ComboFix 10-01-18.02 - Michael 01/19/2010  12:48:31.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.498 [GMT -8:00]
Running from: c:\documents and settings\Michael\Desktop\prep.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

(((((((((((((((((((((((((   Files Created from 2009-12-19 to 2010-01-19  )))))))))))))))))))))))))))))))
.

2010-01-19 20:40 . 2010-01-19 20:40	664	----a-w-	c:\windows\system32\d3d9caps.dat
2010-01-19 10:17 . 2010-01-19 10:49	--------	d-----w-	C:\prep
2010-01-15 02:46 . 2010-01-15 02:46	388096	----a-r-	c:\documents and settings\Michael\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-15 02:46 . 2010-01-15 02:46	--------	d-----w-	c:\program files\TrendMicro
2010-01-14 04:58 . 2010-01-14 04:58	--------	d-----w-	c:\documents and settings\Michael\Application Data\dvdcss
2010-01-08 01:15 . 2010-01-08 01:15	--------	d-sh--w-	c:\windows\system32\config\systemprofile\IETldCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 20:40 . 2009-05-31 19:21	720	----a-w-	c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-01-19 10:44 . 2007-01-15 23:45	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-01-18 18:38 . 2007-03-10 21:48	--------	d-----w-	c:\program files\BitTorrent
2010-01-14 04:28 . 2010-01-14 05:04	233742	----a-w-	c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-01-10 03:00 . 2007-03-10 21:48	--------	d-----w-	c:\documents and settings\Michael\Application Data\BitTorrent
2009-10-29 07:45 . 2005-08-16 10:18	916480	------w-	c:\windows\system32\wininet.dll
2008-07-18 04:03 . 2007-02-08 00:54	88	--sh--r-	c:\windows\system32\9F6F420A84.sys
2008-07-18 04:03 . 2007-02-08 00:54	2828	-csha-w-	c:\windows\system32\KGyGaAvL.sys
1601-01-01 00:03 . 1601-01-01 00:03	91136	--sha-w-	c:\windows\system32\lesetate.dll
1601-01-01 00:03 . 1601-01-01 00:03	51200	-csha-w-	c:\windows\system32\lonamapo.dll
1601-01-01 00:03 . 1601-01-01 00:03	91136	--sha-w-	c:\windows\system32\mosoraza.dll
1601-01-01 00:03 . 1601-01-01 00:03	61440	--sha-w-	c:\windows\system32\nekigese.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-01-19_10.55.42   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-19 20:40 . 2010-01-19 20:40	16384              c:\windows\Temp\Perflib_Perfdata_498.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7954c953-6ae4-4455-8c28-93e90457d423}]
1601-01-01 00:03	51200	-csha-w-	c:\windows\system32\lonamapo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-23 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-15 169984]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-03 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-22 185896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

c:\documents and settings\Michael\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-15 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\PROGRA~1\\ExamSoft\\SofTest\\SoftLnch.exe"=
"c:\\PROGRA~1\\ExamSoft\\SofTest\\softest.exe"= c:\\PROGRA~1\\ExamSoft\\SofTest\\SofTest.exe
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\PcCmdCom.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\PccUpdUI.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft SQL Server\\80\\Tools\\Binn\\sqlmangr.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [4/23/2007 8:08 AM 81688]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/25/2006 1:26 PM 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [9/25/2006 1:26 PM 280392]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [9/25/2006 1:26 PM 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [9/25/2006 1:26 PM 923216]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [9/25/2006 1:26 PM 566872]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 12:22 PM 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://internal.law.uidaho.edu/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070115
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {{035E680E-B668-472F-91F3-E850BCC5051F} - c:\program files\Crawler\Notes\CNotes.exe
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\gjoa3j5n.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 12:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1532)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2008)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-19  12:57:58
ComboFix-quarantined-files.txt  2010-01-19 20:57
ComboFix2.txt  2010-01-19 11:03

Pre-Run: 22,036,221,952 bytes free
Post-Run: 21,975,457,792 bytes free

- - End Of File - - 62978DFBFFE1D2C74978CE09A20F93CD