tremak
asked on
Can't get to update.microsoft.com
My daughter's PC started acting strange 2 nights ago. She said she left the room and when she returned, the computer had restarted. Ever since then, she can't get to myspace or any site the allows downloads. Also, I can't get to update.microsoft.com to get latest updates and attempts to get avg or spybot updates also fail. It appears as if a trojan is blocking access to sites that might offer ways to remove it?
Any ideas or has anyone had the same issue where myspace is blocked? I can see update.microsoft.com or avg/spybot updates being block by malware, but myspace?
Any ideas or has anyone had the same issue where myspace is blocked? I can see update.microsoft.com or avg/spybot updates being block by malware, but myspace?
ASKER
I tried getting to myspace using both IE and firefox. I can ping www.myspace.com and get a response.
Please download MalwareBytes Anti-Malware (www.malwarebytes.org) or SuperAntiSpyware (www.superantispyware.com) and do a full scan with them. Let us know, how your computer behaves after the scan.
ASKER
I downloaded SuperAntiSpyware yesterday and ran a compelete scan. It still can't access the sites
Colud you try system restore ?
i didn't see system restore work before but you just try :)
i didn't see system restore work before but you just try :)
ASKER
System restore is certainly an option, but as a very, very, very last resort.
why is system restore a last resort? it won't delete any work you have done on the machine, just system configuration changes - restore it to the day before your daughter had the troubles. i reckon that would be fine
ASKER
I'm not at home, so I can't try anything write now.
I'll give the malwarebytes a try first and if that doesn't happen, I'll see about the restore point.
mrroonie: I thought you meant a complete drive wipe and re-install.
I'll give the malwarebytes a try first and if that doesn't happen, I'll see about the restore point.
mrroonie: I thought you meant a complete drive wipe and re-install.
no, that would be a bit drastic!
- Start>programs>accessories >system tools>system restore. restore to just before the corruption and you should be good to go. there are normally restore points set every couple of days so you shouldn't have to go back much further than when it happened
- Start>programs>accessories
ASKER
Like I said in my last post, I'll try the malwarebytes tool first and restore point if needed.
Will let you both know. Thanks thus far for the fast responses
Will let you both know. Thanks thus far for the fast responses
credit where credits due - i didn't suggest system restore first if it works. i would have done if i found this post quicker than cemirc tho....
ASKER
I tried both and neither worked.
Here is the Hijack this booted in safe mode
Can anyone spot something in here that might be causing this???
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:03 PM, on 8/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = www.myspace.com/
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\In ternet Explorer\Toolbar,LinksFold erName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9 e81fefafe4 3} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4 E65E497C8C 0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2 E8D7341384 E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-9 0988571CEC B} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5 164760863C 6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-6 1a11ac5dbf 8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A 07C3DB8F77 7} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files\Java\jre6\bin\jp2ssv .dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-D FEE4931A4A A} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-D FEE4931A4A A} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9 aaccbd1432 6} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALaunc her.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\ DRIVERS\W3 2X86\3\LXD Dtime.dll, _RunDLLEnt ry@16
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTA L~1\UPDATE ~1\isuspm. exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtr ay.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd. exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpe rs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche d.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtr ay.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe " -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper. exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\ SHOCKW~1\S WHELP~1.EX E -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 UXPVP/1.0.7.0 Firefox/3.0.11 (.NET CLR 3.5.30729)" -"http://www.nickjr.com/playtime/shows/blue/games/blue_paintwagon.jhtml"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCe nter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.E XE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resource s\en-US\lo cal\search .html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3 \Office12\ EXCEL.EXE/ 3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-b cb33e007a5 b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\PROGRA~1\MICROS~3\Offic e12\ONBttn IE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\PROGRA~1\MICROS~3\Offic e12\ONBttn IE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~3\Offic e12\REFIEB AR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5 8CAB36FD2A 2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-5 8CAB36FD2A 2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-3 14DEE697D8 3} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9 0FFA846DF7 E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-f a1d4f56a2a b} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsth elper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-4 5C66FC035F E} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D 8356294013 4} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2 D05CB95953 7} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-6 2B522420EC C} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-F BDDE494F8D 1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgem c.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwd svc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde r.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddco ms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSISer vice.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMe diaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa tch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\Vie wpointServ ice.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVER S\xaudio.e xe
--
End of file - 10146 bytes
Here is the Hijack this booted in safe mode
Can anyone spot something in here that might be causing this???
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:03 PM, on 8/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R0 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-9
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-6
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-D
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-D
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALaunc
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTA
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtr
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.E
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resource
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-b
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-3
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {459E93B6-150E-45D5-8D4B-4
O16 - DPF: {48DD0448-9209-4F81-9F6D-D
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2
O16 - DPF: {5F8469B4-B055-49DD-83F7-6
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-F
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgem
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwd
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: lxdd_device - - C:\Windows\system32\lxddco
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSISer
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\Vie
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVER
--
End of file - 10146 bytes
Run HijackThis again and fix the below entry:
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2 E8D7341384 E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
Download ComboFix from: http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions as mentioned carefully before running ComboFix. Disable your computer security programs (antivirus, antispyware, etc) and then run ComboFix. Don't click in the COmboFix window, while its running. Re-enable the programs after COmboFix is done and then run MalwareBytes/SuperAntiSpyw are again once. Please send that log to us.
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2
Download ComboFix from: http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions as mentioned carefully before running ComboFix. Disable your computer security programs (antivirus, antispyware, etc) and then run ComboFix. Don't click in the COmboFix window, while its running. Re-enable the programs after COmboFix is done and then run MalwareBytes/SuperAntiSpyw
ASKER
The 02 - BHO entry was gone. That might be because I've run several packages in an attempt to fix this and have uninstalled some things.
I ran Combofix.
Ran Malware and superantispyware.
Here's the hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:06 PM, on 8/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\tasken g.exe
C:\Windows\system32\Dwm.ex e
C:\Windows\Explorer.EXE
C:\Windows\system32\tasken g.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Windows\System32\hkcmd. exe
C:\Windows\System32\igfxpe rs.exe
C:\Program Files\Java\jre6\bin\jusche d.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper. exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsr vc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = www.myspace.com/
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\In ternet Explorer\Toolbar,LinksFold erName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9 e81fefafe4 3} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4 E65E497C8C 0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2 E8D7341384 E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-9 0988571CEC B} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5 164760863C 6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-6 1a11ac5dbf 8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A 07C3DB8F77 7} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files\Java\jre6\bin\jp2ssv .dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-D FEE4931A4A A} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-D FEE4931A4A A} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\PROGRA~1\Yahoo!\Compani on\Install s\cpn\yt.d ll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9 aaccbd1432 6} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALaunc her.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\ DRIVERS\W3 2X86\3\LXD Dtime.dll, _RunDLLEnt ry@16
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTA L~1\UPDATE ~1\isuspm. exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtr ay.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd. exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpe rs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche d.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtr ay.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe " -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper. exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\ SHOCKW~1\S WHELP~1.EX E -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 UXPVP/1.0.7.0 Firefox/3.0.11 (.NET CLR 3.5.30729)" -"http://www.nickjr.com/playtime/shows/blue/games/blue_paintwagon.jhtml"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCe nter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.E XE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resource s\en-US\lo cal\search .html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3 \Office12\ EXCEL.EXE/ 3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-b cb33e007a5 b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\PROGRA~1\MICROS~3\Offic e12\ONBttn IE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\PROGRA~1\MICROS~3\Offic e12\ONBttn IE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~3\Offic e12\REFIEB AR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5 8CAB36FD2A 2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-5 8CAB36FD2A 2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-3 14DEE697D8 3} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9 0FFA846DF7 E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-f a1d4f56a2a b} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsth elper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-4 5C66FC035F E} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D 8356294013 4} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2 D05CB95953 7} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-6 2B522420EC C} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-F BDDE494F8D 1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgem c.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwd svc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde r.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddco ms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSISer vice.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMe diaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa tch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\Vie wpointServ ice.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVER S\xaudio.e xe
--
End of file - 10736 bytes
I ran Combofix.
Ran Malware and superantispyware.
Here's the hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:06 PM, on 8/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\tasken
C:\Windows\system32\Dwm.ex
C:\Windows\Explorer.EXE
C:\Windows\system32\tasken
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\Update
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Windows\System32\hkcmd.
C:\Windows\System32\igfxpe
C:\Program Files\Java\jre6\bin\jusche
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsr
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R0 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-9
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-6
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-D
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-D
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALaunc
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTA
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtr
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.E
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resource
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-b
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-3
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {459E93B6-150E-45D5-8D4B-4
O16 - DPF: {48DD0448-9209-4F81-9F6D-D
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2
O16 - DPF: {5F8469B4-B055-49DD-83F7-6
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-F
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgem
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwd
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: lxdd_device - - C:\Windows\system32\lxddco
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSISer
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\Vie
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVER
--
End of file - 10736 bytes
Can we also have the ComboFix log please?
If SpyBot is enabled with TeaTimer protection, please disable it and then make the above changes.
From the HijackThis log:
You need to fix the below entries and then restart the browser once:
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2 E8D7341384 E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
I've seen something else - Adobe Reader 7.0 is installed on your PC, whereas the latest version is 9.1. You might want to upgrade this to get the latest version (along with any security fixes as well).
From the HijackThis log:
You need to fix the below entries and then restart the browser once:
R1 - HKCU\Software\Microsoft\In
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2
I've seen something else - Adobe Reader 7.0 is installed on your PC, whereas the latest version is 9.1. You might want to upgrade this to get the latest version (along with any security fixes as well).
ASKER
I can see the log entries you ask me to remove in the saved log file, but they don't show up in the actual hijack this application to allow me to fix them.
Is there some config setting I need to change?
Is there some config setting I need to change?
That shouldn't happen, because I copied the HijackThis log from your last post and it still showed those 2 entries. Could you send us the ComboFix log?
Have you tried starting in Safe Mode with networking and seeing if you can reach any websites?
ASKER
I tried booting in safe mode. I can get to some sites but not others. I can't figure out a pattern of any sort.
Here's the combo log
ComboFix 09-08-10.06 - Ashley 08/17/2009 19:11.2.2 - NTFSx86
Microsoft® Windows Vista" Home Basic 6.0.6001.1.1252.1.1033.18. 2036.1119 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {CFA36E41-90EB-4023-89EB-6 FD429C9108 8}
SP: CyberDefender Internet Security *enabled* (Updated) {08F66F3A-0EB8-4D31-9FC2-3 BF48957A77 A}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8 E3C85DADBE 9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7 E7AC8560DA 7}
.
((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))) )))))
.
2009-08-17 23:18 . 2009-08-17 23:18 -------- d-----w- c:\users\Public\AppData\Lo cal\temp
2009-08-17 23:18 . 2009-08-17 23:18 -------- d-----w- c:\users\Default\AppData\L ocal\temp
2009-08-16 16:43 . 2009-08-16 16:43 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-16 16:00 . 2009-08-16 16:00 -------- d-----w- c:\programdata\RegCure
2009-08-16 16:00 . 2009-08-16 16:14 -------- d-----w- c:\program files\RegCure
2009-08-16 13:55 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdiges t.dll
2009-08-16 13:55 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schann el.dll
2009-08-16 13:55 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv .dll
2009-08-16 13:55 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0 .dll
2009-08-16 13:55 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerber os.dll
2009-08-16 13:55 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\driver s\ksecdd.s ys
2009-08-16 13:55 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur3 2.dll
2009-08-16 13:55 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass. exe
2009-08-16 13:29 . 2009-08-16 13:29 67424 ----a-w- c:\windows\system32\driver s\CDAVFS.s ys
2009-08-16 13:29 . 2009-08-16 16:19 -------- d-----w- c:\users\Ashley\AppData\Lo cal\CyberD efender Internet Security
2009-08-15 23:12 . 2009-08-17 21:57 117760 ----a-w- c:\users\Ashley\AppData\Ro aming\SUPE RAntiSpywa re.com\SUP ERAntiSpyw are\SDDLLS \UIREPAIR. DLL
2009-08-15 23:10 . 2009-08-15 23:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-15 20:03 . 2009-08-15 20:03 -------- d-----w- c:\users\Ashley\AppData\Lo cal\AIM Toolbar
2009-08-15 19:45 . 2009-08-15 19:45 -------- d-----w- c:\program files\Trend Micro
2009-08-15 19:24 . 2009-08-15 19:24 3942047 ----a-w- c:\programdata\Malwarebyte s\Malwareb ytes' Anti-Malware\mbam-setup.ex e
2009-08-15 13:35 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dl l
2009-08-15 13:35 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc .dll
2009-08-15 13:35 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstsca x.dll
2009-08-15 13:34 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil 32.dll
2009-08-15 13:34 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm .dll
2009-08-15 13:34 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp. dll
2009-08-15 13:34 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf .dll
2009-08-15 13:34 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc .DLL
2009-08-13 21:42 . 2009-08-13 21:42 -------- d-----w- c:\programdata\SUPERAntiSp yware.com
2009-08-13 21:42 . 2009-08-15 23:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-13 21:42 . 2009-08-13 21:42 -------- d-----w- c:\users\Ashley\AppData\Ro aming\SUPE RAntiSpywa re.com
2009-08-10 20:09 . 2009-08-10 20:09 -------- d-----w- c:\users\Ashley\AppData\Lo cal\AOL
2009-08-02 22:48 . 2009-08-15 13:18 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-08-02 22:47 . 2009-08-15 13:18 -------- d-----w- c:\programdata\AIM Toolbar
2009-08-02 22:47 . 2009-08-15 13:18 -------- d-----w- c:\program files\AIM Toolbar
2009-08-02 22:47 . 2009-08-15 13:18 -------- d-----w- c:\programdata\acccore
2009-07-23 02:43 . 2009-08-14 00:19 -------- d-----w- c:\users\Ashley\Shared
.
(((((((((((((((((((((((((( (((((((((( (((( Find3M Report )))))))))))))))))))))))))) )))))))))) )))))))))) ))))))
.
2009-08-17 19:53 . 2007-08-25 15:39 -------- d-----w- c:\program files\Lx_cats
2009-08-16 15:42 . 2007-08-24 17:42 5892 ----a-w- c:\users\Ashley\AppData\Lo cal\d3d9ca ps.dat
2009-08-16 07:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-15 20:17 . 2007-08-18 07:28 -------- d-----w- c:\program files\BAE
2009-08-15 19:24 . 2009-04-14 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 13:23 . 2009-04-10 16:38 -------- d-----w- c:\program files\Bonjour
2009-08-15 13:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-08-15 13:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-08-15 13:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-08-15 13:19 . 2008-07-31 21:32 -------- d-----w- c:\users\Ashley\AppData\Ro aming\Core FTP
2009-08-15 13:19 . 2007-08-25 18:53 -------- d-----w- c:\users\Ashley\AppData\Ro aming\FaxC tr
2009-08-15 13:19 . 2009-04-14 01:01 -------- d-----w- c:\programdata\nepivoyi
2009-08-15 13:19 . 2007-08-24 00:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-15 13:19 . 2007-08-23 23:29 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 22:42 . 2007-08-25 23:00 -------- d-----w- c:\programdata\AOL
2009-08-03 17:36 . 2009-04-14 02:14 38160 ----a-w- c:\windows\system32\driver s\mbamswis sarmy.sys
2009-08-03 17:36 . 2009-04-14 02:14 19096 ----a-w- c:\windows\system32\driver s\mbam.sys
2009-08-02 22:47 . 2007-08-25 23:00 -------- d-----w- c:\programdata\Viewpoint
2009-08-02 22:45 . 2007-08-25 22:55 -------- d-----w- c:\programdata\AOL Downloads
2009-08-01 14:25 . 2008-05-26 17:40 -------- d-----w- c:\users\Ashley\AppData\Ro aming\Core l
2009-08-01 14:05 . 2008-05-26 17:36 4704 --sha-w- c:\windows\system32\KGyGaA vL.sys
2009-07-22 00:21 . 2007-08-24 18:49 -------- d-----w- c:\users\Ashley\AppData\Ro aming\Appl e Computer
2009-07-22 00:19 . 2007-08-18 07:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 21:52 . 2009-07-28 19:35 915456 ----a-w- c:\windows\system32\winine t.dll
2009-07-21 21:47 . 2009-07-28 19:35 109056 ----a-w- c:\windows\system32\iesysp rep.dll
2009-07-21 21:47 . 2009-07-28 19:35 71680 ----a-w- c:\windows\system32\iesetu p.dll
2009-07-21 20:13 . 2009-07-28 19:35 133632 ----a-w- c:\windows\system32\ieUnat t.exe
2009-07-12 17:09 . 2007-08-24 18:49 -------- d-----w- c:\program files\iPod
2009-07-12 17:09 . 2007-08-24 18:46 -------- d-----w- c:\program files\Common Files\Apple
2009-07-12 16:52 . 2007-08-24 18:46 -------- d-----w- c:\programdata\Apple
2009-07-12 16:47 . 2009-07-12 16:47 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-03 17:25 . 2007-08-23 19:28 110928 ----a-w- c:\users\Ashley\AppData\Lo cal\GDIPFO NTCACHEV1. DAT
2009-07-03 16:38 . 2009-07-03 16:39 410984 ----a-w- c:\windows\system32\deploy tk.dll
2009-07-03 16:38 . 2007-08-18 07:19 -------- d-----w- c:\program files\Java
2009-06-15 15:24 . 2009-07-14 22:38 156672 ----a-w- c:\windows\system32\t2embe d.dll
2009-06-15 15:20 . 2009-07-14 22:38 72704 ----a-w- c:\windows\system32\fontsu b.dll
2009-06-15 15:20 . 2009-07-14 22:38 10240 ----a-w- c:\windows\system32\dciman 32.dll
2009-06-15 12:52 . 2009-07-14 22:38 289792 ----a-w- c:\windows\system32\atmfd. dll
2009-06-05 15:42 . 2009-06-05 15:42 39424 ----a-w- c:\windows\system32\driver s\usbaapl. sys
2009-06-05 15:42 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaap lrc.dll
2008-06-25 19:04 . 2008-05-26 17:41 88 --sha-r- c:\windows\System32\92CE1A 59E3.sys
2007-08-18 15:00 . 2007-08-18 15:00 8192 --sha-w- c:\windows\Users\Default\N TUSER.DAT
.
(((((((((((((((((((((((((( ((( SnapShot@2009-08-17_01.10. 37 )))))))))))))))))))))))))) )))))))))) )))))
.
+ 2007-08-18 07:38 . 2009-08-17 21:58 53196 c:\windows\System32\WDI\Sh utdownPerf ormanceDia gnostics_S ystemData. bin
+ 2006-11-02 13:02 . 2009-08-17 21:58 61898 c:\windows\System32\WDI\Bo otPerforma nceDiagnos tics_Syste mData.bin
+ 2007-08-23 19:29 . 2009-08-17 21:58 13970 c:\windows\System32\WDI\{8 6432a0b-3c 7d-4ddf-a8 9c-172faa9 0485d}\S-1 -5-21-2330 344276-313 6701899-32 2597530-10 00_UserDat a.bin
- 2007-08-23 19:24 . 2009-08-17 01:01 16384 c:\windows\System32\config \systempro file\AppDa ta\Roaming \Microsoft \Windows\C ookies\ind ex.dat
+ 2007-08-23 19:24 . 2009-08-17 23:11 16384 c:\windows\System32\config \systempro file\AppDa ta\Roaming \Microsoft \Windows\C ookies\ind ex.dat
+ 2007-08-23 19:24 . 2009-08-17 23:11 32768 c:\windows\System32\config \systempro file\AppDa ta\Local\M icrosoft\W indows\Tem porary Internet Files\Content.IE5\index.da t
- 2007-08-23 19:24 . 2009-08-17 01:01 32768 c:\windows\System32\config \systempro file\AppDa ta\Local\M icrosoft\W indows\Tem porary Internet Files\Content.IE5\index.da t
- 2007-08-23 19:24 . 2009-08-17 01:01 16384 c:\windows\System32\config \systempro file\AppDa ta\Local\M icrosoft\W indows\His tory\Histo ry.IE5\ind ex.dat
+ 2007-08-23 19:24 . 2009-08-17 23:11 16384 c:\windows\System32\config \systempro file\AppDa ta\Local\M icrosoft\W indows\His tory\Histo ry.IE5\ind ex.dat
+ 2009-08-17 22:12 . 2009-08-17 22:36 2086 c:\windows\SoftwareDistrib ution\Even tCache\{65 3D5DE9-423 1-4D53-88F 9-1203DB3A C49B}.bin
- 2009-08-16 17:00 . 2009-08-16 17:00 2048 c:\windows\ServiceProfiles \LocalServ ice\AppDat a\Local\la stalive1.d at
+ 2009-08-17 21:56 . 2009-08-17 21:56 2048 c:\windows\ServiceProfiles \LocalServ ice\AppDat a\Local\la stalive1.d at
- 2009-08-16 17:00 . 2009-08-16 17:00 2048 c:\windows\ServiceProfiles \LocalServ ice\AppDat a\Local\la stalive0.d at
+ 2009-08-17 21:56 . 2009-08-17 21:56 2048 c:\windows\ServiceProfiles \LocalServ ice\AppDat a\Local\la stalive0.d at
+ 2006-11-02 10:33 . 2009-08-17 23:14 595446 c:\windows\System32\perfh0 09.dat
- 2006-11-02 10:33 . 2009-08-17 01:03 595446 c:\windows\System32\perfh0 09.dat
- 2006-11-02 10:33 . 2009-08-17 01:03 101144 c:\windows\System32\perfc0 09.dat
+ 2006-11-02 10:33 . 2009-08-17 23:14 101144 c:\windows\System32\perfc0 09.dat
.
(((((((((((((((((((((((((( (((((((((( ( Reg Loading Points )))))))))))))))))))))))))) )))))))))) )))))))))) ))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Brow ser Helper Objects\{A26503FE-B3B8-491 0-A9DC-9CB D25C6B8D6} ]
2009-08-16 16:18 3962184 ----a-w- c:\users\Ashley\AppData\Lo calLow\Cyb erDefender \cdmyidd.d ll
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Interne t Explorer\Toolbar]
"{A26503FE-B3B8-4910-A9DC- 9CBD25C6B8 D6}"= "c:\users\Ashley\AppData\L ocalLow\Cy berDefende r\cdmyidd. dll" [2009-08-16 3962184]
[HKEY_CLASSES_ROOT\clsid\{ a26503fe-b 3b8-4910-a 9dc-9cbd25 c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd .SecurityT oolbar.1]
[HKEY_CLASSES_ROOT\TypeLib \{CD24EB02 -9831-4838 -99D0-726D 411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd .SecurityT oolbar]
[HKEY_CURRENT_USER\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\pro gram files\SUPERAntiSpyware\SUP ERAntiSpyw are.exe" [2009-08-05 1830128]
"CyberDefender Early Detection Center"="c:\users\Ashley\A ppData\Loc al\CyberDe fender Internet Security\AntiSpyware\cdas2 dc4.exe" [2009-08-16 738632]
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ISUSScheduler"="c:\progra m files\Common Files\InstallShield\Update Service\is sch.exe" [2005-06-10 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Cente r\EULALaun cher.exe" [2007-03-16 17920]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-02-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 20480]
"FaxCenterServer"="c:\prog ram files\Lexmark Fax Solutions\fm3032.exe" [2007-02-13 312240]
"LXDDCATS"="c:\windows\sys tem32\spoo l\DRIVERS\ W32X86\3\L XDDtime.dl l" [2007-04-13 98304]
"ISUSPM Startup"="c:\progra~1\COMM ON~1\INSTA L~1\UPDATE ~1\isuspm. exe" [2006-10-03 221184]
"IgfxTray"="c:\windows\sys tem32\igfx tray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\ system32\h kcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\ system32\i gfxpers.ex e" [2008-01-02 133656]
"SunJavaUpdateSched"="c:\p rogram files\Java\jre6\bin\jusche d.exe" [2009-07-03 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe " [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper. exe" [2009-06-05 292136]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]
c:\users\Ashley\AppData\Ro aming\Micr osoft\Wind ows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.E XE [2008-10-25 98696]
c:\programdata\Microsoft\W indows\Sta rt Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-18 50688]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2007-9-19 282624]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows \currentve rsion\poli cies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows nt\currentversion\winlogon \notify\!S ASWinLogon ]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SAS WINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Saf eBoot\Mini mal\WinDef end]
@="Service"
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ DomainProf ile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ FirewallRu les]
"{32E4EFBC-D65A-4C7E-A712- DA40050B8C 0F}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.e xe:Yahoo! Music Jukebox
"{254ECC69-18CA-430B-8672- 07679DD794 3E}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.e xe:Yahoo! Music Jukebox
"{C0799222-CB76-4EF7-93A2- 139E92C101 7F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EX E:Microsof t Office OneNote
"{7D76567D-BEBF-4C0A-B673- 1F6EDB7695 03}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EX E:Microsof t Office OneNote
"{9F28B2AA-799E-41ED-87DF- E340799D65 41}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{2DDF330A-6A10-4264-8E34- 5D87081773 41}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{DD15960A-9AEE-4FC2-AA36- BBAA490DB0 CF}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmar k Device Monitor
"{ACB0C8D3-8096-43E0-90DE- 2C456F4132 20}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmar k Device Monitor
"{C70D293E-049D-4EF8-BFB2- 5D3DD6665C 31}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{FC842CF7-BC4B-4849-A70A- 89EE1FE718 ED}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{5B32055D-C911-492C-A425- 78222F4592 75}"= Disabled:UDP:135:TCP Port 135
"{A82FDC1F-B5EC-4A99-A653- A021E90A5A 20}"= Disabled:UDP:5000:TCP Port 5000
"{1A623AFE-D4A1-4862-8117- A8825EAA80 06}"= Disabled:UDP:5001:TCP Port 5001
"{DC4D839F-94BE-4938-BB20- E0B807861C 87}"= Disabled:UDP:5002:TCP Port 5002
"{7F5A3BEC-4387-40B2-AEB3- BA31C30A2F 01}"= Disabled:UDP:5003:TCP Port 5003
"{9B5C9F72-CB72-4532-B420- 58B865C4C7 3D}"= Disabled:UDP:5004:TCP Port 5004
"{59F57803-FD4A-4511-8DA0- 3D649A6866 04}"= Disabled:UDP:5005:TCP Port 5005
"{76E57DF1-8539-4E0F-B99C- 774FF6C4F6 96}"= Disabled:UDP:5006:TCP Port 5006
"{37BE8810-CDFA-4C8A-B4D2- 21985A5A46 79}"= Disabled:UDP:5007:TCP Port 5007
"{F68D2670-99F0-4161-A353- B6CC48D3E6 17}"= Disabled:UDP:5008:TCP Port 5008
"{0414C1CB-2FC4-47EC-8511- 56F648172B D0}"= Disabled:UDP:5009:TCP Port 5009
"{28BFE97E-7A4B-4855-B440- 75C7E0687E D0}"= Disabled:UDP:5010:TCP Port 5010
"{2FF4BA05-A078-4DAD-B27A- FE08A49EA1 7D}"= Disabled:UDP:5011:TCP Port 5011
"{7EA17C89-61FA-4063-9154- 9BED8113FE EB}"= Disabled:UDP:5012:TCP Port 5012
"{C8B31DA4-06B1-4FB3-8D5D- F63D5282D9 28}"= Disabled:UDP:5013:TCP Port 5013
"{AC0F20B2-A510-497B-ABFC- 7BE38947FD 3E}"= Disabled:UDP:5014:TCP Port 5014
"{5E291D0B-FF57-4217-8EE8- 83863547B9 D2}"= Disabled:UDP:5015:TCP Port 5015
"{1C1E544C-27E7-4894-8CC5- 8058F65183 E2}"= Disabled:UDP:5016:TCP Port 5016
"{BA4A6FF1-C409-4172-A6B5- C02ED86310 98}"= Disabled:UDP:5017:TCP Port 5017
"{609E5137-394C-4642-93F7- C9E5524448 85}"= Disabled:UDP:5018:TCP Port 5018
"{EBA3A307-8EA6-44FC-B19D- 90C0FAF3FD 1E}"= Disabled:UDP:5019:TCP Port 5019
"{2D4AA369-0C30-4317-AC90- E712BA911F 5C}"= Disabled:UDP:5020:TCP Port 5020
"{E002CF33-7DC4-41C8-A99E- 4848B130D1 C8}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.e xe:AOL Loader
"{6B3B8C76-7305-46E8-B806- 6592EC426B 46}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.e xe:AOL Loader
"{D82C7B06-4D4A-44D0-B28F- 28FA870F3C D8}"= UDP:c:\program files\LimeWire\LimeWire.ex e:LimeWire
"{B0E15E2F-7DFA-4CBE-BC61- 31F37AC440 7D}"= TCP:c:\program files\LimeWire\LimeWire.ex e:LimeWire
"TCP Query User{6F778B91-43ED-4D51-A7 08-3685DFE 393B5}c:\\ program files\\kodak\\kodak software updater\\7288971\\program\ \kodak software updater.exe"= UDP:c:\program files\kodak\kodak software updater\7288971\program\ko dak software updater.exe:Kodak Software Updater
"UDP Query User{767DE33E-1EB2-4275-A0 7A-4A931C9 69DCF}c:\\ program files\\kodak\\kodak software updater\\7288971\\program\ \kodak software updater.exe"= TCP:c:\program files\kodak\kodak software updater\7288971\program\ko dak software updater.exe:Kodak Software Updater
"TCP Query User{B412F684-3B7E-4FE6-93 1D-C5E8EA4 B1C8C}c:\\ program files\\kodak\\kodak software updater\\7288971\\program\ \kodak software updater.exe"= UDP:c:\program files\kodak\kodak software updater\7288971\program\ko dak software updater.exe:Kodak Software Updater
"UDP Query User{38998B35-7117-4E00-B0 E1-DA6F970 0B2C0}c:\\ program files\\kodak\\kodak software updater\\7288971\\program\ \kodak software updater.exe"= TCP:c:\program files\kodak\kodak software updater\7288971\program\ko dak software updater.exe:Kodak Software Updater
"TCP Query User{FE9D2361-33AF-4214-A7 96-681D40A 3BD59}c:\\ program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{A7CF429A-45BC-415A-8D E4-2E2E4CB 724FF}c:\\ program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{91B12892-8809-453D-BA53- CB5D97D935 10}"= UDP:c:\program files\FrostWire\FrostWire. exe:LimeWi re
"{C189BE4F-7743-4BFA-9D8F- C5DAC50660 3C}"= TCP:c:\program files\FrostWire\FrostWire. exe:LimeWi re
"TCP Query User{7386368C-E1F5-4124-83 22-DA1A785 141A0}c:\\ program files\\frostwire\\frostwir e.exe"= UDP:c:\program files\frostwire\frostwire. exe:FrostW ire
"UDP Query User{8BB5DE09-3EBD-4776-8F C4-61E33A7 A2480}c:\\ program files\\frostwire\\frostwir e.exe"= TCP:c:\program files\frostwire\frostwire. exe:FrostW ire
"{6EE5BF18-0950-4602-9611- 77A272F427 7E}"= UDP:c:\program files\Yahoo!\Messenger\Yah ooMessenge r.exe:Yaho o! Messenger
"{25BC56A2-6854-4C12-833B- 61A3CF47A2 CB}"= TCP:c:\program files\Yahoo!\Messenger\Yah ooMessenge r.exe:Yaho o! Messenger
"{F136F37B-52D7-4F9A-AF95- 529500EBE4 67}"= UDP:c:\program files\Yahoo!\Messenger\YSe rver.exe:Y ahoo! FT Server
"{181EC92C-D068-4643-96C8- 870F77E7CF 7E}"= TCP:c:\program files\Yahoo!\Messenger\YSe rver.exe:Y ahoo! FT Server
"TCP Query User{5E843EB5-FCB6-4AB5-93 52-61D0355 3E948}c:\\ program files\\yahoo!\\messenger\\ yahoomesse nger.exe"= UDP:c:\program files\yahoo!\messenger\yah oomessenge r.exe:Yaho o! Messenger
"UDP Query User{D9F2A562-7EE8-42B7-86 D7-74F83C9 67E0E}c:\\ program files\\yahoo!\\messenger\\ yahoomesse nger.exe"= TCP:c:\program files\yahoo!\messenger\yah oomessenge r.exe:Yaho o! Messenger
"TCP Query User{080786F9-7466-43C3-BA C8-B999733 C5829}c:\\ program files\\lexmark 2500 series\\app4r.exe"= UDP:c:\program files\lexmark 2500 series\app4r.exe:
"UDP Query User{16466C4C-C7A7-4DD5-9F 57-C13FD37 87D5C}c:\\ program files\\lexmark 2500 series\\app4r.exe"= TCP:c:\program files\lexmark 2500 series\app4r.exe:
"TCP Query User{838D75CB-6B87-4A70-BE B1-907D6D9 1F383}c:\\ program files\\phpdesigner 2008\\phpdesigner2008.exe" = UDP:c:\program files\phpdesigner 2008\phpdesigner2008.exe:p hpDesigner 2008
"UDP Query User{9077CC0C-5F93-4CE5-B4 53-8C1E4DA D6584}c:\\ program files\\phpdesigner 2008\\phpdesigner2008.exe" = TCP:c:\program files\phpdesigner 2008\phpdesigner2008.exe:p hpDesigner 2008
"{06DDBC43-51C0-4898-A6A0- BBE401F634 F2}"= UDP:c:\windows\System32\lx ddcoms.exe :Lexmark Communications System
"{C866678C-278B-4368-819B- 8A52722564 15}"= TCP:c:\windows\System32\lx ddcoms.exe :Lexmark Communications System
"{67C00D71-DF8B-4A34-B415- 9B9BF169F8 01}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.e xe:iMesh
"{82487DC2-D7C7-4D28-8245- 72052A3203 16}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.e xe:iMesh
"{B831C781-4264-4D9E-8CF9- 9F1D415107 56}"= UDP:c:\program files\Bonjour\mDNSResponde r.exe:Bonj our
"{0B8AAC10-C984-4A14-825E- 7BE8084F16 13}"= TCP:c:\program files\Bonjour\mDNSResponde r.exe:Bonj our
"{90F240C4-13FB-418F-9C60- 2AC6C6280C 6E}"= UDP:c:\program files\iTunes\iTunes.exe:iT unes
"{C1A37D04-AD09-4374-A4CA- C864BE0346 31}"= TCP:c:\program files\iTunes\iTunes.exe:iT unes
"{C12B4631-5906-4A2E-87D2- 6C6D20378C D3}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.e xe:AOL Loader
"{FFC1B4D3-DCD5-417A-9682- 2387BF1A9E 3C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.e xe:AOL Loader
"{6BE7E88E-E553-49E3-98D6- 856407B61C 40}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{A4CB61EB-EB6D-4DBE-B316- F785E3EBCA AF}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{0B1C1DDA-C32B-4DAE-8DD0- F871185C26 85}"= UDP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddpswx. exe:
"{54111CF7-9D92-435E-ADFA- DD4B88E8FC 43}"= TCP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddpswx. exe:
"{3965213E-463F-495F-859F- 2530C78797 FB}"= UDP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddjswx. exe:
"{B1A15A76-8C0C-4FD7-9DA2- CA16EF1948 96}"= TCP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddjswx. exe:
"{651242B6-AA39-4234-958D- 3C92D02CDF 62}"= UDP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddtime. exe:
"{155B3428-797B-4E3D-BD53- AA6C2D55B2 BA}"= TCP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddtime. exe:
"TCP Query User{9CF2FABD-5E25-4895-9D FB-15F830B 8997A}c:\\ users\\ash ley\\appda ta\\local\ \cyberdefe nder internet security\\antispyware\\cda s2dc4.exe" = UDP:c:\users\ashley\appdat a\local\cy berdefende r internet security\antispyware\cdas2 dc4.exe:cd as2dc4.exe
"UDP Query User{73B28952-E797-4395-B0 69-E045C5A FD0F0}c:\\ users\\ash ley\\appda ta\\local\ \cyberdefe nder internet security\\antispyware\\cda s2dc4.exe" = TCP:c:\users\ashley\appdat a\local\cy berdefende r internet security\antispyware\cdas2 dc4.exe:cd as2dc4.exe
"{25041EAC-73C9-4683-8FBB- 7100718480 8F}"= UDP:c:\users\Ashley\AppDat a\Local\Cy berDefende r Internet Security\AntiSpyware\cdas2 dc4.exe:Cy berDefende r Internet Security
"{F4529EEE-8393-4FC6-B5AC- 0E715CC732 F6}"= TCP:c:\users\Ashley\AppDat a\Local\Cy berDefende r Internet Security\AntiSpyware\cdas2 dc4.exe:Cy berDefende r Internet Security
"{08A61AF0-5205-4452-8FAE- C1BAE67ADA 0A}"= UDP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddpswx. exe:
"{15FE42FD-35AF-49D2-AF6B- 0C2C278261 9F}"= TCP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddpswx. exe:
"{06861293-0B78-4116-BFF4- E3C540E121 6A}"= UDP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddjswx. exe:
"{467FA738-931D-4837-BB72- E81181E83F FC}"= TCP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddjswx. exe:
"{C04D4441-1C3A-471F-9498- 6B4370451E 76}"= UDP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddtime. exe:
"{C1E81B3A-8BE1-4377-81DA- BB1437119A CC}"= TCP:c:\windows\System32\sp ool\driver s\w32x86\3 \lxddtime. exe:
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ PublicProf ile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ StandardPr ofile]
"DoNotAllowExceptions"= 0 (0x0)
R1 SASDIFSV;SASDIFSV;c:\progr am files\SUPERAntiSpyware\sas difsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\progr am files\SUPERAntiSpyware\SAS KUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 CDAVFS;CDAVFS;c:\windows\S ystem32\dr ivers\CDAV FS.sys [8/16/2009 9:29 AM 67424]
R2 lxdd_device;lxdd_device;c: \windows\s ystem32\lx ddcoms.exe -service --> c:\windows\system32\lxddco ms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/18/2008 10:08 PM 809296]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\Vie wpointServ ice.exe [2/2/2008 10:39 AM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SAS ENUM.SYS [8/5/2009 4:06 PM 7408]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\softwa re\microso ft\active setup\installed components\>{60B49E34-C7CC -11D0-8953 -00A0C9034 7FF}]
"c:\windows\System32\rundl l32.exe" "c:\windows\System32\iedkc s32.dll",B randIEActi veSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
2009-08-17 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
2009-08-16 c:\windows\Tasks\RegCure.j ob
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = www.myspace.com/
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-4 34FDA6DA54 2} - c:\program files\CoreFTP\pftpns.dll
FF - ProfilePath - c:\users\Ashley\AppData\Ro aming\Mozi lla\Firefo x\Profiles \16l4ejnq. default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.searc h.aol.com/ slirs_http /sredir?sr edir=2706& invocation Type=tb50f ftrie7&que ry=
FF - prefs.js: browser.search.selectedEng ine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.searc h.aol.com/ slirs_http /sredir?sr edir=2706& invocation Type=tb50f ftrab&quer y=
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoin t.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-0 8825760534 b} - c:\windows\Microsoft.NET\F ramework\v 3.5\Window s Presentation Foundation\DotNetAssistant Extension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resum e_from_cra sh - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_s ite_origin ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabl ed", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autoc omplete.en abled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.ma ilnews.*.w holeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_ quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_p robe_rate" , 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt- temp-redir ect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixels PerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_sing le_finger_ input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_scrip t_run_time ", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuff er", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security- prefs.js - pref("security.remember_ce rt_checkbo x_default_ setting", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox-brandi ng.js - pref("browser.search.param .yahoo-fr" , "moz35");
c:\program files\Mozilla Firefox\defaults\pref\fire fox-brandi ng.js - pref("browser.search.param .yahoo-fr- cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("extensions.blocklist .level", 2);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("browser.urlbar.restr ict.typed" , "~");
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("browser.urlbar.defau lt.behavio r", 0);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.histor y", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.formda ta", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.passwo rds", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.downlo ads", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.cookie s", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.cache" , true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.sessio ns", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.offlin eApps", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.siteSe ttings", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.history" , true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.formdata ", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.password s", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.download s", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.cookies" , true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.sessions ", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.offlineA pps", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.siteSett ings", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.sanitize.mig rateFx3Pre fs", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("browser.ssl_override _behavior" , 2);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("security.alternate_c ertificate _error_pag e", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("browser.privatebrows ing.autost art", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("browser.privatebrows ing.dont_p rompt_on_e nter", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
************************** ********** ********** ********** ********** ********
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 19:18
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Run
LXDDCATS = rundll32 c:\windows\system32\spool\ DRIVERS\W3 2X86\3\LXD Dtime.dll, _RunDLLEnt ry@16????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************** ********** ********** ********** ********** ********
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.aac\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.aif\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.aifc \UserChoic e]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.aiff \UserChoic e]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.au\U serChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.flac \UserChoic e]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.m3u\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.m4a\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.mid\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.midi \UserChoic e]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.mp3\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.mp4\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.ogg\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.pcm\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.pls\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.snd\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.spx\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.wav\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw are\Micros oft\Window s\CurrentV ersion\Exp lorer\File Exts\.wma\ UserChoice ]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_LOCAL_MACHINE\system \ControlSe t001\Contr ol\Class\{ 4D36E96D-E 325-11CE-B FC1-08002B E10318}\00 00\AllUser Settings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-17 19:21
ComboFix-quarantined-files .txt 2009-08-17 23:21
ComboFix2.txt 2009-08-17 01:14
Pre-Run: 113,536,819,200 bytes free
Post-Run: 113,484,734,464 bytes free
417 --- E O F --- 2009-08-17 22:34
Here's the combo log
ComboFix 09-08-10.06 - Ashley 08/17/2009 19:11.2.2 - NTFSx86
Microsoft® Windows Vista" Home Basic 6.0.6001.1.1252.1.1033.18.
Running from: F:\ComboFix.exe
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {CFA36E41-90EB-4023-89EB-6
SP: CyberDefender Internet Security *enabled* (Updated) {08F66F3A-0EB8-4D31-9FC2-3
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7
.
((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 ))))))))))))))))))))))))))
.
2009-08-17 23:18 . 2009-08-17 23:18 -------- d-----w- c:\users\Public\AppData\Lo
2009-08-17 23:18 . 2009-08-17 23:18 -------- d-----w- c:\users\Default\AppData\L
2009-08-16 16:43 . 2009-08-16 16:43 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-16 16:00 . 2009-08-16 16:00 -------- d-----w- c:\programdata\RegCure
2009-08-16 16:00 . 2009-08-16 16:14 -------- d-----w- c:\program files\RegCure
2009-08-16 13:55 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdiges
2009-08-16 13:55 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schann
2009-08-16 13:55 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv
2009-08-16 13:55 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0
2009-08-16 13:55 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerber
2009-08-16 13:55 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\driver
2009-08-16 13:55 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur3
2009-08-16 13:55 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.
2009-08-16 13:29 . 2009-08-16 13:29 67424 ----a-w- c:\windows\system32\driver
2009-08-16 13:29 . 2009-08-16 16:19 -------- d-----w- c:\users\Ashley\AppData\Lo
2009-08-15 23:12 . 2009-08-17 21:57 117760 ----a-w- c:\users\Ashley\AppData\Ro
2009-08-15 23:10 . 2009-08-15 23:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-15 20:03 . 2009-08-15 20:03 -------- d-----w- c:\users\Ashley\AppData\Lo
2009-08-15 19:45 . 2009-08-15 19:45 -------- d-----w- c:\program files\Trend Micro
2009-08-15 19:24 . 2009-08-15 19:24 3942047 ----a-w- c:\programdata\Malwarebyte
2009-08-15 13:35 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dl
2009-08-15 13:35 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc
2009-08-15 13:35 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstsca
2009-08-15 13:34 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil
2009-08-15 13:34 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm
2009-08-15 13:34 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.
2009-08-15 13:34 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf
2009-08-15 13:34 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc
2009-08-13 21:42 . 2009-08-13 21:42 -------- d-----w- c:\programdata\SUPERAntiSp
2009-08-13 21:42 . 2009-08-15 23:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-13 21:42 . 2009-08-13 21:42 -------- d-----w- c:\users\Ashley\AppData\Ro
2009-08-10 20:09 . 2009-08-10 20:09 -------- d-----w- c:\users\Ashley\AppData\Lo
2009-08-02 22:48 . 2009-08-15 13:18 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-08-02 22:47 . 2009-08-15 13:18 -------- d-----w- c:\programdata\AIM Toolbar
2009-08-02 22:47 . 2009-08-15 13:18 -------- d-----w- c:\program files\AIM Toolbar
2009-08-02 22:47 . 2009-08-15 13:18 -------- d-----w- c:\programdata\acccore
2009-07-23 02:43 . 2009-08-14 00:19 -------- d-----w- c:\users\Ashley\Shared
.
((((((((((((((((((((((((((
.
2009-08-17 19:53 . 2007-08-25 15:39 -------- d-----w- c:\program files\Lx_cats
2009-08-16 15:42 . 2007-08-24 17:42 5892 ----a-w- c:\users\Ashley\AppData\Lo
2009-08-16 07:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-15 20:17 . 2007-08-18 07:28 -------- d-----w- c:\program files\BAE
2009-08-15 19:24 . 2009-04-14 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 13:23 . 2009-04-10 16:38 -------- d-----w- c:\program files\Bonjour
2009-08-15 13:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-08-15 13:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-08-15 13:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-08-15 13:19 . 2008-07-31 21:32 -------- d-----w- c:\users\Ashley\AppData\Ro
2009-08-15 13:19 . 2007-08-25 18:53 -------- d-----w- c:\users\Ashley\AppData\Ro
2009-08-15 13:19 . 2009-04-14 01:01 -------- d-----w- c:\programdata\nepivoyi
2009-08-15 13:19 . 2007-08-24 00:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-15 13:19 . 2007-08-23 23:29 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 22:42 . 2007-08-25 23:00 -------- d-----w- c:\programdata\AOL
2009-08-03 17:36 . 2009-04-14 02:14 38160 ----a-w- c:\windows\system32\driver
2009-08-03 17:36 . 2009-04-14 02:14 19096 ----a-w- c:\windows\system32\driver
2009-08-02 22:47 . 2007-08-25 23:00 -------- d-----w- c:\programdata\Viewpoint
2009-08-02 22:45 . 2007-08-25 22:55 -------- d-----w- c:\programdata\AOL Downloads
2009-08-01 14:25 . 2008-05-26 17:40 -------- d-----w- c:\users\Ashley\AppData\Ro
2009-08-01 14:05 . 2008-05-26 17:36 4704 --sha-w- c:\windows\system32\KGyGaA
2009-07-22 00:21 . 2007-08-24 18:49 -------- d-----w- c:\users\Ashley\AppData\Ro
2009-07-22 00:19 . 2007-08-18 07:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 21:52 . 2009-07-28 19:35 915456 ----a-w- c:\windows\system32\winine
2009-07-21 21:47 . 2009-07-28 19:35 109056 ----a-w- c:\windows\system32\iesysp
2009-07-21 21:47 . 2009-07-28 19:35 71680 ----a-w- c:\windows\system32\iesetu
2009-07-21 20:13 . 2009-07-28 19:35 133632 ----a-w- c:\windows\system32\ieUnat
2009-07-12 17:09 . 2007-08-24 18:49 -------- d-----w- c:\program files\iPod
2009-07-12 17:09 . 2007-08-24 18:46 -------- d-----w- c:\program files\Common Files\Apple
2009-07-12 16:52 . 2007-08-24 18:46 -------- d-----w- c:\programdata\Apple
2009-07-12 16:47 . 2009-07-12 16:47 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-03 17:25 . 2007-08-23 19:28 110928 ----a-w- c:\users\Ashley\AppData\Lo
2009-07-03 16:38 . 2009-07-03 16:39 410984 ----a-w- c:\windows\system32\deploy
2009-07-03 16:38 . 2007-08-18 07:19 -------- d-----w- c:\program files\Java
2009-06-15 15:24 . 2009-07-14 22:38 156672 ----a-w- c:\windows\system32\t2embe
2009-06-15 15:20 . 2009-07-14 22:38 72704 ----a-w- c:\windows\system32\fontsu
2009-06-15 15:20 . 2009-07-14 22:38 10240 ----a-w- c:\windows\system32\dciman
2009-06-15 12:52 . 2009-07-14 22:38 289792 ----a-w- c:\windows\system32\atmfd.
2009-06-05 15:42 . 2009-06-05 15:42 39424 ----a-w- c:\windows\system32\driver
2009-06-05 15:42 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaap
2008-06-25 19:04 . 2008-05-26 17:41 88 --sha-r- c:\windows\System32\92CE1A
2007-08-18 15:00 . 2007-08-18 15:00 8192 --sha-w- c:\windows\Users\Default\N
.
((((((((((((((((((((((((((
.
+ 2007-08-18 07:38 . 2009-08-17 21:58 53196 c:\windows\System32\WDI\Sh
+ 2006-11-02 13:02 . 2009-08-17 21:58 61898 c:\windows\System32\WDI\Bo
+ 2007-08-23 19:29 . 2009-08-17 21:58 13970 c:\windows\System32\WDI\{8
- 2007-08-23 19:24 . 2009-08-17 01:01 16384 c:\windows\System32\config
+ 2007-08-23 19:24 . 2009-08-17 23:11 16384 c:\windows\System32\config
+ 2007-08-23 19:24 . 2009-08-17 23:11 32768 c:\windows\System32\config
- 2007-08-23 19:24 . 2009-08-17 01:01 32768 c:\windows\System32\config
- 2007-08-23 19:24 . 2009-08-17 01:01 16384 c:\windows\System32\config
+ 2007-08-23 19:24 . 2009-08-17 23:11 16384 c:\windows\System32\config
+ 2009-08-17 22:12 . 2009-08-17 22:36 2086 c:\windows\SoftwareDistrib
- 2009-08-16 17:00 . 2009-08-16 17:00 2048 c:\windows\ServiceProfiles
+ 2009-08-17 21:56 . 2009-08-17 21:56 2048 c:\windows\ServiceProfiles
- 2009-08-16 17:00 . 2009-08-16 17:00 2048 c:\windows\ServiceProfiles
+ 2009-08-17 21:56 . 2009-08-17 21:56 2048 c:\windows\ServiceProfiles
+ 2006-11-02 10:33 . 2009-08-17 23:14 595446 c:\windows\System32\perfh0
- 2006-11-02 10:33 . 2009-08-17 01:03 595446 c:\windows\System32\perfh0
- 2006-11-02 10:33 . 2009-08-17 01:03 101144 c:\windows\System32\perfc0
+ 2006-11-02 10:33 . 2009-08-17 23:14 101144 c:\windows\System32\perfc0
.
((((((((((((((((((((((((((
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Brow
2009-08-16 16:18 3962184 ----a-w- c:\users\Ashley\AppData\Lo
[HKEY_LOCAL_MACHINE\SOFTWA
"{A26503FE-B3B8-4910-A9DC-
[HKEY_CLASSES_ROOT\clsid\{
[HKEY_CLASSES_ROOT\Cdmyidd
[HKEY_CLASSES_ROOT\TypeLib
[HKEY_CLASSES_ROOT\Cdmyidd
[HKEY_CURRENT_USER\SOFTWAR
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\pro
"CyberDefender Early Detection Center"="c:\users\Ashley\A
[HKEY_LOCAL_MACHINE\SOFTWA
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ISUSScheduler"="c:\progra
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Cente
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-02-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 20480]
"FaxCenterServer"="c:\prog
"LXDDCATS"="c:\windows\sys
"ISUSPM Startup"="c:\progra~1\COMM
"IgfxTray"="c:\windows\sys
"HotKeysCmds"="c:\windows\
"Persistence"="c:\windows\
"SunJavaUpdateSched"="c:\p
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe
"iTunesHelper"="c:\program
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]
c:\users\Ashley\AppData\Ro
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.E
c:\programdata\Microsoft\W
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-18 50688]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
[HKEY_LOCAL_MACHINE\softwa
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\softwa
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SAS
[HKEY_LOCAL_MACHINE\SYSTEM
@="Service"
[HKLM\~\services\sharedacc
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedacc
"{32E4EFBC-D65A-4C7E-A712-
"{254ECC69-18CA-430B-8672-
"{C0799222-CB76-4EF7-93A2-
"{7D76567D-BEBF-4C0A-B673-
"{9F28B2AA-799E-41ED-87DF-
"{2DDF330A-6A10-4264-8E34-
"{DD15960A-9AEE-4FC2-AA36-
"{ACB0C8D3-8096-43E0-90DE-
"{C70D293E-049D-4EF8-BFB2-
"{FC842CF7-BC4B-4849-A70A-
"{5B32055D-C911-492C-A425-
"{A82FDC1F-B5EC-4A99-A653-
"{1A623AFE-D4A1-4862-8117-
"{DC4D839F-94BE-4938-BB20-
"{7F5A3BEC-4387-40B2-AEB3-
"{9B5C9F72-CB72-4532-B420-
"{59F57803-FD4A-4511-8DA0-
"{76E57DF1-8539-4E0F-B99C-
"{37BE8810-CDFA-4C8A-B4D2-
"{F68D2670-99F0-4161-A353-
"{0414C1CB-2FC4-47EC-8511-
"{28BFE97E-7A4B-4855-B440-
"{2FF4BA05-A078-4DAD-B27A-
"{7EA17C89-61FA-4063-9154-
"{C8B31DA4-06B1-4FB3-8D5D-
"{AC0F20B2-A510-497B-ABFC-
"{5E291D0B-FF57-4217-8EE8-
"{1C1E544C-27E7-4894-8CC5-
"{BA4A6FF1-C409-4172-A6B5-
"{609E5137-394C-4642-93F7-
"{EBA3A307-8EA6-44FC-B19D-
"{2D4AA369-0C30-4317-AC90-
"{E002CF33-7DC4-41C8-A99E-
"{6B3B8C76-7305-46E8-B806-
"{D82C7B06-4D4A-44D0-B28F-
"{B0E15E2F-7DFA-4CBE-BC61-
"TCP Query User{6F778B91-43ED-4D51-A7
"UDP Query User{767DE33E-1EB2-4275-A0
"TCP Query User{B412F684-3B7E-4FE6-93
"UDP Query User{38998B35-7117-4E00-B0
"TCP Query User{FE9D2361-33AF-4214-A7
"UDP Query User{A7CF429A-45BC-415A-8D
"{91B12892-8809-453D-BA53-
"{C189BE4F-7743-4BFA-9D8F-
"TCP Query User{7386368C-E1F5-4124-83
"UDP Query User{8BB5DE09-3EBD-4776-8F
"{6EE5BF18-0950-4602-9611-
"{25BC56A2-6854-4C12-833B-
"{F136F37B-52D7-4F9A-AF95-
"{181EC92C-D068-4643-96C8-
"TCP Query User{5E843EB5-FCB6-4AB5-93
"UDP Query User{D9F2A562-7EE8-42B7-86
"TCP Query User{080786F9-7466-43C3-BA
"UDP Query User{16466C4C-C7A7-4DD5-9F
"TCP Query User{838D75CB-6B87-4A70-BE
"UDP Query User{9077CC0C-5F93-4CE5-B4
"{06DDBC43-51C0-4898-A6A0-
"{C866678C-278B-4368-819B-
"{67C00D71-DF8B-4A34-B415-
"{82487DC2-D7C7-4D28-8245-
"{B831C781-4264-4D9E-8CF9-
"{0B8AAC10-C984-4A14-825E-
"{90F240C4-13FB-418F-9C60-
"{C1A37D04-AD09-4374-A4CA-
"{C12B4631-5906-4A2E-87D2-
"{FFC1B4D3-DCD5-417A-9682-
"{6BE7E88E-E553-49E3-98D6-
"{A4CB61EB-EB6D-4DBE-B316-
"{0B1C1DDA-C32B-4DAE-8DD0-
"{54111CF7-9D92-435E-ADFA-
"{3965213E-463F-495F-859F-
"{B1A15A76-8C0C-4FD7-9DA2-
"{651242B6-AA39-4234-958D-
"{155B3428-797B-4E3D-BD53-
"TCP Query User{9CF2FABD-5E25-4895-9D
"UDP Query User{73B28952-E797-4395-B0
"{25041EAC-73C9-4683-8FBB-
"{F4529EEE-8393-4FC6-B5AC-
"{08A61AF0-5205-4452-8FAE-
"{15FE42FD-35AF-49D2-AF6B-
"{06861293-0B78-4116-BFF4-
"{467FA738-931D-4837-BB72-
"{C04D4441-1C3A-471F-9498-
"{C1E81B3A-8BE1-4377-81DA-
[HKLM\~\services\sharedacc
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedacc
"DoNotAllowExceptions"= 0 (0x0)
R1 SASDIFSV;SASDIFSV;c:\progr
R1 SASKUTIL;SASKUTIL;c:\progr
R2 CDAVFS;CDAVFS;c:\windows\S
R2 lxdd_device;lxdd_device;c:
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/18/2008 10:08 PM 809296]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\Vie
R3 SASENUM;SASENUM;c:\program
[HKEY_LOCAL_MACHINE\softwa
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\softwa
"c:\windows\System32\rundl
.
Contents of the 'Scheduled Tasks' folder
2009-08-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
2009-08-17 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
2009-08-16 c:\windows\Tasks\RegCure.j
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = www.myspace.com/
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-4
FF - ProfilePath - c:\users\Ashley\AppData\Ro
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.searc
FF - prefs.js: browser.search.selectedEng
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.searc
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoin
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-0
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resum
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_s
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled",
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabl
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autoc
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.ma
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixels
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_sing
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_scrip
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuff
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
.
**************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 19:18
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Wi
LXDDCATS = rundll32 c:\windows\system32\spool\
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Softw
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_LOCAL_MACHINE\system
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-17 19:21
ComboFix-quarantined-files
ComboFix2.txt 2009-08-17 01:14
Pre-Run: 113,536,819,200 bytes free
Post-Run: 113,484,734,464 bytes free
417 --- E O F --- 2009-08-17 22:34
if nothing works out reinstall the OS. ant put a proper antivirus and antispyware
ASKER
govindarajan78:
At the time this happened, I had AVG, spybot and superantispyware running on this machine.
Not a good solution.
At the time this happened, I had AVG, spybot and superantispyware running on this machine.
Not a good solution.
what is the message she gets when she visits a downloads sites or myspace.
check if popup blocking enabled if yes then disable it and check
check if popup blocking enabled if yes then disable it and check
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The sites just won't open and eventually time out.
What is the hosts file?
What is the hosts file?
ASKER
I know what hosts file is but now but how would I know if it was correct?
ASKER
I tried every other suggestion. Maybe this was the last piece of the puzzle, but this issue was not fixed until I took this tip. I ended up fixing the HOSTS file by downloading a file called HostsXpert.zip and running it.
After all the time I spent on this, I just wish I could award more points to govindarajan78 than the max 500
After all the time I spent on this, I just wish I could award more points to govindarajan78 than the max 500
check tthe hosts file, can be found at c:/windows\system32\drives
open it thru notepad if u see any thing apart from
127.0.0.1 localhost
remove it. down load latest windows defender and install