 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 18:18 . 2009-04-19 06:55 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 18:18 . 2009-04-19 06:55 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 19:27 . 2009-04-19 06:55 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 19:27 . 2009-04-19 06:55 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-09 19:27 . 2009-04-19 06:55 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-08 18:22 . 2009-03-08 18:22 1241088 ----a-w c:\windows\system32\SETC9.tmp
2009-03-08 18:21 . 2009-03-08 18:21 2771706 ------w c:\windows\inf\SETA4.tmp
2009-03-08 18:21 . 2009-03-08 18:21 2771706 ------w c:\windows\inf\SET50.tmp
2009-03-08 18:21 . 2009-03-08 18:21 13460 ------w c:\windows\inf\IEM\0409\SETA5.tmp
2009-03-08 18:21 . 2009-03-08 18:21 13460 ------w c:\windows\inf\IEM\0409\SET51.tmp
2009-03-08 18:21 . 2009-03-08 18:21 10240 ------w c:\windows\system32\SETB8.tmp
2009-03-08 18:09 . 2009-03-08 18:09 391536 ----a-w c:\windows\system32\SETC6.tmp
2009-03-08 08:41 . 2009-03-08 08:41 5937152 ----a-w c:\windows\system32\SETDB.tmp
2009-03-08 08:39 . 2009-03-08 08:39 11063808 ----a-w c:\windows\system32\SETC8.tmp
2009-03-08 08:35 . 2009-03-08 08:35 385024 ----a-w c:\windows\system32\SETBC.tmp
2009-03-08 08:34 . 2009-03-08 08:34 914944 ----a-w c:\windows\system32\SETEB.tmp
2009-03-08 08:34 . 2009-03-08 08:34 1206784 ----a-w c:\windows\system32\SETE7.tmp
2009-03-08 08:34 . 2009-03-08 08:34 1469440 ----a-w c:\windows\system32\SETD1.tmp
2009-03-08 08:34 . 2009-03-08 08:34 236544 ----a-w c:\windows\system32\SETE9.tmp
2009-03-08 08:34 . 2009-03-08 08:34 208384 ------w c:\windows\system32\SETEA.tmp
2009-03-08 08:34 . 2009-03-08 08:34 43008 ----a-w c:\windows\system32\SETD5.tmp
2009-03-08 08:34 . 2009-03-08 08:34 105984 ----a-w c:\windows\system32\SETE6.tmp
2009-03-08 08:34 . 2009-03-08 08:34 193536 ----a-w c:\windows\system32\SETE0.tmp
2009-03-08 08:34 . 2009-03-08 08:34 109568 ----a-w c:\windows\system32\SETE3.tmp
2009-03-08 08:33 . 2009-03-08 08:33 18944 ----a-w c:\windows\system32\SETB9.tmp
2009-03-08 08:33 . 2009-03-08 08:33 25600 ----a-w c:\windows\system32\SETD4.tmp
2009-03-08 08:33 . 2009-03-08 08:33 726528 ----a-w c:\windows\system32\SETD3.tmp
2009-03-08 08:33 . 2009-03-08 08:33 229376 ----a-w c:\windows\system32\SETC2.tmp
2009-03-08 08:33 . 2009-03-08 08:33 420352 ----a-w c:\windows\system32\SETE8.tmp
2009-03-08 08:33 . 2009-03-08 08:33 125952 ----a-w c:\windows\system32\SETC1.tmp
2009-03-08 08:32 . 2009-03-08 08:32 72704 ----a-w c:\windows\system32\SETB6.tmp
2009-03-08 08:32 . 2009-03-08 08:32 173056 ----a-w c:\windows\system32\SETBE.tmp
2009-03-08 08:32 . 2009-03-08 08:32 163840 ----a-w c:\windows\system32\SETC3.tmp
2009-03-08 08:32 . 2009-03-08 08:32 71680 ----a-w c:\windows\system32\SETCD.tmp
2009-03-08 08:32 . 2009-03-08 08:32 55808 ----a-w c:\windows\system32\SETCB.tmp
2009-03-08 08:32 . 2009-03-08 08:32 128512 ----a-w c:\windows\system32\SETB7.tmp
2009-03-08 08:32 . 2009-03-08 08:32 94720 ----a-w c:\windows\system32\SETD2.tmp
2009-03-08 08:32 . 2009-03-08 08:32 594432 ----a-w c:\windows\system32\SETD6.tmp
2009-03-08 08:32 . 2009-03-08 08:32 1985024 ----a-w c:\windows\system32\SETCC.tmp
2009-03-08 08:32 . 2009-03-08 08:32 611840 ----a-w c:\windows\system32\SETE2.tmp
2009-03-08 08:31 . 2009-03-08 08:31 183808 ----a-w c:\windows\system32\SETCA.tmp
2009-03-08 08:31 . 2009-03-08 08:31 13312 ------w c:\windows\system32\SETD8.tmp
2009-03-08 08:31 . 2009-03-08 08:31 59904 ----a-w c:\windows\system32\SETBD.tmp
2009-03-08 08:31 . 2009-03-08 08:31 55296 ----a-w c:\windows\system32\SETD7.tmp
2009-03-08 08:31 . 2009-03-08 08:31 348160 ----a-w c:\windows\system32\SETBA.tmp
2009-03-08 08:31 . 2009-03-08 08:31 34816 ----a-w c:\windows\system32\SETD0.tmp
2009-03-08 08:31 . 2009-03-08 08:31 216064 ----a-w c:\windows\system32\SETBB.tmp
2009-03-08 08:31 . 2009-03-08 08:31 46592 ----a-w c:\windows\system32\SETE4.tmp
2009-03-08 08:31 . 2009-03-08 08:31 66560 ----a-w c:\windows\system32\SETDD.tmp
2009-03-08 08:31 . 2009-03-08 08:31 48128 ----a-w c:\windows\system32\SETDE.tmp
2009-03-08 08:31 . 2009-03-08 08:31 45568 ----a-w c:\windows\system32\SETD9.tmp
2009-03-08 08:31 . 2009-03-08 08:31 1638912 ----a-w c:\windows\system32\SETDC.tmp
2009-03-08 08:30 . 2009-03-08 08:30 66560 ----a-w c:\windows\system32\SETE5.tmp
2009-03-08 08:22 . 2009-03-08 08:22 164352 ------w c:\windows\system32\SETCE.tmp
2009-03-08 08:22 . 2009-03-08 08:22 156160 ----a-w c:\windows\system32\SETDF.tmp
2009-03-08 08:15 . 2009-03-08 08:15 57667 ----a-w c:\windows\system32\SETCF.tmp
2009-03-08 08:11 . 2009-03-08 08:11 445952 ----a-w c:\windows\system32\SETC5.tmp
2009-03-06 14:00 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-26 16:12 826368 ----a-w c:\windows\system32\wininet.dll
2008-09-12 02:33 . 2008-09-12 02:33 27976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-09-12 02:33 . 2008-09-12 02:33 125848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2006-07-13 01:10 . 2006-07-13 01:10 53283 ----a-w c:\program files\mozilla firefox\plugins\NCScnet.dll
2006-07-13 01:10 . 2006-07-13 01:10 1044514 ----a-w c:\program files\mozilla firefox\plugins\NCSEcw.dll
2006-07-13 01:10 . 2006-07-13 01:10 98339 ----a-w c:\program files\mozilla firefox\plugins\NCSUtil.dll
2007-12-28 22:24 . 2007-12-28 22:24 1031619 --sh--w c:\windows\system32\irlxqiwr.tmp
.

((((((((((((((((((((((((((((( SnapShot_2009-05-28_04.38.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-30 01:20 . 2009-05-30 01:20 16384 c:\windows\Temp\Perflib_Perfdata_190.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-02-16 492808]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-22 148888]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 337216]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"<NO NAME>"= c:\\ocqkmoc.exe
"c:\\WINDOWS\\system32\\kdfmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/16/2008 5:00 AM 36368]
R2 WUSB54GSSVC;WUSB54GSSVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [4/9/2006 7:11 PM 41025]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2/16/2008 5:00 AM 333328]
S1 da13ac3e;da13ac3e;c:\windows\system32\drivers\da13ac3e.sys [3/28/2009 3:37 PM 0]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [9/27/2008 3:02 PM 52624]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~2\TmPfw.exe [9/27/2008 3:03 PM 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [9/27/2008 3:03 PM 648456]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/26/2009 4:46 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-13 21:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\n7hnubt8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... Fab&query=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NP_NCS6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NP_NCSPB6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NP_NCSTB6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 22:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-30 22:09
ComboFix-quarantined-files.txt 2009-05-30 02:09
ComboFix2.txt 2009-05-28 04:42
ComboFix3.txt 2009-05-26 22:35

Pre-Run: 68,532,985,856 bytes free
Post-Run: 68,589,826,048 bytes free

348 --- E O F --- 2009-05-28 04:12
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » May 30th, 2009, 6:04 am

NoSound,
-----------------------------------------------------------
Run Cleaning Scan.
Open CCleaner.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
Reset System Restore Points
  • Click Start > Help and Support
  • Click on ->Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close Help and Support Center.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.

I think we've gotten them all. This gives you an idea how seious it can be once a backdoor bot gets into a machine (and how dangerous it is to use Limewire). As we discussed earlier, we can never be sure about all the Security settings.
Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 31st, 2009, 11:31 pm

Hi askey127:

Thank you so much for your help!! My computer is running fine exept that I still have no sound from my speakers.I can play video just fine and the sounds coming from inside the computer are audible, but that's it. Since you specialize in malware removal, should I go to a different board? I really appreciate what you've done for me, I feel bad asking you to help me with my sound problem.
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » June 1st, 2009, 6:21 am

NoSound,
We do specialize in malware. There are other boards out there that specialize in hardware and Systems issues. It would be most effective for you to utilize one of them.
---------------------------------------------------------
Good System/Hardware Help Forums
GeekstoGo here: http://www.geekstogo.com/forum/Windows-XP-2000-2003-NT-f5.html
or
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/

All may require you to register free before posting for help.
Good luck, and glad we could help out.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » June 1st, 2009, 6:55 pm

askey127:

Thank you so much for your help! You were very precise in your instruction. I wish there were more people like you. Take care and thanks again.
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 71 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware