# All web browsers keep crashing!!! Please help!



## poeticexposure00 (May 11, 2010)

Hi I cant get any of my web browsers to connect anymore. They all keep crashing. I did have AVG on my comp but i uninstalled it. Please help. Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:29 PM, on 5/10/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: (no name) - {F3FAF2F7-D2C0-4EA4-8DAD-B4B974371C1E} - C:\Windows\system32\ieuihandler.dll (file missing)
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [wben] "C:\Program Files\Starfield\Desktop Notifier\wben.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.4\ManyCam.exe"
O4 - Startup: IMVU.lnk = C:\Users\J.D\AppData\Roaming\IMVUClient\IMVUClient.exe
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10886 bytes


----------



## CatByte (Feb 24, 2009)

Hi,

Please do the following:


Open *HiJackThis*
Click on *Do a system scan only*
Check the boxes next to *ONLY* the entries listed below (if still present): 
*
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
*​
Close all windows except *Hijackthis* and click *Fix Checked*
Click *Yes* when prompted
Close HijackThis.

*NEXT*

Please download *DDS* from either of these links

*LINK 1* 
*LINK 2*

and save it to your *desktop.*

Disable any script blocking protection
 Double click *dds.pif* to run the tool. 
When done, two *DDS.txt's* will open. 
Save both reports to your *desktop.*
---------------------------------------------------
*Please include the contents of the following in your next reply:*

*DDS.txt*
*Attach.txt*.

*NEXT*









Download *GMER Rootkit Scanner *from *here* or *here*.

 Extract the contents of the zipped file to desktop. 
 Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent . 
 If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*.


_Click the image to enlarge it_

 In the right panel, you will see several boxes that have been checked. Uncheck the following ...
 IAT/EAT
 Drives/Partition other than Systemdrive (typically C:\) 
 Show All (don't miss this one)

 Then click the Scan button & wait for it to finish. 
 Once done click on the *[Save..]* button, and in the File name area, type in *"Gmer.txt"* or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in your reply.

_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries _


----------



## poeticexposure00 (May 11, 2010)

Thanks so much for helping. Okay I got up to everything but had problems with the gmer.

Once it was scanning it stopped at this (a few times it almost crashed giving me the blue screen). Here is a screen shot of the last thing i see.



I have attached the 2 logs for review.


----------



## CatByte (Feb 24, 2009)

Hi,

Please do the following:

Download *Combofix* from either of the links below, and save it to your desktop. 
*Link 1* 
*Link 2*

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - *Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here 

--------------------------------------------------------------------

Double click on *ComboFix.exe* & follow the prompts. 
When finished, it will produce a report for you. 
Please post the *C:\ComboFix.txt * for further review.


----------



## poeticexposure00 (May 11, 2010)

ComboFix 10-05-14.06 - J.D 05/15/2010 4:21.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3063.2193 [GMT -7:00]
Running from: c:\users\J.D\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
.

2010-05-15 11:30 . 2010-05-15 11:30 -------- d-----w- c:\users\J.D\AppData\Local\temp
2010-05-15 11:30 . 2010-05-15 11:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-15 11:30 . 2010-05-15 11:30 -------- d-----w- c:\users\KAM\AppData\Local\temp
2010-05-15 11:30 . 2010-05-15 11:30 -------- d-----w- c:\users\JUANITA\AppData\Local\temp
2010-05-14 00:18 . 2010-05-14 00:18 -------- d-----w- c:\users\Public\TECH GUYS
2010-05-04 06:31 . 2010-05-04 07:19 -------- d-----w- c:\program files\Perfect Uninstaller
2010-05-04 05:16 . 2010-05-04 05:19 8354440 ----a-w- c:\users\J.D\Firefox Setup 3.6.3.exe
2010-05-03 19:59 . 2010-05-03 19:59 3544656 ----a-w- c:\users\J.D\PerfectUninstaller_Setup.exe
2010-05-03 05:37 . 2010-05-03 05:37 -------- d-----w- c:\users\J.D\AppData\Local\VS Revo Group
2010-05-03 05:37 . 2009-12-30 19:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-03 05:37 . 2010-05-03 05:37 -------- d-----w- c:\program files\VS Revo Group
2010-05-03 05:36 . 2010-05-03 05:36 6948336 ----a-w- c:\users\Public\RevoUninProSetup.exe
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\searchplugins
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\dictionaries
2010-05-02 10:17 . 2010-05-08 06:30 -------- d-----w- c:\users\J.D\res
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\modules
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\greprefs
2010-05-02 10:17 . 2010-05-08 06:29 -------- d-----w- c:\users\J.D\components
2010-05-02 10:17 . 2010-05-08 06:29 -------- d-----w- c:\users\J.D\chrome
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\uninstall
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\defaults
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\extensions
2010-05-02 09:06 . 2010-05-02 09:06 52224 ----a-w- c:\users\KAM\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-02 09:05 . 2010-05-02 09:06 117760 ----a-w- c:\users\KAM\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-02 09:04 . 2010-05-02 09:04 -------- d-----w- c:\users\KAM\AppData\Roaming\SUPERAntiSpyware.com
2010-05-02 08:27 . 2010-05-02 08:27 -------- d-----w- c:\program files\Bonjour
2010-05-02 08:23 . 2010-05-02 08:23 31647016 ----a-w- c:\users\J.D\SafariSetup.exe
2010-05-01 02:48 . 2010-05-01 02:48 -------- d-----w- c:\programdata\Palo Alto Software(683)
2010-05-01 02:48 . 2010-05-01 02:48 -------- d-----w- c:\program files\Common Files\Palo Alto Software(312)
2010-04-29 08:24 . 2010-05-08 06:30 -------- d-----w- c:\users\J.D\TalentBuyerPro
2010-04-29 07:48 . 2010-05-08 06:30 -------- d-----w- c:\users\Public\TB PRO3
2010-04-29 07:47 . 2010-04-29 07:47 -------- d-----w- c:\users\J.D\my_account_member.php_files
2010-04-28 08:58 . 2010-04-28 08:58 -------- d-----w- c:\users\J.D\BLURi - Music News, World News, Entertainment News, Sports News, Business News, Political News_files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 21:20 . 2008-09-09 00:14 -------- d-----w- c:\users\J.D\AppData\Roaming\FileZilla
2010-05-14 21:16 . 2009-10-13 23:02 -------- d-----w- c:\users\J.D\AppData\Roaming\Skype
2010-05-14 08:01 . 2008-06-21 22:22 -------- d-----w- c:\users\J.D\AppData\Roaming\Spare Backup
2010-05-14 01:08 . 2008-09-03 04:57 1356 ----a-w- c:\users\J.D\AppData\Local\d3d9caps.dat
2010-05-11 23:22 . 2007-08-25 16:52 -------- d-----w- c:\programdata\Microsoft Help
2010-05-07 22:05 . 2008-08-05 01:05 -------- d-----w- c:\users\KAM\AppData\Roaming\LimeWire
2010-05-07 22:05 . 2008-06-28 03:40 -------- d-----w- c:\users\JUANITA\AppData\Roaming\LimeWire
2010-05-07 22:05 . 2008-06-28 03:37 -------- d-----w- c:\users\J.D\AppData\Roaming\LimeWire
2010-05-07 22:05 . 2008-06-28 03:36 -------- d-----w- c:\program files\LimeWire
2010-05-06 17:36 . 2009-10-02 17:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 09:31 . 2009-07-16 04:30 -------- d-----w- c:\users\J.D\AppData\Roaming\SUPERAntiSpyware.com
2010-05-04 09:30 . 2009-07-16 04:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-04 09:04 . 2010-02-27 04:40 -------- d-----w- c:\program files\Panda Security
2010-05-04 08:59 . 2008-06-27 06:00 -------- d-----w- c:\program files\Common Files\Apple
2010-05-04 05:26 . 2010-04-13 06:49 -------- d-----w- c:\programdata\Palo Alto Software
2010-05-04 02:32 . 2009-07-25 23:40 -------- d-----w- c:\program files\AVS4YOU
2010-05-03 22:24 . 2009-10-30 21:43 -------- d-----w- c:\programdata\CanonIJPLM
2010-05-03 18:57 . 2010-03-16 10:59 0 ----a-w- c:\users\J.D\AppData\Local\prvlcl.dat
2010-05-03 06:14 . 2008-06-27 06:05 -------- d-----w- c:\program files\iTunes
2010-05-03 06:01 . 2010-04-13 06:49 -------- d-----w- c:\program files\Palo Alto Software
2010-05-03 05:51 . 2008-10-30 08:56 -------- d-----w- c:\users\J.D\AppData\Roaming\Flock
2010-05-03 05:47 . 2008-10-09 05:42 -------- d-----w- c:\program files\iPod
2010-05-03 04:53 . 2007-08-25 16:55 -------- d-----w- c:\program files\Google
2010-05-02 09:05 . 2008-06-21 22:16 168248 ----a-w- c:\users\KAM\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-02 08:28 . 2008-06-28 03:50 -------- d-----w- c:\users\J.D\AppData\Roaming\Apple Computer
2010-05-01 23:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-01 07:53 . 2008-09-17 01:30 -------- d-----w- c:\users\J.D\AppData\Roaming\IMVU
2010-04-13 05:53 . 2007-08-25 16:59 -------- d-----w- c:\programdata\WildTangent
2010-04-13 05:53 . 2007-08-25 16:59 -------- d-----w- c:\program files\Gateway Games
2010-04-13 05:18 . 2010-04-13 05:18 -------- d-----w- c:\programdata\PAS
2010-04-05 22:42 . 2010-04-05 22:42 -------- d-----w- c:\users\J.D\AppData\Roaming\EATCAM
2010-04-05 22:28 . 2010-04-05 22:27  -------- d-----w- c:\users\J.D\AppData\Roaming\WebCam Recorder
2010-04-05 22:27 . 2010-04-05 22:27 -------- d-----w- c:\program files\Solent
2010-04-05 22:22 . 2010-04-05 22:22 7358 ----a-r- c:\users\J.D\AppData\Roaming\Microsoft\Installer\{998F2DE0-3128-43B7-9A1C-D85A339659A9}\_69525f90.exe
2010-04-05 22:22 . 2010-04-05 22:22 7358 ----a-r- c:\users\J.D\AppData\Roaming\Microsoft\Installer\{998F2DE0-3128-43B7-9A1C-D85A339659A9}\_2cd672ae.exe
2010-04-05 22:22 . 2010-04-05 22:22 7358 ----a-r- c:\users\J.D\AppData\Roaming\Microsoft\Installer\{998F2DE0-3128-43B7-9A1C-D85A339659A9}\_16496df1.exe
2010-04-05 22:12 . 2010-04-05 21:55 -------- d-----w- c:\users\J.D\AppData\Roaming\ManyCam
2010-04-05 21:55 . 2010-04-05 21:55 -------- d-----w- c:\program files\Ask.com
2010-04-04 10:33 . 2010-04-04 10:33 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-24 02:40 . 2008-06-21 22:22 168248 ----a-w- c:\users\J.D\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-11 03:21 . 2010-03-11 03:23 38784 ----a-w- c:\users\J.D\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-11 03:21 . 2010-03-11 03:23 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-09 16:54 . 2010-04-03 17:22 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:54 . 2010-04-03 17:22 832512 ----a-w- c:\windows\system32\wininet(2041).dll
2010-03-09 16:54 . 2010-04-03 17:22 1168384 ----a-w- c:\windows\system32\urlmon(2033).dll
2010-03-09 16:50 . 2010-04-03 17:22 268288 ----a-w- c:\windows\system32\iertutil(1730).dll
2010-03-09 16:50 . 2010-04-03 17:22 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50 . 2010-04-03 17:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:50 . 2010-04-03 17:22 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-03-09 16:48 . 2010-04-03 17:22 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17 . 2010-04-03 17:22 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43 . 2010-04-03 17:22 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-04 20:46 . 2010-03-04 20:46 12464 ----a-w- c:\windows\system32\avgrsstx(1689).dll
2010-03-04 19:24 . 2010-04-14 08:38 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 13:14 . 2010-04-14 08:38 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 13:14 . 2010-04-14 08:38 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 13:14 . 2010-04-14 08:38 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-18 14:54 . 2010-04-14 08:38 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:54 . 2010-04-14 08:38 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:22 . 2010-04-14 08:38 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-02-18 14:19 . 2010-04-14 08:38 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 12:05 . 2010-04-14 08:38 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 12:04 . 2010-04-14 08:38 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-02-18 12:04 . 2010-04-14 08:38 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-18 12:04 . 2010-04-14 08:38 15360  ----a-w- c:\windows\system32\drivers\TUNMP.SYS
.

((((((((((((((((((((((((((((( [email protected]_07.00.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-12 00:05 . 2010-05-14 08:00 64384 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-05-08 06:47 77312 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-05-14 08:00 77312 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 23:55 . 2010-05-14 02:00 11276 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2733014286-607279091-1391130181-1002_UserData.bin
- 2007-10-22 21:05 . 2010-05-06 11:49 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-22 21:05 . 2010-05-14 08:59 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-22 21:05 . 2010-05-14 08:59 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-10-22 21:05 . 2010-05-06 11:49 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-12 23:04 . 2010-05-05 19:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-12 23:04 . 2010-05-14 01:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-12 23:04 . 2010-05-14 01:22 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-12 23:04 . 2010-05-05 19:47 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-12 23:04 . 2010-05-14 01:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-12 23:04 . 2010-05-05 19:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-15 04:28 . 2010-05-15 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-08 06:45 . 2010-05-08 06:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-15 04:28 . 2010-05-15 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-08 06:45 . 2010-05-08 06:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-10-23 14:59 . 2010-05-15 11:13 321108 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2010-05-15 04:34 621314 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-08 06:52 621314 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-08 06:52 104662 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-05-15 04:34 104662 c:\windows\System32\perfc009.dat
+ 2009-07-04 08:48 . 2010-05-09 21:01 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
- 2009-07-04 08:48 . 2010-03-01 21:16 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-10-22 21:05 . 2010-05-06 11:49 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-22 21:05 . 2010-05-14 08:59 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-28 21:57 . 2010-03-01 21:20 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2007-12-28 21:57 . 2010-05-09 21:01 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2007-12-28 21:56 . 2010-05-09 21:01 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2007-12-28 21:56 . 2010-03-01 21:16 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2010-02-27 13:49 . 2006-11-28 23:23 573440 c:\windows\gmer.exe
+ 2010-02-27 13:49 . 2006-11-28 22:23 573440 c:\windows\gmer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2009-08-06 03:30 2215960 ----a-w- c:\program files\TorrentMan\tbTor0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 23:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2009-08-06 2215960]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2009-08-06 2215960]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"wben"="c:\program files\Starfield\Desktop Notifier\wben.exe" [2009-06-25 338456]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25626408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2005-03-17 970752]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2010-03-03 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-13 5252936]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2005-10-26 61440]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-11-03 684712]
"EzPrint"="c:\program files\Lexmark 5600-6600 Series\ezprint.exe" [2008-11-03 131752]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-04 40072]

c:\users\EBLAZE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-2 344064]

c:\users\JUANITA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\J.D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IMVU.lnk - c:\users\J.D\AppData\Roaming\IMVUClient\IMVUClient.exe [2009-5-7 49920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Palo Alto Software Update Manager 9.0.lnk - c:\program files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI5"=diomidi.dll
"wave1"=Digi32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2005-10-26 105472]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2005-10-26 16384]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-10 33792]

.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 06:38]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 06:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\J.D\AppData\Roaming\Mozilla\Firefox\Profiles\yomtea9x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=14306&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC&o=14304&locale=en_US&q=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
.reg=Regedit.Document
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 04:30
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\J.D\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x8C05D8C8]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x83389d1f
\Driver\ACPI -> acpi.sys @ 0x804699d6
\Driver\atapi -> atapi.sys @ 0x807a299c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK 
copy of MBR has been found in sector 60 !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2733014286-607279091-1391130181-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28F025CB-88A7-431D-4140-AB0D0A073761}*]
"hakpmmlbfeffokam"=hex:69,61,67,67,6f,66,63,69,6a,65,69,70,6e,66,64,67,65,6b,
00,00
"iaabghjndaingbimml"=hex:63,61,67,67,62,66,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-15 04:34:51
ComboFix-quarantined-files.txt 2010-05-15 11:34
ComboFix2.txt 2010-05-08 07:06
ComboFix3.txt 2010-03-01 21:24
ComboFix4.txt 2010-02-27 13:22

Pre-Run: 128,927,227,904 bytes free
Post-Run: 130,910,404,608 bytes free

- - End Of File - - 888A5C41A630EF4376A9161E0763F958


----------



## CatByte (Feb 24, 2009)

Hi,

That was the third run of combofix, can you please post the logs from the first two runs, they can be located at C:\qoobox\combofix2.txt and c\qoobox\combofix3.txt


----------



## poeticexposure00 (May 11, 2010)

Okay Sorry I had a huge event this weekend. Here is ComboFix 2 & 3


----------



## CatByte (Feb 24, 2009)

Hi,

Please do the following:


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. 
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

*Copy/paste the text inside the Codebox below into notepad:*

Here's how to do that:
Click* Start > Run* type *Notepad* click *OK.*
This will open an empty notepad file:

*Copy* all the text *inside of the code box* - *Press Ctrl+C* (or right click on the highlighted section and choose 'copy')


```
TDL::
c:\windows\system32\drivers\atapi.sys

DDS::
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555

Files::
c:\users\J.D\AppData\Local\prvlcl.dat
```
Now *paste* the copied text into the open notepad - press *CTRL+V* (or right click and choose 'paste')
*
Save this file to your desktop, Save this as "CFScript"*

Here's how to do that:

1.Click *File*;
2.Click *Save As*... Change the directory to your *desktop*;
3.Change the* Save as type* to *"All Files";*
4.Type in the file name: *CFScript*
5.Click *Save ...*










Referring to the *screenshot* above, *drag CFScript.txt* into *ComboFix.exe.*
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. 
*Copy and paste the contents of the log in your next reply.*

CAUTION: *Do not* mouse-click ComboFix's window while it is running. That may cause it to stall.


----------



## poeticexposure00 (May 11, 2010)

Here is the log that popped up:

ComboFix 10-05-14.06 - J.D 05/18/2010 16:46:28.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3063.2275 [GMT -7:00]
Running from: c:\users\J.D\Desktop\ComboFix.exe
Command switches used :: c:\users\Public\TECH GUYS\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-04-19 to 2010-05-19 )))))))))))))))))))))))))))))))
.

2010-05-18 23:53 . 2010-05-19 00:31 -------- d-----w- c:\users\J.D\AppData\Local\temp
2010-05-18 23:53 . 2010-05-18 23:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-18 23:53 . 2010-05-18 23:53 -------- d-----w- c:\users\KAM\AppData\Local\temp
2010-05-18 23:53 . 2010-05-18 23:53 -------- d-----w- c:\users\JUANITA\AppData\Local\temp
2010-05-18 23:53 . 2010-05-18 23:53 -------- d-----w- c:\users\EBLAZE\AppData\Local\temp
2010-05-18 23:53 . 2010-05-18 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-18 23:53 . 2010-05-18 23:53 -------- d-----w- c:\users\AppData\AppData\Local\temp
2010-05-14 00:18 . 2010-05-18 23:46 -------- d-----w- c:\users\Public\TECH GUYS
2010-05-04 06:31 . 2010-05-04 07:19 -------- d-----w- c:\program files\Perfect Uninstaller
2010-05-04 05:16 . 2010-05-04 05:19 8354440 ----a-w- c:\users\J.D\Firefox Setup 3.6.3.exe
2010-05-03 19:59 . 2010-05-03 19:59 3544656 ----a-w- c:\users\J.D\PerfectUninstaller_Setup.exe
2010-05-03 05:37 . 2010-05-03 05:37 -------- d-----w- c:\users\J.D\AppData\Local\VS Revo Group
2010-05-03 05:37 . 2009-12-30 19:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-03 05:37 . 2010-05-03 05:37 -------- d-----w- c:\program files\VS Revo Group
2010-05-03 05:36 . 2010-05-03 05:36 6948336 ----a-w- c:\users\Public\RevoUninProSetup.exe
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\searchplugins
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\dictionaries
2010-05-02 10:17 . 2010-05-08 06:30 -------- d-----w- c:\users\J.D\res
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\modules
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\greprefs
2010-05-02 10:17 . 2010-05-08 06:29 -------- d-----w- c:\users\J.D\components
2010-05-02 10:17 . 2010-05-08 06:29 -------- d-----w- c:\users\J.D\chrome
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\uninstall
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\defaults
2010-05-02 10:17 . 2010-05-02 10:17 -------- d-----w- c:\users\J.D\extensions
2010-05-02 09:04 . 2010-05-02 09:04 -------- d-----w- c:\users\KAM\AppData\Roaming\SUPERAntiSpyware.com
2010-05-02 08:27 . 2010-05-02 08:27 -------- d-----w- c:\program files\Bonjour
2010-05-02 08:23 . 2010-05-02 08:23 31647016 ----a-w- c:\users\J.D\SafariSetup.exe
2010-05-01 02:48 . 2010-05-01 02:48 -------- d-----w- c:\programdata\Palo Alto Software(683)
2010-05-01 02:48 . 2010-05-01 02:48 -------- d-----w- c:\program files\Common Files\Palo Alto Software(312)
2010-04-29 08:24 . 2010-05-08 06:30 -------- d-----w- c:\users\J.D\TalentBuyerPro
2010-04-29 07:48 . 2010-05-08 06:30 -------- d-----w- c:\users\Public\TB PRO3
2010-04-29 07:47 . 2010-04-29 07:47 -------- d-----w- c:\users\J.D\my_account_member.php_files
2010-04-28 08:58 . 2010-04-28 08:58 -------- d-----w- c:\users\J.D\BLURi - Music News, World News, Entertainment News, Sports News, Business News, Political News_files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 22:20 . 2008-09-09 00:14 -------- d-----w- c:\users\J.D\AppData\Roaming\FileZilla
2010-05-14 21:16 . 2009-10-13 23:02 -------- d-----w- c:\users\J.D\AppData\Roaming\Skype
2010-05-14 08:01 . 2008-06-21 22:22 -------- d-----w- c:\users\J.D\AppData\Roaming\Spare Backup
2010-05-14 01:08 . 2008-09-03 04:57 1356 ----a-w- c:\users\J.D\AppData\Local\d3d9caps.dat
2010-05-11 23:22 . 2007-08-25 16:52 -------- d-----w- c:\programdata\Microsoft Help
2010-05-07 22:05 . 2008-08-05 01:05 -------- d-----w- c:\users\KAM\AppData\Roaming\LimeWire
2010-05-07 22:05 . 2008-06-28 03:40 -------- d-----w- c:\users\JUANITA\AppData\Roaming\LimeWire
2010-05-07 22:05 . 2008-06-28 03:37 -------- d-----w- c:\users\J.D\AppData\Roaming\LimeWire
2010-05-07 22:05 . 2008-06-28 03:36 -------- d-----w- c:\program files\LimeWire
2010-05-06 17:36 . 2009-10-02 17:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 09:31 . 2009-07-16 04:30 -------- d-----w- c:\users\J.D\AppData\Roaming\SUPERAntiSpyware.com
2010-05-04 09:30 . 2009-07-16 04:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-04 09:04 . 2010-02-27 04:40 -------- d-----w- c:\program files\Panda Security
2010-05-04 08:59 . 2008-06-27 06:00 -------- d-----w- c:\program files\Common Files\Apple
2010-05-04 05:26 . 2010-04-13 06:49 -------- d-----w- c:\programdata\Palo Alto Software
2010-05-04 02:32 . 2009-07-25 23:40 -------- d-----w- c:\program files\AVS4YOU
2010-05-03 22:24 . 2009-10-30 21:43 -------- d-----w- c:\programdata\CanonIJPLM
2010-05-03 18:57 . 2010-03-16 10:59 0 ----a-w- c:\users\J.D\AppData\Local\prvlcl.dat
2010-05-03 06:14 . 2008-06-27 06:05 -------- d-----w- c:\program files\iTunes
2010-05-03 06:01 . 2010-04-13 06:49 -------- d-----w- c:\program files\Palo Alto Software
2010-05-03 05:51 . 2008-10-30 08:56 -------- d-----w- c:\users\J.D\AppData\Roaming\Flock
2010-05-03 05:47 . 2008-10-09 05:42 -------- d-----w- c:\program files\iPod
2010-05-03 04:53 . 2007-08-25 16:55 -------- d-----w- c:\program files\Google
2010-05-02 09:06 . 2010-05-02 09:06 52224 ----a-w- c:\users\KAM\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-02 09:06 . 2010-05-02 09:05 117760 ----a-w- c:\users\KAM\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-02 09:05 . 2008-06-21 22:16 168248 ----a-w- c:\users\KAM\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-02 08:28 . 2008-06-28 03:50 -------- d-----w- c:\users\J.D\AppData\Roaming\Apple Computer
2010-05-01 23:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-01 07:53 . 2008-09-17 01:30 -------- d-----w- c:\users\J.D\AppData\Roaming\IMVU
2010-04-13 05:53 . 2007-08-25 16:59 -------- d-----w- c:\programdata\WildTangent
2010-04-13 05:53 . 2007-08-25 16:59 -------- d-----w- c:\program files\Gateway Games
2010-04-13 05:18 . 2010-04-13 05:18 -------- d-----w- c:\programdata\PAS
2010-04-05 22:42 . 2010-04-05 22:42 -------- d-----w- c:\users\J.D\AppData\Roaming\EATCAM
2010-04-05 22:28 . 2010-04-05 22:27 -------- d-----w- c:\users\J.D\AppData\Roaming\WebCam Recorder
2010-04-05 22:27 . 2010-04-05 22:27 -------- d-----w- c:\program files\Solent
2010-04-05 22:22 . 2010-04-05 22:22 7358 ----a-r- c:\users\J.D\AppData\Roaming\Microsoft\Installer\{998F2DE0-3128-43B7-9A1C-D85A339659A9}\_69525f90.exe
2010-04-05 22:22 . 2010-04-05 22:22 7358 ----a-r- c:\users\J.D\AppData\Roaming\Microsoft\Installer\{998F2DE0-3128-43B7-9A1C-D85A339659A9}\_2cd672ae.exe
2010-04-05 22:22 . 2010-04-05 22:22 7358 ----a-r- c:\users\J.D\AppData\Roaming\Microsoft\Installer\{998F2DE0-3128-43B7-9A1C-D85A339659A9}\_16496df1.exe
2010-04-05 22:12 . 2010-04-05 21:55 -------- d-----w- c:\users\J.D\AppData\Roaming\ManyCam
2010-04-05 21:55 . 2010-04-05 21:55 -------- d-----w- c:\program files\Ask.com
2010-04-04 10:33 . 2010-04-04 10:33 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-24 02:40 . 2008-06-21 22:22 168248 ----a-w- c:\users\J.D\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-11 03:21 . 2010-03-11 03:23 38784 ----a-w- c:\users\J.D\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-11 03:21 . 2010-03-11 03:23 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-09 16:54 . 2010-04-03 17:22 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:54 . 2010-04-03 17:22 832512 ----a-w- c:\windows\system32\wininet(2041).dll
2010-03-09 16:54 . 2010-04-03 17:22 1168384 ----a-w- c:\windows\system32\urlmon(2033).dll
2010-03-09 16:50 . 2010-04-03 17:22 268288 ----a-w- c:\windows\system32\iertutil(1730).dll
2010-03-09 16:50 . 2010-04-03 17:22 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50 . 2010-04-03 17:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:50 . 2010-04-03 17:22 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-03-09 16:48 . 2010-04-03 17:22 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17 . 2010-04-03 17:22 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43 . 2010-04-03 17:22 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-04 20:46 . 2010-03-04 20:46 12464 ----a-w- c:\windows\system32\avgrsstx(1689).dll
2010-03-04 19:24 . 2010-04-14 08:38 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 13:14 . 2010-04-14 08:38 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 13:14 . 2010-04-14 08:38 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 13:14 . 2010-04-14 08:38 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-18 14:54 . 2010-04-14 08:38 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:54 . 2010-04-14 08:38 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:22 . 2010-04-14 08:38 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-02-18 14:19 . 2010-04-14 08:38 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 12:05 . 2010-04-14 08:38 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 12:04 . 2010-04-14 08:38 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-02-18 12:04 . 2010-04-14 08:38 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-18 12:04 . 2010-04-14 08:38 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
.

((((((((((((((((((((((((((((( [email protected]_07.00.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-12 00:05 . 2010-05-19 00:33 64810 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-05-08 06:47 77312 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-05-18 23:47 77312 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 23:55 . 2010-05-18 23:47 11292 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2733014286-607279091-1391130181-1002_UserData.bin
- 2007-10-22 21:05 . 2010-05-06 11:49 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-22 21:05 . 2010-05-18 05:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-22 21:05 . 2010-05-18 05:57 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-10-22 21:05 . 2010-05-06 11:49 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-12 23:04 . 2010-05-05 19:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-12 23:04 . 2010-05-14 01:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-12 23:04 . 2010-05-14 01:22 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-12 23:04 . 2010-05-05 19:47 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-12 23:04 . 2010-05-05 19:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-11-12 23:04 . 2010-05-14 01:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-28 21:09 . 2010-05-18 23:53 7122 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2010-05-08 06:45 . 2010-05-08 06:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-18 23:54 . 2010-05-18 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-08 06:45 . 2010-05-08 06:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-18 23:54 . 2010-05-18 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-10-23 14:59 . 2010-05-19 00:31 321108 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2010-05-19 00:00 621314 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-08 06:52 621314 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-08 06:52 104662 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-05-19 00:00 104662 c:\windows\System32\perfc009.dat
+ 2009-07-04 08:48 . 2010-05-09 21:01 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
- 2009-07-04 08:48 . 2010-03-01 21:16 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-10-22 21:05 . 2010-05-06 11:49 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-22 21:05 . 2010-05-18 05:57 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-28 21:57 . 2010-03-01 21:20 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2007-12-28 21:57 . 2010-05-09 21:01 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2007-12-28 21:56 . 2010-03-01 21:16 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2007-12-28 21:56 . 2010-05-09 21:01 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2010-02-27 13:49 . 2006-11-28 23:23 573440 c:\windows\gmer.exe
+ 2010-02-27 13:49 . 2006-11-28 22:23 573440 c:\windows\gmer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2009-08-06 03:30 2215960 ----a-w- c:\program files\TorrentMan\tbTor0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 23:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2009-08-06 2215960]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2009-08-06 2215960]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"wben"="c:\program files\Starfield\Desktop Notifier\wben.exe" [2009-06-25 338456]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25626408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2005-03-17 970752]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2010-03-03 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-13 5252936]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2005-10-26 61440]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-11-03 684712]
"EzPrint"="c:\program files\Lexmark 5600-6600 Series\ezprint.exe" [2008-11-03 131752]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

c:\users\EBLAZE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-2 344064]

c:\users\JUANITA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\J.D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IMVU.lnk - c:\users\J.D\AppData\Roaming\IMVUClient\IMVUClient.exe [2009-5-7 49920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Palo Alto Software Update Manager 9.0.lnk - c:\program files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI5"=diomidi.dll
"wave1"=Digi32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 133104]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2005-10-26 105472]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [2005-10-26 15488]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2005-10-26 15232]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
R3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys [x]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2005-10-26 16384]
S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 537520]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdcserv.exe [2007-05-25 99248]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2008-05-23 594600]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-10 33792]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

.
Contents of the 'Scheduled Tasks' folder

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 06:38]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 06:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\J.D\AppData\Roaming\Mozilla\Firefox\Profiles\yomtea9x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=14306&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC&o=14304&locale=en_US&q=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 17:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2733014286-607279091-1391130181-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28F025CB-88A7-431D-4140-AB0D0A073761}*]
"hakpmmlbfeffokam"=hex:69,61,67,67,6f,66,63,69,6a,65,69,70,6e,66,64,67,65,6b,
00,00
"iaabghjndaingbimml"=hex:63,61,67,67,62,66,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\spool\DRIVERS\W32X86\3\lxdcserv.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
.
**************************************************************************
.
Completion time: 2010-05-18 17:37:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-19 00:37
ComboFix2.txt 2010-05-15 11:34
ComboFix3.txt 2010-05-08 07:06
ComboFix4.txt 2010-03-01 21:24
ComboFix5.txt 2010-05-18 22:20

Pre-Run: 131,324,522,496 bytes free
Post-Run: 131,254,439,936 bytes free

- - End Of File - - 45FD9F1F1CA48F2AF0340A1CD2B84BDA


----------



## CatByte (Feb 24, 2009)

Hi,

Please do the following:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"* box on the top of the page:

*c:\users\J.D\AppData\Roaming\Microsoft\Installer\{998F2DE0-3128-43B7-9A1C-D85A339659A9}\_69525f90.exe*​
Click on the *Upload* button
If a pop-up appears saying the file has been scanned already, please select the *ReScan* button.
Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Please do the same for the following files:

*c:\users\J.D\AppData\Roaming\Microsoft\Installer\{998F2DE0-3128-43B7-9A1C-D85A339659A9}\_2cd672ae.exe
c:\users\J.D\AppData\Roaming\Microsoft\Installer\{998F2DE0-3128-43B7-9A1C-D85A339659A9}\_16496df1.exe*


----------



## poeticexposure00 (May 11, 2010)

VirSCAN.org Scanned Report :
Scanned time : 2010/05/18 20:13:05 (PDT)
Scanner results: Scanners did not find malware!
File Name : _16496df1.exe 
File Size : 7358 byte
File Type : MPEG sequence
MD5 : 86f4018ee121401c8480bcd4b1069994
SHA1 : 304607128736f8ea2ba89b2d7b0cc8ec6d33628d
Online report : http://virscan.org/report/75fd4c27e2395f112f4042c43e1d3ea0.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.7 20100519050149 2010-05-19 0.34 -
AhnLab V3 2010.05.18.01 2010.05.18 2010-05-18 1.12 -
AntiVir 8.2.1.242 7.10.7.130 2010-05-18 0.26 -
Antiy 2.0.18 20100519.4407137 2010-05-19 0.02 -
Arcavir 2009 201005181919 2010-05-18 0.02 -
Authentium 5.1.1 201005181630 2010-05-18 1.27 -
AVAST! 4.7.4 100518-1 2010-05-18 0.00 -
AVG 8.5.793 271.1.1/2882 2010-05-19 0.24 -
BitDefender 7.81008.5952446 7.31729 2010-05-19 3.78 -
ClamAV 0.95.3 11041 2010-05-19 0.01 -
Comodo 3.13.579 4877 2010-05-19 0.91 -
CP Secure 1.3.0.5 2010.05.19 2010-05-19 0.01 -
Dr.Web 5.0.2.3300 2010.05.19 2010-05-19 7.18 -
F-Prot 4.4.4.56 20100518 2010-05-18 1.26 -
F-Secure 7.02.73807 2010.05.18.05 2010-05-18 0.06 -
Fortinet 4.0.14 11.956 2010-05-18 0.14 -
GData 21.189/21.62 20100519 2010-05-19 6.84 -
ViRobot 20100518 2010.05.18 2010-05-18 0.41 -
Ikarus T3.1.01.84 2010.05.19.75891 2010-05-19 6.41 -
JiangMin 13.0.900 2010.05.18 2010-05-18 1.19 -
Kaspersky 5.5.10 2010.05.18 2010-05-18 0.03 -
KingSoft 2009.2.5.15 2010.5.19.9 2010-05-19 0.63 -
McAfee 5400.1158 5986 2010-05-18 0.02 -
Microsoft 1.5802 2010.05.18 2010-05-18 6.39 -
Norman 6.04.12 6.04.00 2010-05-18 6.01 -
Panda 9.05.01 2010.05.18 2010-05-18 1.66 -
Trend Micro 9.120-1004 7.178.03 2010-05-18 0.02 -
Quick Heal 10.00 2010.05.19 2010-05-19 1.52 -
Rising 20.0 22.48.01.02 2010-05-18 0.27 -
Sophos 3.07.1 4.53 2010-05-19 3.44 -
Sunbelt 3.9.2421.2 6318 2010-05-18 6.30 -
Symantec 1.3.0.24 20100518.004 2010-05-18 0.18 -
nProtect 20100518.01 8331855 2010-05-18 7.55 -
The Hacker 6.5.2.0 v00282 2010-05-17 0.35 -
VBA32 3.12.12.5 20100517.2043 2010-05-17 2.49 -
VirusBuster 4.5.11.10 10.126.37/2016414 2010-05-18 2.31 -

UPDATE: I have Internet Expolorer working now on this computer, but Mozilla Firefox is telling me this:



then it says this:


----------



## poeticexposure00 (May 11, 2010)

I'm driving to dallas. I will be back on tommorow night. Thanks soooo much for helping me.


----------



## CatByte (Feb 24, 2009)

Hi,

Did both the other files comeback clean as well from Virscan?

I would remove all traces of FireFox from your machine:
http://kb.mozillazine.org/Uninstalling_Firefox

then download a fresh copy and install it, see if it now works.

Please do the following:

Please download *Malwarebytes' Anti-Malware * 

Double Click *mbam-setup.exe* to install the application.
Make sure a *checkmark* is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click *Finish.*
If an update is found, it will download and install the latest version.
Once the program has loaded, select* "Perform Quick Scan"*, then click* Scan.*
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that everything is checked, and click *Remove Selected*. <-- very important
When disinfection is completed, a *log* will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. 


*NEXT*

**Vista users - right click on the IE icon and run as administrator

*Run an on-line scan with Kaspersky*

Using Internet Explorer or Firefox, visit *Kaspersky On-line Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions. 
*2.* To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan
*3.* Click *Run* at the Security prompt. 
The program will then begin downloading and installing and will also update the database. 
Please be patient as this can take several minutes. 

Once the update is complete, click on *My Computer* under the green *Scan* bar to the left to start the scan. 
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. 
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined. 
Click *View scan report* at the bottom.










 Click the *Save as Text* button to save the file to your desktop so that you may post it in your next reply


----------



## poeticexposure00 (May 11, 2010)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4131
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
5/22/2010 4:44:26 PM
mbam-log-2010-05-22 (16-44-26).txt
Scan type: Quick scan
Objects scanned: 163203
Time elapsed: 8 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\J.D\downloads\pdfcracker.exe (Hacktool.Agent) -> Quarantined and deleted successfully.

----------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, May 24, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, May 24, 2010 15:45:27
Records in database: 4169439
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Objects scanned: 404748
Threats found: 6
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 06:50:41

File name / Threat / Threats count
C:\Program Files\BitLord\Downloads\Business_Plan_Pro.By-ing\Business_Plan_Pro.By-ing\Business_Plan_Pro_2007_Premier\Business Plan Pro 2007 Premier Edition.exe Infected: Trojan.PHP.Turame.f 1
C:\Program Files\BitLord\Downloads\Business_Plan_Pro.By-ing.rar Infected: Trojan.PHP.Turame.f 1
C:\Program Files\BitLord\Downloads\Perfect Uninstaller 6.3.0\PerfectUninstaller_Setup.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Program Files\BitLord\Downloads\Total Video converter 3.12 full + Cracked 100% Working{H33T}{JOHNCANADUDE}\tvc.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Program Files\BitLord\Downloads\Webcam and Screen Recorder v4.4\wcsrsetup.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\atapi.sys.vir_ Infected: Rootkit.Win32.TDSS.u 1
C:\Users\J.D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\6eca6864-4837f41d Infected: Trojan-Downloader.Java.Agent.ab 1
C:\Users\J.D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-721da2ff Infected: Exploit.Java.Agent.f 1
C:\Users\J.D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-721da2ff Infected: Trojan-Downloader.Java.OpenStream.af 1
Selected area has been scanned.


----------



## CatByte (Feb 24, 2009)

Hi,

Please do the following:


Go to *Start->Run* and type in *notepad* and hit *OK.*
Then *copy and paste *the content of the following *codebox* into Notepad:


```
@echo off 
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in ( 
"C:\Program Files\BitLord\Downloads\Business_Plan_Pro.By-ing\Business_Plan_Pro.By-ing\Business_Plan_Pro_2007_Premier\Business Plan Pro 2007 Premier Edition.exe"
"C:\Program Files\BitLord\Downloads\Business_Plan_Pro.By-ing.rar"
"C:\Program Files\BitLord\Downloads\Perfect Uninstaller 6.3.0\PerfectUninstaller_Setup.exe"
"C:\Program Files\BitLord\Downloads\Total Video converter 3.12 full + Cracked 100% Working{H33T}{JOHNCANADUDE}\tvc.exe"
"C:\Program Files\BitLord\Downloads\Webcam and Screen Recorder v4.4\wcsrsetup.exe"
"C:\Users\J.D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\6eca6864-4837f41d"
"C:\Users\J.D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-721da2ff"
"C:\Users\J.D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-721da2ff"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
pause
del %0
```

Save the file to your *DESKTOP *as *"find.bat"*. Make sure to save it with the quotes. 
Once saved, the icon to click should look like this on your desktop:










Double click *find.bat.* to run it. A small black box should open and close - this is normal.
Let me know if it deletes successfully.

Please post a fresh DDS log and Attach.txt and advise how your computer is running now


----------



## poeticexposure00 (May 11, 2010)

It did successfully delete. I'm lost on this instruction:

"Please post a fresh DDS log and Attach.txt and advise how your computer is running now" 

*What is a DDS log?*
*Where do i find the Attach.txt?*


----------



## CatByte (Feb 24, 2009)

DDS was the first diagnostic program I asked you to run

http://forums.techguy.org/7383766-post2.html


----------



## poeticexposure00 (May 11, 2010)

*DDS*

DDS (Ver_10-03-17.01) - NTFSx86 
Run by J.D at 20:54:43.94 on Tue 05/25/2010
Internet Explorer: 7.0.6000.17037
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3063.930 [GMT -5:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdcserv.exe
C:\Windows\system32\lxdccoms.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\lxducoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
C:\Windows\vsnpstd3.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Users\J.D\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Users\J.D\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Users\J.D\Documents\JDW Clients\DJ Tribe\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTor0.dll
BHO: VirtualCamera IEMenu Class: {0246a1a7-820a-469a-85a7-7b7f01eb808c} - c:\program files\virtualcamera\VirtualCameraMenu.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTor0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: : {f3faf2f7-d2c0-4ea4-8dad-b4b974371c1e} - c:\windows\system32\ieuihandler.dll
TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTor0.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [wben] "c:\program files\starfield\desktop notifier\wben.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater\AdobeUpdater.exe
uRun: [ManyCam] "c:\program files\manycam 2.4\ManyCam.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [EzPrint] "c:\program files\lexmark 5600-6600 series\ezprint.exe"
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\j.d\appdata\roaming\micros~1\windows\startm~1\programs\startup\imvu.lnk - c:\users\j.d\appdata\roaming\imvuclient\IMVUClient.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paloal~2.lnk - c:\program files\common files\palo alto software\9.0\PAS9_Update.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2007-12-28 16384]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2007-5-25 99248]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-1 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-10-22 33792]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-23 133104]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2007-12-28 105472]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2007-12-28 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2007-12-28 15232]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-3 27192]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-28 167808]
============== File Associations ===============
.reg=Regedit.Document
=============== Created Last 30 ================
2010-05-24 06:14:23 736248 ----a-w- c:\users\j.d\pinkheadphones.jpg
2010-05-22 21:25:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-21 23:47:20 331436 ----a-w- c:\users\j.d\blaisperf.jpg
2010-05-21 05:19:29 66093742 ----a-w- c:\users\j.d\BrittanyaPrint.zip
2010-05-21 03:50:49 0 d-----w- c:\users\j.d\appdata\roaming\Dropbox
2010-05-21 01:53:24 3073252 ----a-w- c:\users\j.d\Phenomenal Woman.mp3
2010-05-20 20:46:02 0 d-----w- c:\program files\AltoMP3 Gold
2010-05-19 00:54:18 0 d-sh--w- C:\$RECYCLE.BIN
2010-05-14 21:26:50 98816 ----a-w- c:\windows\sed.exe
2010-05-14 21:26:50 77312 ----a-w- c:\windows\MBR.exe
2010-05-14 21:26:50 256512 ----a-w- c:\windows\PEV.exe
2010-05-14 21:26:50 161792 ----a-w- c:\windows\SWREG.exe
2010-05-06 11:50:29 38600 ----a-w- c:\users\j.d\86440316.jpg
2010-05-06 11:50:29 36301 ----a-w- c:\users\j.d\80484460.jpg
2010-05-06 11:50:29 27752 ----a-w- c:\users\j.d\82662308.jpg
2010-05-06 11:50:29 24298 ----a-w- c:\users\j.d\79336218.jpg
2010-05-06 11:50:29 24229 ----a-w- c:\users\j.d\sb10065023r-001.jpg
2010-05-06 11:50:29 16737 ----a-w- c:\users\j.d\79336296.jpg
2010-05-06 11:50:28 42145 ----a-w- c:\users\j.d\77188514.jpg
2010-05-06 11:50:28 29137 ----a-w- c:\users\j.d\77005765.jpg
2010-05-04 06:39:57 42 ----a-w- c:\windows\system32\Jiii_PNUCT.pnc
2010-05-04 06:31:19 0 d-----w- c:\program files\Perfect Uninstaller
2010-05-04 05:16:46 8354440 ----a-w- c:\users\j.d\Firefox Setup 3.6.3.exe
2010-05-03 20:01:42 42 ----a-w- c:\windows\system32\AK083E209605E394C.lie
2010-05-03 19:59:42 3544656 ----a-w- c:\users\j.d\PerfectUninstaller_Setup.exe
2010-05-03 05:37:19 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-03 05:37:17 0 d-----w- c:\program files\VS Revo Group
2010-05-02 08:27:03 0 d-----w- c:\program files\Bonjour
2010-05-02 08:23:19 31647016 ----a-w- c:\users\j.d\SafariSetup.exe
2010-05-01 03:30:24 68405 ----a-w- c:\users\j.d\BookingAgreement_May15.pdf
2010-05-01 03:30:24 348265 ----a-w- c:\users\j.d\BookingAgreement _ May15.pdf
2010-05-01 02:48:03 0 d-----w- c:\programdata\Palo Alto Software(683)
2010-05-01 02:48:01 0 d-----w- c:\program files\common files\Palo Alto Software(312)
2010-04-29 21:18:56 487913 ----a-w- c:\users\j.d\jdwad.jpg
2010-04-29 21:07:01 12337200 ----a-w- c:\users\j.d\jdwdesignad.psd
2010-04-29 08:24:46 0 d-----w- c:\users\j.d\TalentBuyerPro
2010-04-29 07:47:25 27540 ----a-w- c:\users\j.d\my_account_member.php.htm
2010-04-29 07:47:25 0 d-----w- c:\users\j.d\my_account_member.php_files
2010-04-28 08:58:22 75257 ----a-w- c:\users\j.d\BLURi - Music News, World News, Entertainment News, Sports News, Business News, Political News.htm
2010-04-28 08:58:22 0 d-----w- c:\users\j.d\BLURi - Music News, World News, Entertainment News, Sports News, Business News, Political News_files
2010-04-27 07:34:17 59154 ----a-w- c:\users\j.d\3amglove.jpg
2010-04-27 07:30:56 298520 ----a-w- c:\users\j.d\3amgloves.jpg
==================== Find3M ====================
2010-05-20 20:49:07 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-05-20 20:49:07 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-12 16:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 22:18:13 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-09 16:54:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:54:49 832512 ----a-w- c:\windows\system32\wininet(2041).dll
2010-03-09 16:54:38 1168384 ----a-w- c:\windows\system32\urlmon(2033).dll
2010-03-09 16:50:34 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50:34 268288 ----a-w- c:\windows\system32\iertutil(1730).dll
2010-03-09 16:50:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:48:34 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17:48 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43:52 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-04 20:46:02 12464 ----a-w- c:\windows\system32\avgrsstx(1689).dll
2010-03-04 19:24:26 434176 ----a-w- c:\windows\system32\vbscript.dll
2008-12-12 15:18:13 174 --sha-w- c:\program files\desktop.ini
2008-08-06 10:01:32 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-09-03 06:06:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008090220080903\index.dat
2008-09-04 03:20:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008090320080904\index.dat
2008-09-05 18:51:43 49152 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008090520080906\index.dat
============= FINISH: 21:01:20.74 ===============

*ATTACH*

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 8/25/2007 11:43:54 AM
System Uptime: 5/25/2010 12:17:26 AM (21 hours ago)
Motherboard: ECS | | 945GCT-NM
Processor: Genuine Intel(R) CPU 2160 @ 1.80GHz | Socket 775 | 1800/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 363 GiB total, 117.933 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.409 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 8
Adobe Setup
Adobe Stock Photos 1.0
Adobe Type Support
Adobe Update Manager CS3
AltoMP3 Gold 5.20
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AT&T Yahoo! High Speed Internet Home Networking Installer
AVS Video Converter 4.3.1.371
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BillQuick 2009
BitLord 1.1
Bonjour
Browser Address Error Redirector
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iP1800 series
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities My Printer
Canon Utilities Solution Menu
CleanUp!
CSS Wizard
Desktop Notifier
Digidesign Pro Tools LE 7.0
Digital Media Reader
Dropbox
DVDInfoPro
E.M. Magic Swf2Avi 2008 build 5.2.9.101
E.M. Magic Swf2Avi V6.7
EatCam Webcam Recorder Pro 4.5
ePrompter
EZ Screen Recorder 4.10
Family Feud 2
FBP - Facebook Blaster Pro
FFB - Facebook Friend Bomber
FileZilla Client 3.1.0.1
Free Bomb Factory Plug-Ins 7.0
Free FLV Converter V 5.6
Free Mp3/Wma/Ogg Converter 4.0.1
Free PDF to Word Doc Converter v1.1
FriendBlasterPro
Gateway Connect
Gateway Game Console
Gateway Recovery Center Installer
GE MiniCam Pro
GOM Player
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
HttpTrafficGen 1.6
IL Download Manager
ImgBurn
IMVU Avatar Chat Software
IMVU Tools
Incoming Friends
Infine CaptureFlash version 1.6
Intel(R) Graphics Media Accelerator Driver
InterLok Driver Kit
Interlok driver setup x32
Java(TM) SE Runtime Environment 6 Update 1
LabelPrint
Lexmark 1300 Series
Lexmark 5600-6600 Series
Lexmark X6100 Series
Listing Factory 2008 v3.0
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
Microsoft .NET Framework 3.5
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Monopoly
Monopoly (remove only)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Native Instruments Battery 3
NI Service Center
oRipa MSN Webcam Recorder2.0.1
PC Wizard 2008.1.80
PDF Password Cracker v3.0
Perfect Uninstaller v6.3.3.8
Polar Bowler
Polar Golfer
Power2Go 5.0
QBFC 5.0
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Refresher
Refresher1.2
Revo Uninstaller Pro 2.2.0
RSS Content Generator
Safari
Search Settings 1.2
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SimpleOCR 3.1
Skype™ 4.1
Smart PDF Converter 5.0.1.324
Soft Data Fax Modem with SmartCP
Sony Picture Utility
Sony USB Driver
Sothink SWF Decompiler
Spare Backup
Steinberg WaveLab 5.01b
SupportSoft Assisted Service
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
TorrentMan Toolbar
Total Video Converter 3.12 080330
Tradewinds
Tube Increaser
Tube Thumper
Tweet Adder
Tweet Adder 2010
TwitterBlasterPro
TwitterDirector
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981726)
Viewpoint Media Player
Web Site Downloader
Webcam and Screen Recorder 4.8.1
WebCam Recorder
WinAVI MP4 Converter
WinRAR archiver
XviD MPEG-4 Video Codec
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar
ZD Soft Screen Video Decoder
==== End Of File ===========================


----------



## CatByte (Feb 24, 2009)

Hi,

The log is clean, if there are no other outstanding issues, then we can clean up out tools,

please do the following:

Visit *ADOBE*and download the latest version of Acrobat Reader (version 9.3)
Having the latest updates ensures there are no security vulnerabilities in your system.

*NEXT*









*Your Java is out of date.* Older versions have vulnerabilities that malware can use to infect your system. *Please follow these steps to remove older version Java components and update.*

Download the latest version of *Java Runtime Environment (JRE) 20* and save it to your desktop.
Scroll down to where it says *JDK 6 Update 20 (JDK or JRE)*
Click the *Download JRE* button to the right
Select the *Windows* platform from the dropdown menu.
Read the License Agreement and then check the box that says: "_I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement_". Click on *Continue.*The page will refresh.
Click on the link to download *Windows Offline Installation* and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on *Add or Remove Programs* and remove all older versions of Java.
Check (_highlight_) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the *Remove* or *Change/Remove* button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on *jre-6u20-windows-i586-p.exe* to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the *Settings* button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - *Leave BOTH Checked*

*Applications and Applets
Trace and Log Files*

Click OK on Delete Temporary Files Window
*Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.*
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.


*
NEXT*

You can delete the *DDS* and *GMER* folders from your desktop.

*
NEXT*

*Follow these steps to uninstall Combofix *


Make sure your security programs are totally disabled.
Click *START* then *RUN*
Now copy/paste *Combofix /uninstall* into the *runbox* and click *OK.* Note the *space* between the *..X* and the */U*, it needs to be there.










Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

If there are any logs/tools remaining > right click and delete them.

*NEXT*

Below I have included a number of recommendations for how to protect your computer against malware infections.


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article *
Strong passwords: How to create and use them* Then consider a *password keeper,* to keep all your passwords safe.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

*Make Internet Explorer more secure*
Click *Start* > *Run*
Type *Inetcpl.cpl* & click *OK*
Click on the *Security* tab
Click *Reset all zones to default level*
Make sure the *Internet Zone* is selected & Click *Custom level*
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click *OK*, then *Apply* button and then *OK* to exit the Internet Properties page.

*Download* *TFC* *to your desktop*
Close any open windows.
Double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run, 
Click the *Start* button to begin the process. 
Allow *TFC* to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically *reboot your machine,*
if it doesn't, manually reboot to ensure a complete clean
*It's normal after running TFC cleaner that the PC will be slower to boot the first time. *

*WOT*, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
*Green* to go 
*Yellow* for caution 
*Red* to stop
 WOT has an addon available for both Firefox and IE

*Keep a backup of your important files* - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

*ERUNT* (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
*Think Prevention.*
*PC Safety and Security--What Do I Need?.*

***Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. *

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.


----------



## poeticexposure00 (May 11, 2010)

I cant get mozilla up but i was able to use my ie, safari, and google chrome just fine. Thanks again!


----------



## CatByte (Feb 24, 2009)

you should delete FireFox completely and reinstall it

Follow the instructions here:

http://kb.mozillazine.org/Standard_diagnostic_(Firefox)#Clean_reinstall


----------

