asked on

Can't get to update.microsoft.com

My daughter's PC started acting strange 2 nights ago. She said she left the room and when she returned, the computer had restarted. Ever since then, she can't get to myspace or any site the allows downloads. Also, I can't get to update.microsoft.com to get latest updates and attempts to get avg or spybot updates also fail. It appears as if a trojan is blocking access to sites that might offer ways to remove it?

Any ideas or has anyone had the same issue where myspace is blocked? I can see update.microsoft.com or avg/spybot updates being block by malware, but myspace?

govindarajan78

have you tried using a different browser like firefox?

check tthe hosts file, can be found at c:/windows\system32\drives\etc

open it thru notepad if u see any thing apart from
127.0.0.1 localhost

remove it. down load latest windows defender and install

tremak

ASKER

I tried getting to myspace using both IE and firefox. I can ping www.myspace.com and get a response.

warturtle

Please download MalwareBytes Anti-Malware (www.malwarebytes.org) or SuperAntiSpyware (www.superantispyware.com) and do a full scan with them. Let us know, how your computer behaves after the scan.

tremak

ASKER

I downloaded SuperAntiSpyware yesterday and ran a compelete scan. It still can't access the sites

cemirc

Colud you try system restore ?
i didn't see system restore work before but you just try :)

tremak

ASKER

System restore is certainly an option, but as a very, very, very last resort.

mrroonie

why is system restore a last resort? it won't delete any work you have done on the machine, just system configuration changes - restore it to the day before your daughter had the troubles. i reckon that would be fine

tremak

ASKER

I'm not at home, so I can't try anything write now.

I'll give the malwarebytes a try first and if that doesn't happen, I'll see about the restore point.

mrroonie: I thought you meant a complete drive wipe and re-install.

mrroonie

no, that would be a bit drastic!

- Start>programs>accessories>system tools>system restore. restore to just before the corruption and you should be good to go. there are normally restore points set every couple of days so you shouldn't have to go back much further than when it happened

tremak

ASKER

Like I said in my last post, I'll try the malwarebytes tool first and restore point if needed.

Will let you both know. Thanks thus far for the fast responses

mrroonie

credit where credits due - i didn't suggest system restore first if it works. i would have done if i found this post quicker than cemirc tho....

tremak

ASKER

I tried both and neither worked.

Here is the Hijack this booted in safe mode

Can anyone spot something in here that might be causing this???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:03 PM, on 8/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 UXPVP/1.0.7.0 Firefox/3.0.11 (.NET CLR 3.5.30729)" -"http://www.nickjr.com/playtime/shows/blue/games/blue_paintwagon.jhtml"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10146 bytes

warturtle

Run HijackThis again and fix the below entry:

O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

Download ComboFix from: http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions as mentioned carefully before running ComboFix. Disable your computer security programs (antivirus, antispyware, etc) and then run ComboFix. Don't click in the COmboFix window, while its running. Re-enable the programs after COmboFix is done and then run MalwareBytes/SuperAntiSpyware again once. Please send that log to us.

tremak

ASKER

The 02 - BHO entry was gone. That might be because I've run several packages in an attempt to fix this and have uninstalled some things.

I ran Combofix.

Ran Malware and superantispyware.

Here's the hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:06 PM, on 8/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 UXPVP/1.0.7.0 Firefox/3.0.11 (.NET CLR 3.5.30729)" -"http://www.nickjr.com/playtime/shows/blue/games/blue_paintwagon.jhtml"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10736 bytes

warturtle

Can we also have the ComboFix log please?

warturtle

If SpyBot is enabled with TeaTimer protection, please disable it and then make the above changes.

From the HijackThis log:

You need to fix the below entries and then restart the browser once:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

I've seen something else - Adobe Reader 7.0 is installed on your PC, whereas the latest version is 9.1. You might want to upgrade this to get the latest version (along with any security fixes as well).

tremak

ASKER

I can see the log entries you ask me to remove in the saved log file, but they don't show up in the actual hijack this application to allow me to fix them.

Is there some config setting I need to change?

warturtle

That shouldn't happen, because I copied the HijackThis log from your last post and it still showed those 2 entries. Could you send us the ComboFix log?

dmoltrup

Have you tried starting in Safe Mode with networking and seeing if you can reach any websites?

tremak

ASKER

I tried booting in safe mode. I can get to some sites but not others. I can't figure out a pattern of any sort.

Here's the combo log

ComboFix 09-08-10.06 - Ashley 08/17/2009 19:11.2.2 - NTFSx86
Microsoft® Windows Vista" Home Basic 6.0.6001.1.1252.1.1033.18.2036.1119 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {CFA36E41-90EB-4023-89EB-6FD429C91088}
SP: CyberDefender Internet Security *enabled* (Updated) {08F66F3A-0EB8-4D31-9FC2-3BF48957A77A}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-17 23:18 . 2009-08-17 23:18      --------      d-----w-      c:\users\Public\AppData\Local\temp
2009-08-17 23:18 . 2009-08-17 23:18      --------      d-----w-      c:\users\Default\AppData\Local\temp
2009-08-16 16:43 . 2009-08-16 16:43      --------      d-----w-      c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-16 16:00 . 2009-08-16 16:00      --------      d-----w-      c:\programdata\RegCure
2009-08-16 16:00 . 2009-08-16 16:14      --------      d-----w-      c:\program files\RegCure
2009-08-16 13:55 . 2009-06-15 15:24      175104      ----a-w-      c:\windows\system32\wdigest.dll
2009-08-16 13:55 . 2009-06-15 15:24      270848      ----a-w-      c:\windows\system32\schannel.dll
2009-08-16 13:55 . 2009-06-15 15:23      1256448      ----a-w-      c:\windows\system32\lsasrv.dll
2009-08-16 13:55 . 2009-06-15 15:22      213504      ----a-w-      c:\windows\system32\msv1_0.dll
2009-08-16 13:55 . 2009-06-15 15:21      499712      ----a-w-      c:\windows\system32\kerberos.dll
2009-08-16 13:55 . 2009-06-15 18:20      439896      ----a-w-      c:\windows\system32\drivers\ksecdd.sys
2009-08-16 13:55 . 2009-06-15 15:24      72704      ----a-w-      c:\windows\system32\secur32.dll
2009-08-16 13:55 . 2009-06-15 12:57      9728      ----a-w-      c:\windows\system32\lsass.exe
2009-08-16 13:29 . 2009-08-16 13:29      67424      ----a-w-      c:\windows\system32\drivers\CDAVFS.sys
2009-08-16 13:29 . 2009-08-16 16:19      --------      d-----w-      c:\users\Ashley\AppData\Local\CyberDefender Internet Security
2009-08-15 23:12 . 2009-08-17 21:57      117760      ----a-w-      c:\users\Ashley\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-15 23:10 . 2009-08-15 23:10      --------      d-----w-      c:\program files\Common Files\Wise Installation Wizard
2009-08-15 20:03 . 2009-08-15 20:03      --------      d-----w-      c:\users\Ashley\AppData\Local\AIM Toolbar
2009-08-15 19:45 . 2009-08-15 19:45      --------      d-----w-      c:\program files\Trend Micro
2009-08-15 19:24 . 2009-08-15 19:24      3942047      ----a-w-      c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-15 13:35 . 2009-07-17 14:35      71680      ----a-w-      c:\windows\system32\atl.dll
2009-08-15 13:35 . 2009-06-10 12:12      160256      ----a-w-      c:\windows\system32\wkssvc.dll
2009-08-15 13:35 . 2009-06-04 12:34      2066432      ----a-w-      c:\windows\system32\mstscax.dll
2009-08-15 13:34 . 2009-06-10 12:07      91136      ----a-w-      c:\windows\system32\avifil32.dll
2009-08-15 13:34 . 2009-07-14 13:00      313344      ----a-w-      c:\windows\system32\wmpdxm.dll
2009-08-15 13:34 . 2009-07-14 12:58      7680      ----a-w-      c:\windows\system32\spwmp.dll
2009-08-15 13:34 . 2009-07-14 12:59      4096      ----a-w-      c:\windows\system32\dxmasf.dll
2009-08-15 13:34 . 2009-07-14 10:59      8147456      ----a-w-      c:\windows\system32\wmploc.DLL
2009-08-13 21:42 . 2009-08-13 21:42      --------      d-----w-      c:\programdata\SUPERAntiSpyware.com
2009-08-13 21:42 . 2009-08-15 23:10      --------      d-----w-      c:\program files\SUPERAntiSpyware
2009-08-13 21:42 . 2009-08-13 21:42      --------      d-----w-      c:\users\Ashley\AppData\Roaming\SUPERAntiSpyware.com
2009-08-10 20:09 . 2009-08-10 20:09      --------      d-----w-      c:\users\Ashley\AppData\Local\AOL
2009-08-02 22:48 . 2009-08-15 13:18      --------      d-----w-      c:\program files\Common Files\Software Update Utility
2009-08-02 22:47 . 2009-08-15 13:18      --------      d-----w-      c:\programdata\AIM Toolbar
2009-08-02 22:47 . 2009-08-15 13:18      --------      d-----w-      c:\program files\AIM Toolbar
2009-08-02 22:47 . 2009-08-15 13:18      --------      d-----w-      c:\programdata\acccore
2009-07-23 02:43 . 2009-08-14 00:19      --------      d-----w-      c:\users\Ashley\Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 19:53 . 2007-08-25 15:39      --------      d-----w-      c:\program files\Lx_cats
2009-08-16 15:42 . 2007-08-24 17:42      5892      ----a-w-      c:\users\Ashley\AppData\Local\d3d9caps.dat
2009-08-16 07:02 . 2006-11-02 11:18      --------      d-----w-      c:\program files\Windows Mail
2009-08-15 20:17 . 2007-08-18 07:28      --------      d-----w-      c:\program files\BAE
2009-08-15 19:24 . 2009-04-14 02:14      --------      d-----w-      c:\program files\Malwarebytes' Anti-Malware
2009-08-15 13:23 . 2009-04-10 16:38      --------      d-----w-      c:\program files\Bonjour
2009-08-15 13:21 . 2006-11-02 12:35      --------      d-----w-      c:\program files\Windows Sidebar
2009-08-15 13:21 . 2006-11-02 12:35      --------      d-----w-      c:\program files\Windows Defender
2009-08-15 13:21 . 2006-11-02 12:35      --------      d-----w-      c:\program files\Windows Collaboration
2009-08-15 13:19 . 2008-07-31 21:32      --------      d-----w-      c:\users\Ashley\AppData\Roaming\CoreFTP
2009-08-15 13:19 . 2007-08-25 18:53      --------      d-----w-      c:\users\Ashley\AppData\Roaming\FaxCtr
2009-08-15 13:19 . 2009-04-14 01:01      --------      d-----w-      c:\programdata\nepivoyi
2009-08-15 13:19 . 2007-08-24 00:26      --------      d-----w-      c:\programdata\Spybot - Search & Destroy
2009-08-15 13:19 . 2007-08-23 23:29      --------      d-----w-      c:\programdata\Microsoft Help
2009-08-14 22:42 . 2007-08-25 23:00      --------      d-----w-      c:\programdata\AOL
2009-08-03 17:36 . 2009-04-14 02:14      38160      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-04-14 02:14      19096      ----a-w-      c:\windows\system32\drivers\mbam.sys
2009-08-02 22:47 . 2007-08-25 23:00      --------      d-----w-      c:\programdata\Viewpoint
2009-08-02 22:45 . 2007-08-25 22:55      --------      d-----w-      c:\programdata\AOL Downloads
2009-08-01 14:25 . 2008-05-26 17:40      --------      d-----w-      c:\users\Ashley\AppData\Roaming\Corel
2009-08-01 14:05 . 2008-05-26 17:36      4704      --sha-w-      c:\windows\system32\KGyGaAvL.sys
2009-07-22 00:21 . 2007-08-24 18:49      --------      d-----w-      c:\users\Ashley\AppData\Roaming\Apple Computer
2009-07-22 00:19 . 2007-08-18 07:20      --------      d--h--w-      c:\program files\InstallShield Installation Information
2009-07-21 21:52 . 2009-07-28 19:35      915456      ----a-w-      c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 19:35      109056      ----a-w-      c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 19:35      71680      ----a-w-      c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 19:35      133632      ----a-w-      c:\windows\system32\ieUnatt.exe
2009-07-12 17:09 . 2007-08-24 18:49      --------      d-----w-      c:\program files\iPod
2009-07-12 17:09 . 2007-08-24 18:46      --------      d-----w-      c:\program files\Common Files\Apple
2009-07-12 16:52 . 2007-08-24 18:46      --------      d-----w-      c:\programdata\Apple
2009-07-12 16:47 . 2009-07-12 16:47      75048      ----a-w-      c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-03 17:25 . 2007-08-23 19:28      110928      ----a-w-      c:\users\Ashley\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-03 16:38 . 2009-07-03 16:39      410984      ----a-w-      c:\windows\system32\deploytk.dll
2009-07-03 16:38 . 2007-08-18 07:19      --------      d-----w-      c:\program files\Java
2009-06-15 15:24 . 2009-07-14 22:38      156672      ----a-w-      c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-14 22:38      72704      ----a-w-      c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-14 22:38      10240      ----a-w-      c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-14 22:38      289792      ----a-w-      c:\windows\system32\atmfd.dll
2009-06-05 15:42 . 2009-06-05 15:42      39424      ----a-w-      c:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-06-05 15:42      2060288      ----a-w-      c:\windows\system32\usbaaplrc.dll
2008-06-25 19:04 . 2008-05-26 17:41      88      --sha-r-      c:\windows\System32\92CE1A59E3.sys
2007-08-18 15:00 . 2007-08-18 15:00      8192      --sha-w-      c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-08-17_01.10.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-18 07:38 . 2009-08-17 21:58      53196 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-08-17 21:58      61898 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-08-23 19:29 . 2009-08-17 21:58      13970 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2330344276-3136701899-322597530-1000_UserData.bin
- 2007-08-23 19:24 . 2009-08-17 01:01      16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-23 19:24 . 2009-08-17 23:11      16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-23 19:24 . 2009-08-17 23:11      32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-23 19:24 . 2009-08-17 01:01      32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-23 19:24 . 2009-08-17 01:01      16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-08-23 19:24 . 2009-08-17 23:11      16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-17 22:12 . 2009-08-17 22:36      2086 c:\windows\SoftwareDistribution\EventCache\{653D5DE9-4231-4D53-88F9-1203DB3AC49B}.bin
- 2009-08-16 17:00 . 2009-08-16 17:00      2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-17 21:56 . 2009-08-17 21:56      2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-16 17:00 . 2009-08-16 17:00      2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-17 21:56 . 2009-08-17 21:56      2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-08-17 23:14      595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-17 01:03      595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-17 01:03      101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-17 23:14      101144 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
2009-08-16 16:18      3962184      ----a-w-      c:\users\Ashley\AppData\LocalLow\CyberDefender\cdmyidd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\users\Ashley\AppData\LocalLow\CyberDefender\cdmyidd.dll" [2009-08-16 3962184]

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"CyberDefender Early Detection Center"="c:\users\Ashley\AppData\Local\CyberDefender Internet Security\AntiSpyware\cdas2dc4.exe" [2009-08-16 738632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-02-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-13 312240]
"LXDDCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-04-13 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-03 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-18 50688]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2007-9-19 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05      356352      ----a-w-      c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{32E4EFBC-D65A-4C7E-A712-DA40050B8C0F}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{254ECC69-18CA-430B-8672-07679DD7943E}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{C0799222-CB76-4EF7-93A2-139E92C1017F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7D76567D-BEBF-4C0A-B673-1F6EDB769503}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9F28B2AA-799E-41ED-87DF-E340799D6541}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{2DDF330A-6A10-4264-8E34-5D8708177341}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{DD15960A-9AEE-4FC2-AA36-BBAA490DB0CF}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{ACB0C8D3-8096-43E0-90DE-2C456F413220}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{C70D293E-049D-4EF8-BFB2-5D3DD6665C31}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{FC842CF7-BC4B-4849-A70A-89EE1FE718ED}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{5B32055D-C911-492C-A425-78222F459275}"= Disabled:UDP:135:TCP Port 135
"{A82FDC1F-B5EC-4A99-A653-A021E90A5A20}"= Disabled:UDP:5000:TCP Port 5000
"{1A623AFE-D4A1-4862-8117-A8825EAA8006}"= Disabled:UDP:5001:TCP Port 5001
"{DC4D839F-94BE-4938-BB20-E0B807861C87}"= Disabled:UDP:5002:TCP Port 5002
"{7F5A3BEC-4387-40B2-AEB3-BA31C30A2F01}"= Disabled:UDP:5003:TCP Port 5003
"{9B5C9F72-CB72-4532-B420-58B865C4C73D}"= Disabled:UDP:5004:TCP Port 5004
"{59F57803-FD4A-4511-8DA0-3D649A686604}"= Disabled:UDP:5005:TCP Port 5005
"{76E57DF1-8539-4E0F-B99C-774FF6C4F696}"= Disabled:UDP:5006:TCP Port 5006
"{37BE8810-CDFA-4C8A-B4D2-21985A5A4679}"= Disabled:UDP:5007:TCP Port 5007
"{F68D2670-99F0-4161-A353-B6CC48D3E617}"= Disabled:UDP:5008:TCP Port 5008
"{0414C1CB-2FC4-47EC-8511-56F648172BD0}"= Disabled:UDP:5009:TCP Port 5009
"{28BFE97E-7A4B-4855-B440-75C7E0687ED0}"= Disabled:UDP:5010:TCP Port 5010
"{2FF4BA05-A078-4DAD-B27A-FE08A49EA17D}"= Disabled:UDP:5011:TCP Port 5011
"{7EA17C89-61FA-4063-9154-9BED8113FEEB}"= Disabled:UDP:5012:TCP Port 5012
"{C8B31DA4-06B1-4FB3-8D5D-F63D5282D928}"= Disabled:UDP:5013:TCP Port 5013
"{AC0F20B2-A510-497B-ABFC-7BE38947FD3E}"= Disabled:UDP:5014:TCP Port 5014
"{5E291D0B-FF57-4217-8EE8-83863547B9D2}"= Disabled:UDP:5015:TCP Port 5015
"{1C1E544C-27E7-4894-8CC5-8058F65183E2}"= Disabled:UDP:5016:TCP Port 5016
"{BA4A6FF1-C409-4172-A6B5-C02ED8631098}"= Disabled:UDP:5017:TCP Port 5017
"{609E5137-394C-4642-93F7-C9E552444885}"= Disabled:UDP:5018:TCP Port 5018
"{EBA3A307-8EA6-44FC-B19D-90C0FAF3FD1E}"= Disabled:UDP:5019:TCP Port 5019
"{2D4AA369-0C30-4317-AC90-E712BA911F5C}"= Disabled:UDP:5020:TCP Port 5020
"{E002CF33-7DC4-41C8-A99E-4848B130D1C8}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6B3B8C76-7305-46E8-B806-6592EC426B46}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D82C7B06-4D4A-44D0-B28F-28FA870F3CD8}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{B0E15E2F-7DFA-4CBE-BC61-31F37AC4407D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{6F778B91-43ED-4D51-A708-3685DFE393B5}c:\\program files\\kodak\\kodak software updater\\7288971\\program\\kodak software updater.exe"= UDP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
"UDP Query User{767DE33E-1EB2-4275-A07A-4A931C969DCF}c:\\program files\\kodak\\kodak software updater\\7288971\\program\\kodak software updater.exe"= TCP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
"TCP Query User{B412F684-3B7E-4FE6-931D-C5E8EA4B1C8C}c:\\program files\\kodak\\kodak software updater\\7288971\\program\\kodak software updater.exe"= UDP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
"UDP Query User{38998B35-7117-4E00-B0E1-DA6F9700B2C0}c:\\program files\\kodak\\kodak software updater\\7288971\\program\\kodak software updater.exe"= TCP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
"TCP Query User{FE9D2361-33AF-4214-A796-681D40A3BD59}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{A7CF429A-45BC-415A-8DE4-2E2E4CB724FF}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{91B12892-8809-453D-BA53-CB5D97D93510}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{C189BE4F-7743-4BFA-9D8F-C5DAC506603C}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"TCP Query User{7386368C-E1F5-4124-8322-DA1A785141A0}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{8BB5DE09-3EBD-4776-8FC4-61E33A7A2480}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"{6EE5BF18-0950-4602-9611-77A272F4277E}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{25BC56A2-6854-4C12-833B-61A3CF47A2CB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F136F37B-52D7-4F9A-AF95-529500EBE467}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{181EC92C-D068-4643-96C8-870F77E7CF7E}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{5E843EB5-FCB6-4AB5-9352-61D03553E948}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{D9F2A562-7EE8-42B7-86D7-74F83C967E0E}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{080786F9-7466-43C3-BAC8-B999733C5829}c:\\program files\\lexmark 2500 series\\app4r.exe"= UDP:c:\program files\lexmark 2500 series\app4r.exe:
"UDP Query User{16466C4C-C7A7-4DD5-9F57-C13FD3787D5C}c:\\program files\\lexmark 2500 series\\app4r.exe"= TCP:c:\program files\lexmark 2500 series\app4r.exe:
"TCP Query User{838D75CB-6B87-4A70-BEB1-907D6D91F383}c:\\program files\\phpdesigner 2008\\phpdesigner2008.exe"= UDP:c:\program files\phpdesigner 2008\phpdesigner2008.exe:phpDesigner2008
"UDP Query User{9077CC0C-5F93-4CE5-B453-8C1E4DAD6584}c:\\program files\\phpdesigner 2008\\phpdesigner2008.exe"= TCP:c:\program files\phpdesigner 2008\phpdesigner2008.exe:phpDesigner2008
"{06DDBC43-51C0-4898-A6A0-BBE401F634F2}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{C866678C-278B-4368-819B-8A5272256415}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{67C00D71-DF8B-4A34-B415-9B9BF169F801}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{82487DC2-D7C7-4D28-8245-72052A320316}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{B831C781-4264-4D9E-8CF9-9F1D41510756}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0B8AAC10-C984-4A14-825E-7BE8084F1613}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{90F240C4-13FB-418F-9C60-2AC6C6280C6E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C1A37D04-AD09-4374-A4CA-C864BE034631}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C12B4631-5906-4A2E-87D2-6C6D20378CD3}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FFC1B4D3-DCD5-417A-9682-2387BF1A9E3C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6BE7E88E-E553-49E3-98D6-856407B61C40}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{A4CB61EB-EB6D-4DBE-B316-F785E3EBCAAF}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{0B1C1DDA-C32B-4DAE-8DD0-F871185C2685}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{54111CF7-9D92-435E-ADFA-DD4B88E8FC43}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{3965213E-463F-495F-859F-2530C78797FB}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{B1A15A76-8C0C-4FD7-9DA2-CA16EF194896}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{651242B6-AA39-4234-958D-3C92D02CDF62}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{155B3428-797B-4E3D-BD53-AA6C2D55B2BA}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"TCP Query User{9CF2FABD-5E25-4895-9DFB-15F830B8997A}c:\\users\\ashley\\appdata\\local\\cyberdefender internet security\\antispyware\\cdas2dc4.exe"= UDP:c:\users\ashley\appdata\local\cyberdefender internet security\antispyware\cdas2dc4.exe:cdas2dc4.exe
"UDP Query User{73B28952-E797-4395-B069-E045C5AFD0F0}c:\\users\\ashley\\appdata\\local\\cyberdefender internet security\\antispyware\\cdas2dc4.exe"= TCP:c:\users\ashley\appdata\local\cyberdefender internet security\antispyware\cdas2dc4.exe:cdas2dc4.exe
"{25041EAC-73C9-4683-8FBB-71007184808F}"= UDP:c:\users\Ashley\AppData\Local\CyberDefender Internet Security\AntiSpyware\cdas2dc4.exe:CyberDefender Internet Security
"{F4529EEE-8393-4FC6-B5AC-0E715CC732F6}"= TCP:c:\users\Ashley\AppData\Local\CyberDefender Internet Security\AntiSpyware\cdas2dc4.exe:CyberDefender Internet Security
"{08A61AF0-5205-4452-8FAE-C1BAE67ADA0A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{15FE42FD-35AF-49D2-AF6B-0C2C2782619F}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{06861293-0B78-4116-BFF4-E3C540E1216A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{467FA738-931D-4837-BB72-E81181E83FFC}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{C04D4441-1C3A-471F-9498-6B4370451E76}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{C1E81B3A-8BE1-4377-81DA-BB1437119ACC}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 CDAVFS;CDAVFS;c:\windows\System32\drivers\CDAVFS.sys [8/16/2009 9:29 AM 67424]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/18/2008 10:08 PM 809296]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/2/2008 10:39 AM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork      REG_MULTI_SZ       PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-08-17 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-08-16 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = www.myspace.com/
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
FF - ProfilePath - c:\users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\16l4ejnq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 19:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-17 19:21
ComboFix-quarantined-files.txt 2009-08-17 23:21
ComboFix2.txt 2009-08-17 01:14

Pre-Run: 113,536,819,200 bytes free
Post-Run: 113,484,734,464 bytes free

417      --- E O F ---      2009-08-17 22:34

govindarajan78

if nothing works out reinstall the OS. ant put a proper antivirus and antispyware

tremak

ASKER

govindarajan78:

At the time this happened, I had AVG, spybot and superantispyware running on this machine.

Not a good solution.

govindarajan78

what is the message she gets when she visits a downloads sites or myspace.
check if popup blocking enabled if yes then disable it and check

ASKER CERTIFIED SOLUTION

govindarajan78

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

tremak

ASKER

The sites just won't open and eventually time out.

What is the hosts file?

tremak

ASKER

I know what hosts file is but now but how would I know if it was correct?

tremak

ASKER

I tried every other suggestion. Maybe this was the last piece of the puzzle, but this issue was not fixed until I took this tip. I ended up fixing the HOSTS file by downloading a file called HostsXpert.zip and running it.

After all the time I spent on this, I just wish I could award more points to govindarajan78 than the max 500