Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Browser freezes after it searches on yahoo,

This is a discussion on Browser freezes after it searches on yahoo, within the Resolved HJT Threads forums, part of the Tech Support Forum category.


 
 
Thread Tools Search this Thread
Old 12-15-2009, 09:23 PM   #1
Registered Member
 
Join Date: Dec 2009
Posts: 21
OS: windows vista service pack 2



I am running Vista / service pack 2. I can reach websites if I type them in completely or pull them from bookmarks. When I reach a page for selecting the website the computer freezes and I have to re-boot. This happens no matter which search engine I use.
I have not been able to install any Windows updates. I get error messages - 646 and 643.
I did have Limewire and removed it two weeks ago.
Scan results attached.
Thanks for any help.
Pickleboo



DDS (Ver_09-12-01.01) - NTFSx86
Run by The Dents at 20:09:30.08 on Tue 12/15/2009
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.938 [GMT -6:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\lxcjcoms.exe
C:\Windows\system32\lxdfcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Workshare\Modules\Workshare.Protect.Service.SvcHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\AOL\1189175660\ee\aolsoftware.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TypingMaster\QuickPhrase\quickphrase.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\The Dents\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYD3KFH8\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80110
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80110
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: Big Fish Games Toolbar: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbar\bfg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: Big Fish Games Toolbar: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbar\bfg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [QuickPhrase] "c:\program files\typingmaster\quickphrase\quickphrase.exe"
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [PalmOneWMPURL] e:\english\essential_software\url\URL.bat WMP
uRun: [PalmOneAutoRun] e:\english\essential_software\Software Essentials.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; yie8)" -"http://www8.agame.com/games/shockwave/m/My3DRoom/My3DRoom_girlsgogames_com.htm"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HostManager] c:\program files\common files\aol\1189175660\ee\AOLSoftware.exe
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
mRun: [lxcjmon.exe] "c:\program files\lexmark 8300 series\lxcjmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 8300 series\ezprint.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SpiralFrog] c:\program files\spiralfrog\Spiralfrog.exe
mRun: [lxdfmon.exe] "c:\program files\lexmark 6500 series\lxdfmon.exe"
mRun: [lxdfamon] "c:\program files\lexmark 6500 series\lxdfamon.exe"
mRun: [Lexmark 6500 Series Fax Server] "c:\program files\lexmark 6500 series\fm3032.exe" /s
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm117MNUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Baby%20Luv/Images/stg_drm.ocx
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/The%20Hidden%20Prophecies%20of%20Nostradamus/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
mASetup: Workshare Professional 5.21.9652.292 - c:\program files\workshare\modules\WmConfigAssistant.exe /userinit
mASetup: Workshare Protect Client - c:\program files\workshare\modules\Workshare.Protect.UserInit.exe

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-17 214664]
R3 bcm;Beceem Communications Inc. Tarang3;c:\windows\system32\drivers\drxvi314.sys [2009-12-3 233472]
R3 bcmbusctr;Beceem Devices' Enumerator Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-12-3 54784]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-17 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-17 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-17 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-17 34248]

=============== Created Last 30 ================

2009-12-15 22:54:16 0 d-----w- c:\users\theden~1\appdata\roaming\SupportSoft
2009-12-12 15:04:24 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 15:04:23 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 15:04:23 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 01:57:22 0 d-----w- c:\program files\Nanny Mania 2 - Hollywood
2009-12-10 04:29:08 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 00:25:45 0 d-----w- c:\users\theden~1\appdata\roaming\OtherSide Realm of Eons
2009-12-08 03:14:25 0 d-----w- c:\program files\Babysitting Mania
2009-12-07 23:05:15 0 d-----w- c:\program files\Baby Luv
2009-12-06 19:08:55 0 d-----w- c:\program files\Cake Mania Main Street
2009-12-03 18:53:46 233472 ----a-w- c:\windows\system32\drivers\drxvi314.sys
2009-12-03 18:53:46 1739180 ----a-w- c:\windows\system32\drivers\macxvi200.bin
2009-12-03 18:53:46 144 ----a-w- c:\windows\system32\drivers\macxvi.cfg
2009-12-03 18:53:21 54784 ----a-w- c:\windows\system32\drivers\BcmBusCtr.sys
2009-12-03 18:52:13 0 d-----w- c:\program files\common files\PctelEapPeer Authentication
2009-12-03 18:52:08 0 d-----w- c:\programdata\Clearwire
2009-12-03 18:52:08 0 d-----w- c:\program files\Clearwire
2009-12-02 18:58:12 0 d-----w- c:\programdata\NeoEdge Networks
2009-11-28 07:12:40 0 d-----w- c:\users\theden~1\appdata\roaming\casanova
2009-11-25 15:37:18 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 15:31:05 0 d-----w- c:\program files\MSXML 4.0
2009-11-24 20:36:18 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-24 20:35:19 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 20:35:19 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 15:18:15 0 d-----w- c:\program files\Conduit
2009-11-23 03:54:13 0 d-----w- c:\program files\Murder She Wrote
2009-11-23 03:36:06 0 d-----w- c:\users\theden~1\appdata\roaming\Scholastic
2009-11-19 03:19:04 0 d-----w- c:\programdata\QuickTime
2009-11-19 02:45:13 0 d-----w- c:\programdata\HotSync
2009-11-19 02:44:27 53248 ----a-w- c:\windows\PalmDevC.dll
2009-11-19 02:41:07 0 d-----w- c:\program files\palmOne
2009-11-18 13:39:00 0 d-----w- c:\program files\Windows Portable Devices
2009-11-18 13:38:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 13:38:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-18 13:28:31 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 13:28:29 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 13:28:29 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 13:26:55 2626 ----a-w- c:\windows\system32\wbem\BthMtpEnum.mof
2009-11-18 13:25:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-18 13:25:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 13:25:04 234496 ----a-w- c:\windows\system32\oleacc.dll

==================== Find3M ====================

2009-12-06 02:34:35 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-06 02:34:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-06 02:34:35 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 13:38:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-24 16:43:15 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-07 11:36:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2008-12-24 23:16:21 174 --sha-w- c:\program files\desktop.ini
2007-12-09 04:05:03 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-11 18:08:45 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-08-17 17:12:27 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:11:38.64 ===============
Attached Files
File Type: txt DDS.txt (23.5 KB, 2 views)
File Type: txt Attach.txt (4.7 KB, 8 views)

__________________
Pickleboo is offline  
Old 12-18-2009, 09:58 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,654
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see a gmer log in order to help you.

Download GMER Rootkit Scanner from here and Save it to your Desktop.
  • Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-18-2009, 05:24 PM   #3
Registered Member
 
Join Date: Dec 2009
Posts: 21
OS: windows vista service pack 2



Thanks for responding as quickly as you have.
Attached is the rootkit scan.

Appreciate your help.
Attached Files
File Type: zip Attach.zip (2.2 KB, 1 views)
__________________
Pickleboo is offline  
Old 12-18-2009, 05:43 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,654
OS: XP SP3; Win7 32/64-bit



That's not the rootkit scan you attached.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-18-2009, 08:24 PM   #5
Registered Member
 
Join Date: Dec 2009
Posts: 21
OS: windows vista service pack 2



Sorry about that mistake. I think this is correct now
Attached Files
File Type: txt GMER.txt (7.1 KB, 1 views)
__________________
Pickleboo is offline  
Old 12-18-2009, 08:44 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,654
OS: XP SP3; Win7 32/64-bit



Hello Pickleboo.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

Download ComboFix from here and save it to your desktop.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

------------------------------------------------------
  • Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
  • Please see this >> http://img.photobucket.com/albums/v6...ee_disable.gif
  • Double-click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the C:\ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-18-2009, 10:18 PM   #7
Registered Member
 
Join Date: Dec 2009
Posts: 21
OS: windows vista service pack 2



The download for Combofix has the name "kittyfix" on it and the site will not allow me to load it. It says I should change he file name to numeric characters, but I don't know how to do that on the download.
Thanks
__________________
Pickleboo is offline  
Old 12-19-2009, 07:18 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,654
OS: XP SP3; Win7 32/64-bit



Hello again, Pickleboo. Let's try an alternate browser.

Download and install Mozilla's Firefox. It will only take a few moments.

http://www.mozilla.com/en-US/

Now see if you can download ComboFix(KittyFix).

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-19-2009, 11:57 AM   #9
Registered Member
 
Join Date: Dec 2009
Posts: 21
OS: windows vista service pack 2



Good afternoon -
Attached is the scan from the Combofix
Thanks

ComboFix 09-12-18.03 - The Dents 12/19/2009 12:33:41.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.833 [GMT -6:00]
Running from: c:\users\The Dents\Downloads\KittyFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.spiralfrog.com
.
((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-19 18:45 . 2009-12-19 18:45 -------- d-----w- c:\users\The Dents\AppData\Local\temp
2009-12-19 18:45 . 2009-12-19 18:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-12-19 18:45 . 2009-12-19 18:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-19 18:45 . 2009-12-19 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-19 17:09 . 2009-12-19 17:30 -------- d-----w- C:\KittyFix
2009-12-17 16:12 . 2009-12-17 16:12 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-15 22:54 . 2009-12-15 22:54 -------- d-----w- c:\users\The Dents\AppData\Roaming\SupportSoft
2009-12-12 15:04 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 15:04 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 15:04 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 04:29 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 00:25 . 2009-12-10 00:29 -------- d-----w- c:\users\The Dents\AppData\Roaming\OtherSide Realm of Eons
2009-12-06 18:45 . 2009-12-06 18:45 1421449 ----a-w- c:\programdata\NeoEdge Networks\Yahoo_Monopoly\IAF.dll
2009-12-03 18:55 . 2009-12-03 18:55 -------- d-----w- c:\users\The Dents\AppData\Local\Clearwire
2009-12-03 18:53 . 2009-01-20 22:08 233472 ----a-w- c:\windows\system32\drivers\drxvi314.sys
2009-12-03 18:53 . 2009-01-20 22:08 1739180 ----a-w- c:\windows\system32\drivers\macxvi200.bin
2009-12-03 18:53 . 2009-01-20 22:08 54784 ----a-w- c:\windows\system32\drivers\BcmBusCtr.sys
2009-12-03 18:52 . 2009-12-03 18:52 -------- d-----w- c:\program files\Common Files\PctelEapPeer Authentication
2009-12-03 18:52 . 2009-12-03 18:52 -------- d-----w- c:\programdata\Clearwire
2009-12-03 18:52 . 2009-12-03 18:52 -------- d-----w- c:\program files\Clearwire
2009-12-02 18:58 . 2009-12-06 18:45 -------- d-----w- c:\programdata\NeoEdge Networks
2009-12-02 18:58 . 2009-12-02 18:58 1245321 ----a-w- c:\programdata\NeoEdge Networks\Yahoo_SuperCollapse3\IAF.dll
2009-11-28 07:12 . 2009-11-28 07:12 -------- d-----w- c:\users\The Dents\AppData\Roaming\casanova
2009-11-25 15:37 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 15:31 . 2009-11-25 15:31 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 20:35 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 20:35 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 03:54 . 2009-11-23 03:55 -------- d-----w- c:\program files\Murder She Wrote
2009-11-23 03:36 . 2009-11-23 03:36 -------- d-----w- c:\users\The Dents\AppData\Roaming\Scholastic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 18:09 . 2008-08-13 22:29 -------- d-----w- c:\program files\SpiralFrog
2009-12-19 17:55 . 2008-11-06 20:14 -------- d-----w- c:\program files\Yahoo! Games
2009-12-19 17:55 . 2007-12-19 19:40 -------- d-----w- c:\program files\iWin.com
2009-12-19 06:05 . 2007-08-17 09:19 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-19 05:03 . 2007-11-04 01:37 -------- d-----w- c:\program files\Lx_cats
2009-12-19 03:15 . 2009-09-02 04:07 -------- d-----w- c:\program files\McAfee
2009-12-18 01:35 . 2008-01-19 05:13 -------- d-----w- c:\users\The Dents\AppData\Roaming\PlayFirst
2009-12-18 01:35 . 2008-01-19 05:13 -------- d-----w- c:\programdata\PlayFirst
2009-12-16 04:29 . 2008-06-14 03:53 -------- d-----w- c:\users\The Dents\AppData\Roaming\MysteryStudio
2009-12-12 05:33 . 2009-07-28 02:27 -------- d-----w- c:\users\The Dents\AppData\Roaming\Gamers Digital
2009-12-12 05:33 . 2009-07-28 02:27 -------- d-----w- c:\programdata\Gamers Digital
2009-12-10 17:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 03:19 . 2007-12-09 02:57 -------- d-----w- c:\users\The Dents\AppData\Roaming\SpinTop
2009-12-06 04:19 . 2007-12-19 19:38 -------- d-----w- c:\programdata\iWin Games
2009-12-06 03:39 . 2007-08-21 21:22 116816 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-06 02:46 . 2007-08-21 21:31 116816 ----a-w- c:\users\The Dents\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-06 02:42 . 2007-08-17 09:41 -------- d-----w- c:\program files\Google
2009-12-06 02:36 . 2009-11-19 02:41 -------- d-----w- c:\program files\palmOne
2009-12-06 02:34 . 2009-09-10 21:19 -------- d-----w- c:\program files\Sony
2009-12-06 02:26 . 2009-07-09 00:14 -------- d-----w- c:\program files\Zylom Games
2009-12-06 02:25 . 2009-10-10 18:28 -------- d-----w- c:\program files\LimeWire
2009-12-06 01:27 . 2009-10-10 18:28 -------- d-----w- c:\users\The Dents\AppData\Roaming\LimeWire
2009-12-01 21:48 . 2007-08-17 09:36 -------- d-----w- c:\programdata\McAfee
2009-11-27 04:42 . 2009-06-19 20:39 -------- d-----w- c:\users\The Dents\AppData\Roaming\IMVU
2009-11-24 15:26 . 2008-07-11 23:08 -------- d-----w- c:\program files\RealArcade
2009-11-24 15:23 . 2009-07-15 23:04 -------- d-----w- c:\programdata\Norton
2009-11-24 15:23 . 2007-09-06 03:05 -------- d-----w- c:\program files\Norton Security Scan
2009-11-23 19:29 . 2007-08-17 09:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 06:40 . 2009-12-10 04:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 04:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 04:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 04:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 00:00 . 2009-07-17 23:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-20 21:56 . 2009-11-19 02:41 65536 ----a-r- c:\users\The Dents\AppData\Roaming\Microsoft\Installer\{E434580A-2D4A-4433-A81E-4BCAE86AD148}\NewShortcut6.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2009-11-20 21:56 . 2009-11-19 02:41 65536 ----a-r- c:\users\The Dents\AppData\Roaming\Microsoft\Installer\{E434580A-2D4A-4433-A81E-4BCAE86AD148}\NewShortcut5.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2009-11-20 21:56 . 2009-11-19 02:41 65536 ----a-r- c:\users\The Dents\AppData\Roaming\Microsoft\Installer\{E434580A-2D4A-4433-A81E-4BCAE86AD148}\NewShortcut4.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2009-11-20 21:56 . 2009-11-19 02:41 65536 ----a-r- c:\users\The Dents\AppData\Roaming\Microsoft\Installer\{E434580A-2D4A-4433-A81E-4BCAE86AD148}\NewShortcut1.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2009-11-20 21:56 . 2009-11-19 02:41 49152 ----a-r- c:\users\The Dents\AppData\Roaming\Microsoft\Installer\{E434580A-2D4A-4433-A81E-4BCAE86AD148}\NewShortcut3.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2009-11-19 03:34 . 2009-11-19 03:34 -------- d-----w- c:\users\The Dents\AppData\Roaming\Arcsoft
2009-11-19 03:19 . 2009-11-19 03:19 -------- d-----w- c:\programdata\QuickTime
2009-11-19 02:45 . 2009-11-19 02:45 -------- d-----w- c:\programdata\HotSync
2009-11-19 02:38 . 2009-11-19 02:38 -------- d-----w- c:\users\The Dents\AppData\Roaming\HotSync
2009-11-19 02:38 . 2009-11-19 02:44 53248 ----a-w- c:\windows\PalmDevC.dll
2009-11-19 01:21 . 2008-11-18 20:19 -------- d-----w- c:\users\The Dents\AppData\Roaming\Artogon
2009-11-18 13:39 . 2009-11-18 13:39 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 13:38 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 13:38 . 2009-11-18 13:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 13:38 . 2009-11-18 13:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-18 05:14 . 2008-12-04 00:16 -------- d-----w- c:\programdata\Alawar Stargaze
2009-11-14 21:39 . 2008-10-09 16:08 -------- d-----w- c:\users\The Dents\AppData\Roaming\Playrix Entertainment
2009-11-14 06:11 . 2009-11-14 06:10 -------- d-----w- c:\program files\Big City Adventure - New York City
2009-11-12 02:05 . 2008-09-28 03:20 -------- d-----w- c:\users\The Dents\AppData\Roaming\funkitron
2009-11-12 00:37 . 2009-11-12 00:37 -------- d-----w- c:\users\The Dents\AppData\Roaming\blg
2009-11-12 00:37 . 2009-11-12 00:37 -------- d-----w- c:\programdata\blg
2009-11-10 04:06 . 2009-11-10 04:06 -------- d-----w- c:\users\The Dents\AppData\Roaming\Lazy Turtle Games
2009-11-10 02:16 . 2008-09-28 01:23 46128 ----a-w- c:\programdata\iWin Games\firefox\iWinArcadeLauncher.exe
2009-11-10 02:05 . 2008-08-20 21:12 -------- d-----w- c:\users\The Dents\AppData\Roaming\Yahoo!
2009-11-06 05:35 . 2009-09-20 02:49 -------- d-----w- c:\users\The Dents\AppData\Roaming\Merscom
2009-11-06 05:35 . 2009-09-20 02:49 -------- d-----w- c:\programdata\Merscom
2009-11-04 03:03 . 2009-11-04 03:01 -------- d-----w- c:\users\The Dents\AppData\Roaming\TitanicMystery
2009-11-04 03:02 . 2009-11-04 03:02 -------- d-----w- c:\programdata\1912 Titanic Mystery
2009-11-03 04:15 . 2009-11-03 04:15 -------- d-----w- c:\programdata\GameHouse
2009-11-03 02:42 . 2009-10-09 13:07 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 15:34 . 2008-01-03 00:50 -------- d-----w- c:\programdata\Yahoo! Companion
2009-11-02 15:34 . 2007-08-17 09:42 -------- d-----w- c:\program files\Yahoo!
2009-11-01 03:19 . 2009-10-31 20:41 -------- d-----w- c:\program files\Playalot Games
2009-11-01 03:17 . 2008-01-19 03:47 -------- d-----w- c:\program files\Oberon Media
2009-10-31 23:17 . 2008-01-19 08:01 -------- d-----w- c:\programdata\JollyBear
2009-10-31 20:58 . 2009-10-31 20:56 -------- d-----w- c:\program files\iTunes
2009-10-31 20:57 . 2009-10-31 20:57 -------- d-----w- c:\program files\iPod
2009-10-31 20:57 . 2007-10-28 00:19 -------- d-----w- c:\program files\Common Files\Apple
2009-10-31 20:48 . 2009-10-31 20:48 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 20:45 . 2008-07-15 00:18 -------- d-----w- c:\users\The Dents\AppData\Roaming\SpinTop Games
2009-10-31 20:43 . 2009-10-31 20:43 64 ----a-w- c:\windows\GPlrLanc.dat
2009-10-31 20:43 . 2009-10-31 20:43 -------- d-----w- c:\programdata\Free Ride Games
2009-10-31 20:43 . 2009-10-31 20:43 -------- d-----w- c:\users\The Dents\AppData\Roaming\Titanium Gears
2009-10-28 05:15 . 2008-01-20 07:22 16 ----a-w- c:\windows\popcinfo.dat
2009-10-27 05:19 . 2009-10-27 05:19 -------- d-----w- c:\users\The Dents\AppData\Roaming\GTM_Bodie
2009-10-26 01:02 . 2008-02-23 16:44 -------- d-----w- c:\users\The Dents\AppData\Roaming\Big Fish Games
2009-10-24 16:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-24 16:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-24 16:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-24 16:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-24 16:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-24 16:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-23 16:25 . 2008-12-31 16:50 -------- d-----w- c:\programdata\Microsoft Help
2009-10-22 20:27 . 2008-01-20 00:47 -------- d-----w- c:\users\The Dents\AppData\Roaming\Flood Light Games
2009-10-22 20:27 . 2008-01-20 00:47 -------- d-----w- c:\programdata\Flood Light Games
2009-10-22 19:53 . 2009-09-17 00:56 -------- d-----w- c:\users\The Dents\AppData\Roaming\ERS G-Studio
2009-10-22 18:42 . 2009-10-22 18:41 -------- d-----w- c:\users\The Dents\AppData\Roaming\MissTeriTale3
2009-10-21 03:35 . 2009-04-16 02:50 -------- d-----w- c:\programdata\Meridian93
2009-10-21 03:34 . 2009-10-21 03:34 -------- d-----w- c:\users\The Dents\AppData\Roaming\art2
2009-10-21 03:34 . 2009-04-16 02:49 -------- d-----w- c:\users\The Dents\AppData\Roaming\Meridian93
2009-10-08 21:08 . 2009-11-18 13:25 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 13:25 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 13:25 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-07 11:36 . 2009-12-10 04:28 243712 ----a-w- c:\windows\system32\rastls.dll
2009-10-01 01:02 . 2009-11-18 13:26 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 13:27 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 13:26 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2007-08-17 17:12 . 2007-08-17 17:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"QuickPhrase"="c:\program files\TypingMaster\QuickPhrase\quickphrase.exe" [2008-11-18 638456]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-18 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 133912]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"HostManager"="c:\program files\Common Files\AOL\1189175660\ee\AOLSoftware.exe" [2006-09-26 50736]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 106496]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2007-05-08 205744]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2007-05-08 103344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpiralFrog"="c:\program files\SpiralFrog\Spiralfrog.exe" [2008-03-12 163128]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-12 455600]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" [2007-06-12 308144]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-02-03 54536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-17 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-8-17 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d1,3c,2e,60,cc,54,ca,01

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [12/19/2007 1:03 PM 73728]
R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/1/2009 10:10 PM 93320]
R2 Workshare Protect Service;Workshare Protect Service;"c:\program files\Workshare\Modules\Workshare.Protect.Service.SvcHost.exe" [9/11/2008 6:06 PM 36864]
S2 gupdate1ca002a258b101a;Google Update Service (gupdate1ca002a258b101a);c:\program files\Google\Update\GoogleUpdate.exe [7/8/2009 6:13 PM 133104]
S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdfserv.exe [5/29/2007 12:06 PM 99248]
S3 bcm;Beceem Communications Inc. Tarang3;c:\windows\System32\drivers\drxvi314.sys [12/3/2009 12:53 PM 233472]
S3 bcmbusctr;Beceem Devices' Enumerator Driver;c:\windows\System32\drivers\BcmBusCtr.sys [12/3/2009 12:53 PM 54784]
S3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\Clearwire\Connection Manager\ConAppsSvc.exe [1/27/2009 1:40 PM 124168]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [1/27/2009 1:40 PM 111880]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/18/2008 11:53 PM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Workshare Professional 5.21.9652.292]
2008-09-13 18:03 2338816 ----a-w- c:\program files\Workshare\Modules\WMConfigAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Workshare Protect Client]
2008-09-12 00:12 20480 ----a-w- c:\program files\Workshare\Modules\Workshare.Protect.UserInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm117MNUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\The Dents\AppData\Roaming\Mozilla\Firefox\Profiles\9mvim6w3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com//?fr=fp-yma3
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yma3&type=&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 12:45
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-19 12:48:10
ComboFix-quarantined-files.txt 2009-12-19 18:48
ComboFix2.txt 2009-12-19 17:30

Pre-Run: 90,788,618,240 bytes free
Post-Run: 90,758,217,728 bytes free

- - End Of File - - A39831452717EECB8771113CA8E5DF2B
Attached Files
File Type: txt ComboFix.txt (27.9 KB, 1 views)
__________________
Pickleboo is offline  
Old 12-19-2009, 12:18 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,654
OS: XP SP3; Win7 32/64-bit



Hello again, Pickleboo. No need to attach logs going forward. Just copy/paste them directly into the Reply to Thread window. Thanks.

------------------------------------------------------

You were instructed to save ComboFix.exe to your desktop.

Quote:
Running from: c:\users\The Dents\Downloads\KittyFix.exe
Please move it to your desktop.

------------------------------------------------------

It appears you ran ComboFix twice. I need to see the first log.

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > and tick 'Display Run' box > OK > OK.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\Qoobox\ComboFix2.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-19-2009, 01:20 PM   #11
Registered Member
 
Join Date: Dec 2009
Posts: 21
OS: windows vista service pack 2



I have the file saved to the desktop. Here is the log from the first scan.
ComboFix 09-12-18.03 - The Dents 12/19/2009 11:12:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.608 [GMT -6:00]
Running from: c:\users\The Dents\Downloads\KittyFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2229376273-1468763496-2003331228-500
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\bg-gradient.gif
c:\program files\SelectRebates\SahImages\button-close.gif
c:\program files\SelectRebates\SahImages\sah-logopop.gif
c:\program files\SelectRebates\SahImages\SAHS_popuplogo2.gif
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\basis.xml.bak
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShOPathometoolbar.dll
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Cursors\aero_link.cur
c:\windows\system32\f3PSSavr.scr

----- BITS: Possible infected sites -----

hxxp://www.spiralfrog.com
.
((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-19 17:26 . 2009-12-19 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-17 16:12 . 2009-12-17 16:12 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-16 02:24 . 2004-08-04 14:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-12-16 02:24 . 2009-12-16 02:24 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-15 22:54 . 2009-12-15 22:54 -------- d-----w- c:\users\The Dents\AppData\Roaming\SupportSoft
2009-12-12 15:04 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 15:04 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 15:04 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 01:57 . 2009-12-11 02:00 -------- d-----w- c:\program files\Nanny Mania 2 - Hollywood
2009-12-10 04:29 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 00:25 . 2009-12-10 00:29 -------- d-----w- c:\users\The Dents\AppData\Roaming\OtherSide Realm of Eons
2009-12-08 03:14 . 2009-12-08 03:15 -------- d-----w- c:\program files\Babysitting Mania
2009-12-07 23:05 . 2009-12-11 02:51 -------- d-----w- c:\program files\Baby Luv
2009-12-06 19:08 . 2009-12-06 19:09 -------- d-----w- c:\program files\Cake Mania Main Street
2009-12-06 18:45 . 2009-12-06 18:45 1421449 ----a-w- c:\programdata\NeoEdge Networks\Yahoo_Monopoly\IAF.dll
2009-12-03 18:55 . 2009-12-03 18:55 -------- d-----w- c:\users\The Dents\AppData\Local\Clearwire
2009-12-03 18:53 . 2009-01-20 22:08 233472 ----a-w- c:\windows\system32\drivers\drxvi314.sys
2009-12-03 18:53 . 2009-01-20 22:08 1739180 ----a-w- c:\windows\system32\drivers\macxvi200.bin
2009-12-03 18:53 . 2009-01-20 22:08 54784 ----a-w- c:\windows\system32\drivers\BcmBusCtr.sys
2009-12-03 18:52 . 2009-12-03 18:52 -------- d-----w- c:\program files\Common Files\PctelEapPeer Authentication
2009-12-03 18:52 . 2009-12-03 18:52 -------- d-----w- c:\programdata\Clearwire
2009-12-03 18:52 . 2009-12-03 18:52 -------- d-----w- c:\program files\Clearwire
2009-12-02 18:58 . 2009-12-06 18:45 -------- d-----w- c:\programdata\NeoEdge Networks
2009-12-02 18:58 . 2009-12-02 18:58 1245321 ----a-w- c:\programdata\NeoEdge Networks\Yahoo_SuperCollapse3\IAF.dll
2009-11-28 07:12 . 2009-11-28 07:12 -------- d-----w- c:\users\The Dents\AppData\Roaming\casanova
2009-11-25 15:37 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 15:31 . 2009-11-25 15:31 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 20:35 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 20:35 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 03:54 . 2009-11-23 03:55 -------- d-----w- c:\program files\Murder She Wrote
2009-11-23 03:36 . 2009-11-23 03:36 -------- d-----w- c:\users\The Dents\AppData\Roaming\Scholastic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 16:43 . 2008-08-13 22:29 -------- d-----w- c:\program files\SpiralFrog
2009-12-19 06:05 . 2007-08-17 09:19 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-19 05:03 . 2007-11-04 01:37 -------- d-----w- c:\program files\Lx_cats
2009-12-19 03:15 . 2009-09-02 04:07 -------- d-----w- c:\program files\McAfee
2009-12-18 01:35 . 2008-01-19 05:13 -------- d-----w- c:\users\The Dents\AppData\Roaming\PlayFirst
2009-12-18 01:35 . 2008-01-19 05:13 -------- d-----w- c:\programdata\PlayFirst
2009-12-16 04:29 . 2008-06-14 03:53 -------- d-----w- c:\users\The Dents\AppData\Roaming\MysteryStudio
2009-12-12 05:33 . 2009-07-28 02:27 -------- d-----w- c:\users\The Dents\AppData\Roaming\Gamers Digital
2009-12-12 05:33 . 2009-07-28 02:27 -------- d-----w- c:\programdata\Gamers Digital
2009-12-10 17:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 03:19 . 2007-12-09 02:57 -------- d-----w- c:\users\The Dents\AppData\Roaming\SpinTop
2009-12-06 18:45 . 2008-11-06 20:14 -------- d-----w- c:\program files\Yahoo! Games
2009-12-06 04:19 . 2007-12-19 19:38 -------- d-----w- c:\programdata\iWin Games
2009-12-06 03:39 . 2007-08-21 21:22 116816 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-06 02:46 . 2007-08-21 21:31 116816 ----a-w- c:\users\The Dents\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-06 02:42 . 2007-08-17 09:41 -------- d-----w- c:\program files\Google
2009-12-06 02:36 . 2009-11-19 02:41 -------- d-----w- c:\program files\palmOne
2009-12-06 02:34 . 2009-09-10 21:19 -------- d-----w- c:\program files\Sony
2009-12-06 02:26 . 2009-07-09 00:14 -------- d-----w- c:\program files\Zylom Games
2009-12-06 02:25 . 2009-10-10 18:28 -------- d-----w- c:\program files\LimeWire
2009-12-06 01:41 . 2007-12-19 19:40 -------- d-----w- c:\program files\iWin.com
2009-12-06 01:27 . 2009-10-10 18:28 -------- d-----w- c:\users\The Dents\AppData\Roaming\LimeWire
2009-12-01 21:48 . 2007-08-17 09:36 -------- d-----w- c:\programdata\McAfee
2009-11-27 04:42 . 2009-06-19 20:39 -------- d-----w- c:\users\The Dents\AppData\Roaming\IMVU
2009-11-24 15:26 . 2008-07-11 23:08 -------- d-----w- c:\program files\RealArcade
2009-11-24 15:23 . 2009-07-15 23:04 -------- d-----w- c:\programdata\Norton
2009-11-24 15:23 . 2007-09-06 03:05 -------- d-----w- c:\program files\Norton Security Scan
2009-11-23 19:29 . 2007-08-17 09:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 06:40 . 2009-12-10 04:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 04:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 04:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 04:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 00:00 . 2009-07-17 23:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-20 21:56 . 2009-11-19 02:41 65536 ----a-r- c:\users\The Dents\AppData\Roaming\Microsoft\Installer\{E434580A-2D4A-4433-A81E-4BCAE86AD148}\NewShortcut6.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2009-11-20 21:56 . 2009-11-19 02:41 65536 ----a-r- c:\users\The Dents\AppData\Roaming\Microsoft\Installer\{E434580A-2D4A-4433-A81E-4BCAE86AD148}\NewShortcut5.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2009-11-20 21:56 . 2009-11-19 02:41 65536 ----a-r- c:\users\The Dents\AppData\Roaming\Microsoft\Installer\{E434580A-2D4A-4433-A81E-4BCAE86AD148}\NewShortcut4.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2009-11-20 21:56 . 2009-11-19 02:41 65536 ----a-r- c:\users\The Dents\AppData\Roaming\Microsoft\Installer\{E434580A-2D4A-4433-A81E-4BCAE86AD148}\NewShortcut1.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2009-11-20 21:56 . 2009-11-19 02:41 49152 ----a-r- c:\users\The Dents\AppData\Roaming\Microsoft\Installer\{E434580A-2D4A-4433-A81E-4BCAE86AD148}\NewShortcut3.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2009-11-19 03:34 . 2009-11-19 03:34 -------- d-----w- c:\users\The Dents\AppData\Roaming\Arcsoft
2009-11-19 03:19 . 2009-11-19 03:19 -------- d-----w- c:\programdata\QuickTime
2009-11-19 02:45 . 2009-11-19 02:45 -------- d-----w- c:\programdata\HotSync
2009-11-19 02:38 . 2009-11-19 02:38 -------- d-----w- c:\users\The Dents\AppData\Roaming\HotSync
2009-11-19 02:38 . 2009-11-19 02:44 53248 ----a-w- c:\windows\PalmDevC.dll
2009-11-19 01:21 . 2008-11-18 20:19 -------- d-----w- c:\users\The Dents\AppData\Roaming\Artogon
2009-11-18 13:39 . 2009-11-18 13:39 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 13:38 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 13:38 . 2009-11-18 13:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 13:38 . 2009-11-18 13:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-18 05:14 . 2008-12-04 00:16 -------- d-----w- c:\programdata\Alawar Stargaze
2009-11-14 21:39 . 2008-10-09 16:08 -------- d-----w- c:\users\The Dents\AppData\Roaming\Playrix Entertainment
2009-11-14 06:11 . 2009-11-14 06:10 -------- d-----w- c:\program files\Big City Adventure - New York City
2009-11-12 02:05 . 2008-09-28 03:20 -------- d-----w- c:\users\The Dents\AppData\Roaming\funkitron
2009-11-12 00:37 . 2009-11-12 00:37 -------- d-----w- c:\users\The Dents\AppData\Roaming\blg
2009-11-12 00:37 . 2009-11-12 00:37 -------- d-----w- c:\programdata\blg
2009-11-10 04:06 . 2009-11-10 04:06 -------- d-----w- c:\users\The Dents\AppData\Roaming\Lazy Turtle Games
2009-11-10 02:16 . 2008-09-28 01:23 46128 ----a-w- c:\programdata\iWin Games\firefox\iWinArcadeLauncher.exe
2009-11-10 02:05 . 2008-08-20 21:12 -------- d-----w- c:\users\The Dents\AppData\Roaming\Yahoo!
2009-11-06 05:35 . 2009-09-20 02:49 -------- d-----w- c:\users\The Dents\AppData\Roaming\Merscom
2009-11-06 05:35 . 2009-09-20 02:49 -------- d-----w- c:\programdata\Merscom
2009-11-04 03:03 . 2009-11-04 03:01 -------- d-----w- c:\users\The Dents\AppData\Roaming\TitanicMystery
2009-11-04 03:02 . 2009-11-04 03:02 -------- d-----w- c:\programdata\1912 Titanic Mystery
2009-11-03 04:15 . 2009-11-03 04:15 -------- d-----w- c:\programdata\GameHouse
2009-11-03 02:42 . 2009-10-09 13:07 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 15:34 . 2008-01-03 00:50 -------- d-----w- c:\programdata\Yahoo! Companion
2009-11-02 15:34 . 2007-08-17 09:42 -------- d-----w- c:\program files\Yahoo!
2009-11-01 03:19 . 2009-10-31 20:41 -------- d-----w- c:\program files\Playalot Games
2009-11-01 03:17 . 2008-01-19 03:47 -------- d-----w- c:\program files\Oberon Media
2009-10-31 23:17 . 2008-01-19 08:01 -------- d-----w- c:\programdata\JollyBear
2009-10-31 20:58 . 2009-10-31 20:56 -------- d-----w- c:\program files\iTunes
2009-10-31 20:57 . 2009-10-31 20:57 -------- d-----w- c:\program files\iPod
2009-10-31 20:57 . 2007-10-28 00:19 -------- d-----w- c:\program files\Common Files\Apple
2009-10-31 20:48 . 2009-10-31 20:48 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 20:45 . 2008-07-15 00:18 -------- d-----w- c:\users\The Dents\AppData\Roaming\SpinTop Games
2009-10-31 20:43 . 2009-10-31 20:43 64 ----a-w- c:\windows\GPlrLanc.dat
2009-10-31 20:43 . 2009-10-31 20:43 -------- d-----w- c:\programdata\Free Ride Games
2009-10-31 20:43 . 2009-10-31 20:43 -------- d-----w- c:\users\The Dents\AppData\Roaming\Titanium Gears
2009-10-28 05:15 . 2008-01-20 07:22 16 ----a-w- c:\windows\popcinfo.dat
2009-10-27 05:19 . 2009-10-27 05:19 -------- d-----w- c:\users\The Dents\AppData\Roaming\GTM_Bodie
2009-10-26 01:02 . 2008-02-23 16:44 -------- d-----w- c:\users\The Dents\AppData\Roaming\Big Fish Games
2009-10-24 16:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-24 16:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-24 16:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-24 16:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-24 16:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-24 16:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-23 16:25 . 2008-12-31 16:50 -------- d-----w- c:\programdata\Microsoft Help
2009-10-22 20:27 . 2008-01-20 00:47 -------- d-----w- c:\users\The Dents\AppData\Roaming\Flood Light Games
2009-10-22 20:27 . 2008-01-20 00:47 -------- d-----w- c:\programdata\Flood Light Games
2009-10-22 19:53 . 2009-09-17 00:56 -------- d-----w- c:\users\The Dents\AppData\Roaming\ERS G-Studio
2009-10-22 18:42 . 2009-10-22 18:41 -------- d-----w- c:\users\The Dents\AppData\Roaming\MissTeriTale3
2009-10-21 03:35 . 2009-04-16 02:50 -------- d-----w- c:\programdata\Meridian93
2009-10-21 03:34 . 2009-10-21 03:34 -------- d-----w- c:\users\The Dents\AppData\Roaming\art2
2009-10-21 03:34 . 2009-04-16 02:49 -------- d-----w- c:\users\The Dents\AppData\Roaming\Meridian93
2009-10-08 21:08 . 2009-11-18 13:25 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 13:25 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 13:25 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-07 11:36 . 2009-12-10 04:28 243712 ----a-w- c:\windows\system32\rastls.dll
2009-10-01 01:02 . 2009-11-18 13:26 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 13:27 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 13:26 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2007-08-17 17:12 . 2007-08-17 17:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"QuickPhrase"="c:\program files\TypingMaster\QuickPhrase\quickphrase.exe" [2008-11-18 638456]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-11-25 292824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-18 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 133912]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"HostManager"="c:\program files\Common Files\AOL\1189175660\ee\AOLSoftware.exe" [2006-09-26 50736]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 106496]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2007-05-08 205744]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2007-05-08 103344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpiralFrog"="c:\program files\SpiralFrog\Spiralfrog.exe" [2008-03-12 163128]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-12 455600]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" [2007-06-12 308144]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-02-03 54536]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-17 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-8-17 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d1,3c,2e,60,cc,54,ca,01

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [12/19/2007 1:03 PM 73728]
R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/1/2009 10:10 PM 93320]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/15/2009 8:24 PM 583640]
R2 Workshare Protect Service;Workshare Protect Service;"c:\program files\Workshare\Modules\Workshare.Protect.Service.SvcHost.exe" [9/11/2008 6:06 PM 36864]
S2 gupdate1ca002a258b101a;Google Update Service (gupdate1ca002a258b101a);c:\program files\Google\Update\GoogleUpdate.exe [7/8/2009 6:13 PM 133104]
S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdfserv.exe [5/29/2007 12:06 PM 99248]
S3 bcm;Beceem Communications Inc. Tarang3;c:\windows\System32\drivers\drxvi314.sys [12/3/2009 12:53 PM 233472]
S3 bcmbusctr;Beceem Devices' Enumerator Driver;c:\windows\System32\drivers\BcmBusCtr.sys [12/3/2009 12:53 PM 54784]
S3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\Clearwire\Connection Manager\ConAppsSvc.exe [1/27/2009 1:40 PM 124168]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [1/27/2009 1:40 PM 111880]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/18/2008 11:53 PM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Workshare Professional 5.21.9652.292]
2008-09-13 18:03 2338816 ----a-w- c:\program files\Workshare\Modules\WMConfigAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Workshare Protect Client]
2008-09-12 00:12 20480 ----a-w- c:\program files\Workshare\Modules\Workshare.Protect.UserInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm117MNUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\The Dents\AppData\Roaming\Mozilla\Firefox\Profiles\9mvim6w3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com//?fr=fp-yma3
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yma3&type=&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-PalmOneWMPURL - e:\english\essential_software\URL\URL.bat
HKCU-Run-PalmOneAutoRun - e:\english\essential_software\Software Essentials.exe
HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-19 11:30:21
ComboFix-quarantined-files.txt 2009-12-19 17:30

Pre-Run: 89,902,460,928 bytes free
Post-Run: 90,136,006,656 bytes free

- - End Of File - - D42BA1F2EFF242A676618DF399309E29
__________________
Pickleboo is offline  
Old 12-19-2009, 02:08 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,654
OS: XP SP3; Win7 32/64-bit



Hello again, Pickleboo. Please tell us how your system is behaving.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

I noticed you have Ask Toolbar installed.

Please read this and decide if you want to keep it >> http://www.benedelman.org/spyware/ask-toolbars/

You can uninstall it via Programs and Features in your Control Panel.

If you decide to uninstall it, please delete the following Folder if it still exists:

C:\Program Files\AskBarDis

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
DDS::
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm117MNUS

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

Folder::
c:\program files\LimeWire
c:\users\The Dents\AppData\Roaming\LimeWire
c:\program files\Common Files\Symantec Shared
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 17 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
  • Click Continue The page will refresh.
  • Click on the link to download Windows Offline Installation and Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start(or My Computer) > Control Panel and double-click on Programs and Features and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE, J2SE, Java(TM) SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop right-click on jre-6u17-windows-i586-p.exe and select Run as Administrator to install the newest version.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
    • Delete jre-6u17-windows-i586-p.exe from your desktop.
------------------------------------------------------

Please run this online scan to help look for remnants.

Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista, you must open the Web browser via a right-click using the Run as Administrator command.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at any Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected.
  • It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
Kaspersky report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-19-2009, 04:51 PM   #13
Registered Member
 
Join Date: Dec 2009
Posts: 21
OS: windows vista service pack 2



Hi Chemist-
The combofix.exe file does not have this logo on my desktop. When I drag the CFScript.txt file onto the combofix file I get a black box with a blinking white dash. The whole computer screen does not go black. What did I do wrong?
Pickleboo
__________________
Pickleboo is offline  
Old 12-19-2009, 06:11 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,654
OS: XP SP3; Win7 32/64-bit



Hello again, Pickleboo. You didn't do anything wrong.

Delete KittyFix.exe from your desktop.

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

Continue with the previous instructions.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-19-2009, 07:33 PM   #15
Registered Member
 
Join Date: Dec 2009
Posts: 21
OS: windows vista service pack 2



I downloaded combofix and there is still no logo. Should I delete the other combofix downloads? Do you want me to resend the log?
__________________
Pickleboo is offline  
Old 12-19-2009, 08:10 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,654
OS: XP SP3; Win7 32/64-bit



Quote:
Originally Posted by Pickleboo View Post
I downloaded combofix and there is still no logo.
I'm not having any trouble running ComboFix with those instructions on my machine.

Quote:
Should I delete the other combofix downloads?
Yes, delete any and all copies of ComboFix or KittyFix from your machine and re-download it again from the link in my previous post.

Quote:
Do you want me to resend the log?
What log?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-19-2009, 09:14 PM   #17
Registered Member
 
Join Date: Dec 2009
Posts: 21
OS: windows vista service pack 2



Hello Chemist - removed all Combofix files and already removed Kittyfix files. The file will not run now at all.
__________________
Pickleboo is offline  
Old 12-19-2009, 09:30 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,654
OS: XP SP3; Win7 32/64-bit



Quote:
Originally Posted by Pickleboo View Post
The file will not run now at all.
Please be more specific. Tell me what happens at every step. Error messages?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-19-2009, 10:32 PM   #19
Registered Member
 
Join Date: Dec 2009
Posts: 21
OS: windows vista service pack 2



Thanks for being so patient-
After it loads it will not run and it gives no message. It does nothing. Twice when I was trying to save it it gave me a blue screen and shut down. But it did that and then it loaded and ran but I did not have the logo.
__________________
Pickleboo is offline  
Old 12-19-2009, 10:50 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,654
OS: XP SP3; Win7 32/64-bit



Disable VirusScan.

Double-click ComboFix.exe and let me know what happens.

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 01:03 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts