Evil Virtumonde! I'm freaking out!

[d_leigh]

Freaking out about Virtumonde.dll!

When I first discovered I had it, it had disabled all of my Services including internet, themes, everything. It even had its own theme and wallpaper which said that my computer was infected and I should download AntiVirus software. What a bold challenge.

So after I figured it out I scanned my computer with Spybot and re-enabled all my services according to the default states which I found on a website. Obviously if some things are disabled the computer won't even start, etc. So I fixed that, then I ran msconfig to see what was starting up when I logged in. Some creepy things that were attaching themselves to rundll32.exe, so I went into System32 and deleted the gibberish file names that were starting up sketchily. That seemed to help a lot.

Then I ran Spybot some more, and then it started coming up with less and less Virtumonde files every time I ran it, which is also a good thing. However, my computer is still running REALLY sluggish and there are a lot of executable file errors that are happening. For some examples...

• when I put in my password after startup to log into my computer, an error appears:
  
  

  userinit.exe - Application Error
  
  The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.

I click OK, but then when my wallpaper loads and everything...

• Nothing else shows up! No icons, no start bar... NOTHING. So I have to bring up the Task Manager and run explorer.exe, and only after I do that will it load. BUT THEN...

• A command prompt pops up labeled
  

  C:\WINDOWS\SYSTEM32\CMD.EXE

  but the box remains empty. Then another executable error box pops up with, instead of userinit.exe it says Rundll32.exe. And then a couple more empty command boxes and then some more error boxes. I did note that there was a separate error for Rundll32.exe and rundll32.exe. Is there any significance?

The same happens when I try to change user profiles, and when I try to get into Add/Remove Programs, and whenever I try to install something new. This includes... HijackThis.exe

I can't install HijackThis so I can't give you a report. I have read the other virtumonde problems and everybody has a report to offer. I even tried to reboot in safe mode and install it but I got the same error.

I'm really freaking out, I need this computer for school! PLEASE somebody help me!!!

[d_leigh]

I occasionally use RegClean and AdAware SE Personal for my computer... I'm sure this is important information.

[Blade81]

Hi

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

[d_leigh]

THANK YOU SO MUCH!

main.txt

Deckard's System Scanner v20071014.68
Run by Brenda Leigh on 2008-08-10 16:43:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-08-10 20:43:36 UTC - RP13 - Deckard's System Scanner Restore Point
12: 2008-08-10 16:28:28 UTC - RP12 - System Checkpoint
11: 2008-08-09 16:20:08 UTC - RP11 - Installed Microsoft Office Enterprise 2007
10: 2008-08-09 16:13:25 UTC - RP10 - Removed Microsoft Office Enterprise 2007
9: 2008-08-09 09:26:26 UTC - RP9 - System Checkpoint


-- First Restore Point --
1: 2008-08-01 11:52:12 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-10 16:46:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Brenda Leigh\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {00F153D7-3974-4FE5-B893-BA04DA1C088b} - C:\WINDOWS\system32\phylbpho.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {20E59CA2-78B0-4431-BFD0-D8B5ADFC0056} - (no file)
O2 - BHO: (no name) - {4F68DC11-F2A8-49AF-8E73-157AA881CD58} - C:\WINDOWS\system32\byXOiJYo.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: {78dd9d7c-8172-236b-1ef4-68fad05df606} - {606fd50d-af86-4fe1-b632-2718c7d9dd87} - C:\WINDOWS\system32\txbjbz.dll
O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B3B9FFDA-0EDD-4D8E-8720-1B50B484D625} - C:\WINDOWS\system32\urqOFwwx.dll (file missing)
O2 - BHO: (no name) - {C5D6DE3A-3BA3-43E5-AA02-0E3DE625648A} - C:\WINDOWS\system32\geBuVNde.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5385] command /c del "C:\WINDOWS\system32\byXOiJYo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8141] cmd /c del "C:\WINDOWS\system32\byXOiJYo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7019] command /c del "C:\WINDOWS\system32\lobmdenu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1469] cmd /c del "C:\WINDOWS\system32\lobmdenu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7817] command /c del "C:\WINDOWS\system32\byXOiJYo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7963] cmd /c del "C:\WINDOWS\system32\byXOiJYo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3129] command /c del "C:\WINDOWS\system32\lobmdenu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8686] cmd /c del "C:\WINDOWS\system32\lobmdenu.dll_old"
O4 - HKUS\S-1-5-18\..\RunOnce: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Brenda Leigh\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000162-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...B9/wma9dmo.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll txbjbz.dll
O20 - Winlogon Notify: awttTMcA - C:\WINDOWS\system32\awttTMcA.dll (file missing)
O20 - Winlogon Notify: urqNETmJ - C:\WINDOWS\system32\urqNETmJ.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 12450 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
S3 btwhid - c:\windows\system32\drivers\btwhid.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; Politecnico di Torino; NPF Driver>
S3 ovt519 (Sony PS2 EyeToy) - c:\windows\system32\drivers\ov519vid.sys (file missing)
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)
S3 SPLITCAM (Splitcam, WDM Camera Stream Splitter) - c:\windows\system32\drivers\splitcam.sys (file missing)
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe (file missing)
S3 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
S3 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>
S4 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-07 12:10:00 284 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-08-05 18:49:40 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-31 13:10:55 406 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 14:36:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-09 12:21:44 0 d-------- C:\WINDOWS\SHELLNEW
2008-08-09 12:20:10 0 dr-h----- C:\MSOCache
2008-08-04 09:24:28 101376 --a------ C:\WINDOWS\system32\uvxavekn.dll
2008-08-04 09:24:28 101376 --a------ C:\WINDOWS\system32\seddze.dll
2008-08-03 09:24:27 100864 --a------ C:\WINDOWS\system32\whhxstcs.dll
2008-08-03 09:24:27 100864 --a------ C:\WINDOWS\system32\rcnjhy.dll
2008-08-03 09:18:27 90624 --a------ C:\WINDOWS\system32\mtybklgy.dll
2008-08-02 23:03:22 0 d-------- C:\WINDOWS\system32\NtmsData
2008-08-02 09:23:29 100864 --a------ C:\WINDOWS\system32\txbjbz.dll
2008-08-02 09:23:28 100864 --a------ C:\WINDOWS\system32\yvyndjyw.dll
2008-08-01 23:07:20 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\acccore
2008-08-01 23:04:52 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-01 09:14:34 892271 --ahs---- C:\WINDOWS\system32\oYJiOXyb.ini2
2008-08-01 09:02:34 150 --a------ C:\WINDOWS\system32\mhncache.dat
2008-07-31 21:47:36 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\rhca6oj0e369
2008-07-31 21:46:28 110080 --a------ C:\WINDOWS\system32\lphce6oj0e369.exe
2008-07-31 21:45:35 449 --ahs---- C:\WINDOWS\system32\edNVuBeg.ini2
2008-07-30 23:52:44 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Amaranth Games
2008-07-30 16:55:45 95744 --a------ C:\WINDOWS\system32\zzenlt.dll
2008-07-30 16:55:44 95744 --a------ C:\WINDOWS\system32\qvfmtddq.dll
2008-07-30 16:54:00 89600 --a------ C:\WINDOWS\system32\rctpqtwe.dll
2008-07-30 16:52:41 3633 --ahs---- C:\WINDOWS\system32\xwwFOqru.ini2
2008-07-30 16:50:01 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-07-29 23:19:10 0 d-------- C:\Program Files\LeeGTs Games
2008-07-28 01:20:37 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\SulusGames
2008-07-27 21:28:17 0 d-------- C:\Program Files\Diet Analysis Plus 8.0
2008-07-24 00:05:48 0 d-------- C:\Program Files\DivX
2008-07-23 15:21:59 0 d-------- C:\Program Files\Shock Utility
2008-07-23 15:20:32 65536 --a------ C:\WINDOWS\IFinst27.exe
2008-07-22 18:56:19 0 d--hs---- C:\Documents and Settings\Brenda Leigh\Recent
2008-07-22 16:55:13 0 d--h----- C:\WINDOWS\FlyakiteOSX
2008-07-21 14:12:03 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\blg
2008-07-21 14:12:03 0 d-------- C:\Documents and Settings\All Users\Application Data\blg
2008-07-20 12:03:19 0 d-------- C:\Program Files\Bonjour
2008-07-18 13:38:30 0 d-------- C:\WINDOWS\system32\runtime
2008-07-18 13:38:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-18 13:38:14 0 d-------- C:\Program Files\Norton Security Scan
2008-07-18 13:37:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-11 17:03:47 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\ViquaSoft


-- Find3M Report ---------------------------------------------------------------

2008-08-09 17:40:08 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\SPORE Creature Creator
2008-08-09 17:09:36 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\uTorrent
2008-08-09 12:36:45 45480 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-08-08 17:22:51 0 d-------- C:\Program Files\Symantec AntiVirus
2008-08-05 18:49:32 0 d-------- C:\Program Files\Apple Software Update
2008-08-02 23:08:02 0 d-------- C:\Program Files\Common Files\AOL
2008-08-02 20:17:42 0 d-------- C:\Program Files\iTunes
2008-08-02 20:16:34 0 d-------- C:\Program Files\iPod
2008-07-30 23:52:21 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\PlayFirst
2008-07-30 23:51:37 0 d-------- C:\Program Files\PlayFirst
2008-07-27 19:36:04 0 d-------- C:\Program Files\uTorrent
2008-07-26 02:11:46 0 d-------- C:\Program Files\Trillian
2008-07-23 15:07:06 0 d-------- C:\Program Files\Messenger
2008-07-23 15:07:05 0 d-------- C:\Program Files\Windows NT
2008-07-23 15:07:05 0 d-------- C:\Program Files\Movie Maker
2008-07-22 17:19:20 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 13:03:02 0 d-------- C:\Program Files\QuickTime
2008-07-18 13:38:28 0 d-------- C:\Program Files\Google
2008-07-06 22:06:16 0 d-------- C:\Program Files\MusicBrainz Picard
2008-07-06 20:50:25 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Ludia
2008-07-05 11:21:45 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Viewpoint
2008-07-03 16:53:02 0 --a------ C:\WINDOWS\system32\(null)id
2008-07-01 22:35:21 0 d-------- C:\Program Files\Safari
2008-06-29 23:29:45 0 d-------- C:\Program Files\AIM
2008-06-27 13:30:54 4096 --a------ C:\WINDOWS\system32\crash
2008-06-27 13:11:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 13:02:34 0 dr-h----- C:\Documents and Settings\Brenda Leigh\Application Data\SecuROM
2008-06-27 12:42:14 3056 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-25 15:30:51 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Real
2008-06-25 15:16:44 0 d-------- C:\Program Files\Common Files
2008-06-25 15:16:44 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-25 15:16:37 0 d-------- C:\Program Files\Common Files\Real
2008-06-23 19:17:18 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Skype
2008-06-23 19:17:05 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\skypePM
2008-06-22 16:20:30 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Azureus
2008-06-21 00:01:43 0 d-------- C:\Program Files\Electronic Arts
2008-06-17 08:37:09 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Mozilla
2008-06-16 22:27:08 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Yahoo!
2008-05-12 19:12:59 9762 --a----c- C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------



-- Hosts -----------------------------------------------------------------------

66.98.148.65 auto.search.msn.es
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

7903 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-10 16:47:01 ------------









extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 511.4 MiB / 214.21 MiB
Pagefile Memory (total/avail): 1246.07 MiB / 893.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.82 MiB

C: is Fixed (NTFS) - 51.18 GiB total, 11.26 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - HTS726060M9AT00 - 55.89 GiB - 3 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 51.18 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB

\\.\PHYSICALDRIVE1 - - 7.84 MiB - partitions
\PARTITION0 - MS-DOS V4 Huge - 971.88 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Lemonade Tycoon 2\\Lemonade2.exe"="C:\\Program Files\\Lemonade Tycoon 2\\Lemonade2.exe:*:Enabled:Lemonade2"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MusicBrainz Picard\\picard.exe"="C:\\Program Files\\MusicBrainz Picard\\picard.exe:*:Enabled:The next generation MusicBrainz tagger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Office\\Office12\\outlook.exe"="C:\\Program Files\\Microsoft Office\\Office12\\outlook.exe:*:Enabled:Microsoft Office Outlook"


-- Environment Variables -------------------------------------------------------



-- User Profiles ---------------------------------------------------------------

Brenda Leigh (admin)
Not Dendra.DENDRA
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type32576 / Error
Event Submitted/Written: 08/10/2008 03:09:51 PM / 08/10/2008 03:09:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module shlwapi.dll, version 6.0.2900.2995, fault address 0x000083e4.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type32572 / Error
Event Submitted/Written: 08/10/2008 01:38:53 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type32558 / Error
Event Submitted/Written: 08/09/2008 05:33:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module shlwapi.dll, version 6.0.2900.2995, fault address 0x000083e4.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type32548 / Warning
Event Submitted/Written: 08/09/2008 00:32:01 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type32547 / Warning
Event Submitted/Written: 08/09/2008 00:31:59 PM / 08/09/2008 00:32:00 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type22316 / Error
Event Submitted/Written: 08/10/2008 04:43:42 PM
Event ID/Source: 7032 / Service Control Manager
Event Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error:
%%1058

Event Record #/Type22315 / Error
Event Submitted/Written: 08/10/2008 04:42:41 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type22314 / Error
Event Submitted/Written: 08/10/2008 04:39:37 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type22313 / Error
Event Submitted/Written: 08/10/2008 04:39:37 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Google Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.

Event Record #/Type22302 / Warning
Event Submitted/Written: 08/10/2008 07:02:02 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-08-10 16:47:01 ------------

[Blade81]

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
Azureus


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Documents and Settings\Brenda Leigh\Application Data\uTorrent
C:\Program Files\uTorrent
C:\Documents and Settings\Brenda Leigh\Application Data\Azureus
C:\Program Files\Azureus

Empty Recycle Bin.

After that:

• Click Start and then Run to bring up the Run box.
• Copy and paste the contents of this quote box into the run box:
  

  "%userprofile%\desktop\dss.exe" /config

• Close all other open windows.
• Click OK.
• A window will now open. Click Check All and then click Scan!.
• When the scan is complete, two text files will open in Notepad:
  • main.txt <- this one will be maximized
  • extra.txt <- this one will be minimized
• If not, they both can be found in the C:\Deckard\System Scanner folder.
• Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.

[d_leigh]

Okay I am unable to access Add/Remove Programs. I get an error that says:

rundll32.exe - Application Error

The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.

I did, however, access:

C:\Documents and Settings\Brenda Leigh\Application Data\*uTorrent*
C:\Program Files\*uTorrent*
C:\Documents and Settings\Brenda Leigh\Application Data\*Azureus*
C:\Program Files\*Azureus*

And then cleared the recycle bin.

Here are the reports...




main.txt

Deckard's System Scanner v20071014.68
Run by Brenda Leigh on 2008-08-11 01:09:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2008-08-11 05:09:29 UTC - RP15 - Deckard's System Scanner Restore Point
14: 2008-08-11 03:51:23 UTC - RP14 - Software Distribution Service 3.0
13: 2008-08-10 20:43:36 UTC - RP13 - Deckard's System Scanner Restore Point
12: 2008-08-10 16:28:28 UTC - RP12 - System Checkpoint
11: 2008-08-09 16:20:08 UTC - RP11 - Installed Microsoft Office Enterprise 2007


-- First Restore Point --
1: 2008-08-01 11:52:12 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Brenda Leigh.exe) ----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-11 01:13:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Brenda Leigh\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {00F153D7-3974-4FE5-B893-BA04DA1C088b} - C:\WINDOWS\system32\phylbpho.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {20E59CA2-78B0-4431-BFD0-D8B5ADFC0056} - (no file)
O2 - BHO: (no name) - {4F68DC11-F2A8-49AF-8E73-157AA881CD58} - C:\WINDOWS\system32\byXOiJYo.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: {78dd9d7c-8172-236b-1ef4-68fad05df606} - {606fd50d-af86-4fe1-b632-2718c7d9dd87} - C:\WINDOWS\system32\txbjbz.dll
O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B3B9FFDA-0EDD-4D8E-8720-1B50B484D625} - C:\WINDOWS\system32\urqOFwwx.dll (file missing)
O2 - BHO: (no name) - {C5D6DE3A-3BA3-43E5-AA02-0E3DE625648A} - C:\WINDOWS\system32\geBuVNde.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5385] command /c del "C:\WINDOWS\system32\byXOiJYo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8141] cmd /c del "C:\WINDOWS\system32\byXOiJYo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7019] command /c del "C:\WINDOWS\system32\lobmdenu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1469] cmd /c del "C:\WINDOWS\system32\lobmdenu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7817] command /c del "C:\WINDOWS\system32\byXOiJYo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7963] cmd /c del "C:\WINDOWS\system32\byXOiJYo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3129] command /c del "C:\WINDOWS\system32\lobmdenu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8686] cmd /c del "C:\WINDOWS\system32\lobmdenu.dll_old"
O4 - HKUS\S-1-5-18\..\RunOnce: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Brenda Leigh\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000162-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...B9/wma9dmo.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll txbjbz.dll
O20 - Winlogon Notify: awttTMcA - C:\WINDOWS\system32\awttTMcA.dll (file missing)
O20 - Winlogon Notify: urqNETmJ - C:\WINDOWS\system32\urqNETmJ.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 12565 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
S3 btwhid - c:\windows\system32\drivers\btwhid.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; Politecnico di Torino; NPF Driver>
S3 ovt519 (Sony PS2 EyeToy) - c:\windows\system32\drivers\ov519vid.sys (file missing)
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)
S3 SPLITCAM (Splitcam, WDM Camera Stream Splitter) - c:\windows\system32\drivers\splitcam.sys (file missing)
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe (file missing)
S3 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
S3 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>
S4 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 1048)
2003-02-26 21:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2008-08-02 09:23:29 100864 --a------ C:\WINDOWS\system32\txbjbz.dll
2008-07-22 17:19:20 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-09-07 18:08:06 110592 --a------ C:\Program Files\Intel\Wireless\Bin\LgNotify.dll <Not Verified; Intel Corporation; LogonNotify Dynamic Link Library>

C:\WINDOWS\system32\svchost.exe (pid 1296)
2008-07-22 17:19:20 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2003-02-26 21:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2008-08-02 09:23:29 100864 --a------ C:\WINDOWS\system32\txbjbz.dll

C:\WINDOWS\system32\svchost.exe (pid 1428)
2008-07-22 17:19:20 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2003-02-26 21:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2008-08-02 09:23:29 100864 --a------ C:\WINDOWS\system32\txbjbz.dll
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\system32\svchost.exe (pid 1308)
2008-07-22 17:19:20 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2003-02-26 21:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2008-08-02 09:23:29 100864 --a------ C:\WINDOWS\system32\txbjbz.dll

C:\WINDOWS\explorer.exe (pid 536)
2008-07-22 17:19:20 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2003-02-26 21:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2008-08-02 09:23:29 100864 --a------ C:\WINDOWS\system32\txbjbz.dll
2008-07-30 10:47:56 43008 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll <Not Verified; Apple Inc.; iTunes>
2008-07-30 10:47:56 129536 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll <Not Verified; Apple Inc.; iTunes>
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>
2006-07-03 13:51:50 126464 --a------ C:\Program Files\WinRAR\RarExt.dll
2007-05-11 01:51:42 152064 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\BIBUtils.dll <Not Verified; Adobe Systems Incorporated; BIBUtils>
2007-01-23 12:39:44 443904 -ra----c- C:\Program Files\Adobe\Reader 8.0\Reader\JP2KLib.dll <Not Verified; Adobe Systems Incorporated; JP2KLib>
2007-04-15 22:56:10 389120 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll <Not Verified; ; Adobe XMP Core>

C:\WINDOWS\system32\svchost.exe (pid 2648)
2008-07-22 17:19:20 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2003-02-26 21:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2008-08-02 09:23:29 100864 --a------ C:\WINDOWS\system32\txbjbz.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-08-07 12:10:00 284 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-08-05 18:49:40 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-31 13:10:55 406 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-10 14:36:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-09 12:21:44 0 d-------- C:\WINDOWS\SHELLNEW
2008-08-09 12:20:10 0 dr-h----- C:\MSOCache
2008-08-04 09:24:28 101376 --a------ C:\WINDOWS\system32\uvxavekn.dll
2008-08-04 09:24:28 101376 --a------ C:\WINDOWS\system32\seddze.dll
2008-08-03 09:24:27 100864 --a------ C:\WINDOWS\system32\whhxstcs.dll
2008-08-03 09:24:27 100864 --a------ C:\WINDOWS\system32\rcnjhy.dll
2008-08-03 09:18:27 90624 --a------ C:\WINDOWS\system32\mtybklgy.dll
2008-08-02 23:03:22 0 d-------- C:\WINDOWS\system32\NtmsData
2008-08-02 09:23:29 100864 --a------ C:\WINDOWS\system32\txbjbz.dll
2008-08-02 09:23:28 100864 --a------ C:\WINDOWS\system32\yvyndjyw.dll
2008-08-01 23:07:20 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\acccore
2008-08-01 23:04:52 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-01 09:14:34 892271 --ahs---- C:\WINDOWS\system32\oYJiOXyb.ini2
2008-08-01 09:02:34 150 --a------ C:\WINDOWS\system32\mhncache.dat
2008-07-31 21:47:36 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\rhca6oj0e369
2008-07-31 21:46:28 110080 --a------ C:\WINDOWS\system32\lphce6oj0e369.exe
2008-07-31 21:45:35 449 --ahs---- C:\WINDOWS\system32\edNVuBeg.ini2
2008-07-30 23:52:44 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Amaranth Games
2008-07-30 16:55:45 95744 --a------ C:\WINDOWS\system32\zzenlt.dll
2008-07-30 16:55:44 95744 --a------ C:\WINDOWS\system32\qvfmtddq.dll
2008-07-30 16:54:00 89600 --a------ C:\WINDOWS\system32\rctpqtwe.dll
2008-07-30 16:52:41 3633 --ahs---- C:\WINDOWS\system32\xwwFOqru.ini2
2008-07-30 16:50:01 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-07-29 23:19:10 0 d-------- C:\Program Files\LeeGTs Games
2008-07-28 01:20:37 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\SulusGames
2008-07-27 21:28:17 0 d-------- C:\Program Files\Diet Analysis Plus 8.0
2008-07-24 00:05:48 0 d-------- C:\Program Files\DivX
2008-07-23 15:21:59 0 d-------- C:\Program Files\Shock Utility
2008-07-23 15:20:32 65536 --a------ C:\WINDOWS\IFinst27.exe
2008-07-22 18:56:19 0 d--hs---- C:\Documents and Settings\Brenda Leigh\Recent
2008-07-22 16:55:13 0 d--h----- C:\WINDOWS\FlyakiteOSX
2008-07-21 14:12:03 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\blg
2008-07-21 14:12:03 0 d-------- C:\Documents and Settings\All Users\Application Data\blg
2008-07-20 12:03:19 0 d-------- C:\Program Files\Bonjour
2008-07-18 13:38:30 0 d-------- C:\WINDOWS\system32\runtime
2008-07-18 13:38:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-18 13:38:14 0 d-------- C:\Program Files\Norton Security Scan
2008-07-18 13:37:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-11 17:03:47 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\ViquaSoft


-- Find3M Report ---------------------------------------------------------------

2008-08-09 17:40:08 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\SPORE Creature Creator
2008-08-09 12:36:45 45480 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-08-08 17:22:51 0 d-------- C:\Program Files\Symantec AntiVirus
2008-08-05 18:49:32 0 d-------- C:\Program Files\Apple Software Update
2008-08-02 23:08:02 0 d-------- C:\Program Files\Common Files\AOL
2008-08-02 20:17:42 0 d-------- C:\Program Files\iTunes
2008-08-02 20:16:34 0 d-------- C:\Program Files\iPod
2008-07-30 23:52:21 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\PlayFirst
2008-07-30 23:51:37 0 d-------- C:\Program Files\PlayFirst
2008-07-27 19:36:04 0 d-------- C:\Program Files\uTorrent
2008-07-26 02:11:46 0 d-------- C:\Program Files\Trillian
2008-07-23 15:07:06 0 d-------- C:\Program Files\Messenger
2008-07-23 15:07:05 0 d-------- C:\Program Files\Windows NT
2008-07-23 15:07:05 0 d-------- C:\Program Files\Movie Maker
2008-07-22 17:19:20 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 13:03:02 0 d-------- C:\Program Files\QuickTime
2008-07-18 13:38:28 0 d-------- C:\Program Files\Google
2008-07-06 22:06:16 0 d-------- C:\Program Files\MusicBrainz Picard
2008-07-06 20:50:25 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Ludia
2008-07-05 11:21:45 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Viewpoint
2008-07-03 16:53:02 0 --a------ C:\WINDOWS\system32\(null)id
2008-07-01 22:35:21 0 d-------- C:\Program Files\Safari
2008-06-29 23:29:45 0 d-------- C:\Program Files\AIM
2008-06-27 13:30:54 4096 --a------ C:\WINDOWS\system32\crash
2008-06-27 13:11:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 13:02:34 0 dr-h----- C:\Documents and Settings\Brenda Leigh\Application Data\SecuROM
2008-06-27 12:42:14 3056 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-25 15:30:51 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Real
2008-06-25 15:16:44 0 d-------- C:\Program Files\Common Files
2008-06-25 15:16:44 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-25 15:16:37 0 d-------- C:\Program Files\Common Files\Real
2008-06-23 19:17:18 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Skype
2008-06-23 19:17:05 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\skypePM
2008-06-21 00:01:43 0 d-------- C:\Program Files\Electronic Arts
2008-06-17 08:37:09 0 d-------- C:\Documents and Settings\Brenda Leigh\Application Data\Mozilla
2008-05-12 19:12:59 9762 --a----c- C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------



-- Hosts -----------------------------------------------------------------------

66.98.148.65 auto.search.msn.es
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

7903 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-11 01:14:17 ------------





extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 511.4 MiB / 217.72 MiB
Pagefile Memory (total/avail): 1246.07 MiB / 880.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.61 MiB

C: is Fixed (NTFS) - 51.18 GiB total, 11.21 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - HTS726060M9AT00 - 55.89 GiB - 3 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 51.18 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB

\\.\PHYSICALDRIVE1 - - 7.84 MiB - partitions
\PARTITION0 - MS-DOS V4 Huge - 971.88 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Lemonade Tycoon 2\\Lemonade2.exe"="C:\\Program Files\\Lemonade Tycoon 2\\Lemonade2.exe:*:Enabled:Lemonade2"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MusicBrainz Picard\\picard.exe"="C:\\Program Files\\MusicBrainz Picard\\picard.exe:*:Enabled:The next generation MusicBrainz tagger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Office\\Office12\\outlook.exe"="C:\\Program Files\\Microsoft Office\\Office12\\outlook.exe:*:Enabled:Microsoft Office Outlook"


-- Environment Variables -------------------------------------------------------



-- User Profiles ---------------------------------------------------------------

Brenda Leigh (admin)
Not Dendra.DENDRA
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type32605 / Error
Event Submitted/Written: 08/11/2008 01:06:57 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type32576 / Error
Event Submitted/Written: 08/10/2008 03:09:51 PM / 08/10/2008 03:09:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module shlwapi.dll, version 6.0.2900.2995, fault address 0x000083e4.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type32572 / Error
Event Submitted/Written: 08/10/2008 01:38:53 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type32558 / Error
Event Submitted/Written: 08/09/2008 05:33:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module shlwapi.dll, version 6.0.2900.2995, fault address 0x000083e4.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type32548 / Warning
Event Submitted/Written: 08/09/2008 00:32:01 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type22333 / Error
Event Submitted/Written: 08/10/2008 11:51:45 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register with DCOM within the required timeout.

Event Record #/Type22330 / Error
Event Submitted/Written: 08/10/2008 11:51:15 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register with DCOM within the required timeout.

Event Record #/Type22321 / Warning
Event Submitted/Written: 08/10/2008 07:23:20 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type22316 / Error
Event Submitted/Written: 08/10/2008 04:43:42 PM
Event ID/Source: 7032 / Service Control Manager
Event Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error:
%%1058

Event Record #/Type22315 / Error
Event Submitted/Written: 08/10/2008 04:42:41 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.



-- End of Deckard's System Scanner: finished at 2008-08-11 01:14:17 ------------