Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

f_herb

11 Posts

4950

February 7th, 2009 09:00

Uncontrollable Spyhunter Popup

I have a popup in the center of my screen for Spyhunter that I cannot close or get rid of. It occurrs abter restarting.

 

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:42 AM, on 2/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Windows\System32\MediaButtons.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\system32\FastUserSwitching.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\DELLOSD.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/s/s.dll?spage=hb/index.htm&ck=&ck=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: D - {8A9C5385-7366-3BE3-BB3C-E9A6113CDF64} - C:\Windows\system32\mws99807.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MediaButtons] C:\Windows\System32\MediaButtons.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [\YURF262.exe] C:\Windows\system32\YURF262.exe
O4 - HKLM\..\Run: [\YURF60A.exe] C:\Windows\system32\YURF60A.exe
O4 - HKLM\..\Run: [\YURF9A3.exe] C:\Windows\system32\YURF9A3.exe
O4 - HKLM\..\Run: [\YURFACB.exe] C:\Windows\system32\YURFACB.exe
O4 - HKLM\..\Run: [\YURFE2C.exe] C:\Windows\system32\YURFE2C.exe
O4 - HKLM\..\Run: [\YUR166.exe] C:\Windows\system32\YUR166.exe
O4 - HKLM\..\Run: [\YURFE3B.exe] C:\Windows\system32\YURFE3B.exe
O4 - HKLM\..\Run: [\YUR3996.exe] C:\Windows\system32\YUR3996.exe
O4 - HKLM\..\Run: [\YUR241.exe] C:\Windows\system32\YUR241.exe
O4 - HKLM\..\Run: [\YUR5AA.exe] C:\Windows\system32\YUR5AA.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [\YURF262.exe] C:\Windows\system32\YURF262.exe
O4 - HKCU\..\Run: [\YURF60A.exe] C:\Windows\system32\YURF60A.exe
O4 - HKCU\..\Run: [\YURF9A3.exe] C:\Windows\system32\YURF9A3.exe
O4 - HKCU\..\Run: [\YURFACB.exe] C:\Windows\system32\YURFACB.exe
O4 - HKCU\..\Run: [\YURFE2C.exe] C:\Windows\system32\YURFE2C.exe
O4 - HKCU\..\Run: [\YUR166.exe] C:\Windows\system32\YUR166.exe
O4 - HKCU\..\Run: [\YURFE3B.exe] C:\Windows\system32\YURFE3B.exe
O4 - HKCU\..\Run: [\YUR3996.exe] C:\Windows\system32\YUR3996.exe
O4 - HKCU\..\Run: [\YUR241.exe] C:\Windows\system32\YUR241.exe
O4 - HKCU\..\Run: [\YUR5AA.exe] C:\Windows\system32\YUR5AA.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2047519159-742209462-3996352476-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: MediaButtons.lnk = ?
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O4 - Global Startup: UserSwitch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {B2DCBF69-EF93-4252-BBC7-BD870EBD9EDE} (Siebel High Interactivity Framework) - https://casemanagement.dstip.redcross.org/service/18372/applets/SiebelAx_HI_Client.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: dlba_device - Unknown owner - C:\Windows\system32\dlbacoms.exe (file missing)
O23 - Service: dlcc_device -   - C:\Windows\system32\dlcccoms.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14379 bytes

Bugbatter

3 Apprentice

 • 

20.5K Posts

February 7th, 2009 09:00

Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply so we can begin cleaning.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

 

f_herb

11 Posts

February 7th, 2009 09:00

* Have you have posted this issue on another forum? If so, please provide a link to the topic.  No

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly. I have tried a restore point before the problem occurred. No joy

* If you are using any cracked software, please remove it. Definition of cracked software HERE.  No

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE.    No

* If this computer belongs to someone else, do you have authority to apply the fixes we will use? It belongs to me

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log. No

f_herb

11 Posts

February 7th, 2009 10:00

Other perhaps unrelated stuff:

Stopped being able to print about the same time getting "print error" in document status  drive all the usual windows updates

Task manager shows an image name "x10nets.exe" using 50% CPU, the rest is idle

Bugbatter

3 Apprentice

 • 

20.5K Posts

February 7th, 2009 12:00

Thank you for the information.

  Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates,
  • manually download them from here
    and just double-click on mbam-rules.exe to install.
    Alternatively, you can update through MBAM's interface from a clean computer,
    copy the definitions (rules.ref) located in
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
    Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top.
  • It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully.
  • Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report along with any other requested logs into your next reply and exit MBAM.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.


We'll need to see some additional information about what is happening in your machine.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • Click Yes at the prompt for Optional Scan.
  • When done, DDS will open two (2) logs

  • 1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop.
  • Copy/paste both logs to your reply on the forum.
  • Close the program window, and delete the program from your desktop.

  • Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

f_herb

11 Posts

February 7th, 2009 15:00

After accessing both sites and fixing the malwarebytes issues, for some reason I can not sign into this site from the computer that I ran from. I am able to sign in fine from a different computer. Any ideas

Bugbatter

3 Apprentice

 • 

20.5K Posts

February 7th, 2009 16:00

It may not have anything to do with MBAM.  Dell's new forum software has been giving others login problems as well.

Would it be possible to save the MBAM log on a USB stick or a CD so you can post it here? If not, let me know so we can move you to another site.

f_herb

11 Posts

February 8th, 2009 08:00

Xfering file via usb thru a different computer

Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 6.0.6001 Service Pack 1

2/7/2009 4:47:30 PM
mbam-log-2009-02-07 (16-47-30).txt

Scan type: Quick Scan
Objects scanned: 55339
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 20
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a9c5385-7366-3be3-bb3c-e9a6113cdf64} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a9c5385-7366-3be3-bb3c-e9a6113cdf64} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf262.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf60a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf9a3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurfacb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurfe2c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur166.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurfe3b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3996.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur241.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5aa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf262.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf60a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf9a3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurfacb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurfe2c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur166.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurfe3b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3996.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur241.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5aa.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MSVideoPlugin (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MSVideoPlugin\80_18.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/1/2007 8:52:09 PM
System Uptime: 2/7/2009 3:37:19 PM (2 hours ago)

Motherboard: Dell Inc. |  | 0CU568
Processor: Intel(R) Core(TM)2 Duo CPU     E4500  @ 2.20GHz | CPU 1 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 218 GiB total, 141.825 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 4.757 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

6.4.9.0
ABBYY FineReader 6.0 Sprint
ActiveHome Pro
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced Audio FX Engine
Advanced Video FX Engine
AOL Install
AT&T Internet Security Wizard 1.5.11
AVerMedia MiniCard Hybrid TV
Banctec Service Agreement
BellSouth Application Management
Browser Address Error Redirector
Business Complete Care Services Agreement
CDDRV_Installer
Citrix Presentation Server Client - Web Only
Citrix Presentation Server Web Client for Win32
Consumer Complete Care Services Agreement
Dell DataSafe Online
Dell Home Systems Services Agreement
Dell Network Assistant
Dell Photo AIO Printer 924
Dell Support Center (Support Software)
Dell System Customization Wizard
Dell Webcam Center
Dell Webcam Manager
DellSupport
DeLorme Phone Data 2009
DeLorme Street Atlas USA 2009 Plus
EarthLink Setup Files
ebgcInfra
ebgcRes
ebgcSDK
Fax Solutions
File Uploader
Games, Music, & Photos Launcher
Google Desktop
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.00.01.0720) 
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
Intel(R) Viiv(TM) Software
IntelliMover
Internet Service Offers Launcher
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) SE Runtime Environment 6
KhalInstallWrapper
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
MediaButtons 1.0.1.3
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Network Magic
NetZeroInstallers
Nikon Message Center
Pdf995
Picture Control Utility
Product Documentation Launcher
QualxServ Service Agreement
RealPlayer
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SetPoint
Sonic Activation Module
Super Collapse! II
Symantec Technical Support Web Controls
Timer Software
Tour your new XPS One
Trend Micro Internet Security Pro
User's Guides
ViewNX
WIDCOMM Bluetooth Software 6.0.1.5900
Yahoo! Music Jukebox

==== End Of File ===========================

Bugbatter

3 Apprentice

 • 

20.5K Posts

February 8th, 2009 14:00

On the computer that was infected, let's see if you can get Java updated. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 12 .
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each of the Java versions.
    Close Add/Remove.

  • * In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders.
    * Do NOT delete C:\Program Files\ JavaVM =this folder, if found!
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
  • Let me know how things are running after that. Still having login problems at Dell?  If so, anywhere else, or just Dell?

f_herb

11 Posts

February 21st, 2009 07:00

Sorry, I have been away for a while. I have now removed Java 6 and installed Javal 12. Still getting Spyhunter3 Update popups after reboot. Also, I still can not log into this website from that computer. I do not seem to be having trouble with any other site. I idid uninstall Symantec and replaced it with Trend, could that be a factor

 

Thank you

Bugbatter

3 Apprentice

 • 

20.5K Posts

February 21st, 2009 14:00

Others are still having login problems at  Dell as well. When you removed Symantec, did you run the Removal Tool, or did you just use Add/Remove Programs?

Let's see if we can clean the malware. Please update MBAM and run a new scan. Please post  the log.

Bugbatter

3 Apprentice

 • 

20.5K Posts

February 22nd, 2009 10:00

Two questions:

1.  What type of symptoms are you still having? Spyhunter popups?

If so, please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log for further review.

* Additional information on A/V control HERE.

 

2. As I understand it, Dell is the only site that you are having a problem with. Correct?

If that is so , please email the community_admin@dell.com

 

f_herb

11 Posts

February 22nd, 2009 10:00

I used the Symantec removal tool. Still can not log into the site from the infected machine. Updated MBAM and ran it. It came out clean

Malwarebytes' Anti-Malware 1.34

Database version: 1792

Windows 6.0.6001 Service Pack 1

 

2/22/2009 1:05:26 PM

mbam-log-2009-02-22 (13-05-26).txt

 

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 260215

Time elapsed: 2 hour(s), 21 minute(s), 12 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

f_herb

11 Posts

February 22nd, 2009 14:00

I still have "Spyhunter Update" persistent Popup along with a Spyhunter error about not finding a neccessary file. Can get rid of if using the task feature and ending the task

ComboFix 09-02-21.01 - Rita 2009-02-22 17:15:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2022.925 [GMT -5:00]
Running from: c:\users\Rita\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\index.dat
c:\windows\system32\x64

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET
-------\Service_Packet


(((((((((((((((((((((((((   Files Created from 2009-01-22 to 2009-02-22  )))))))))))))))))))))))))))))))
.

2009-02-21 12:26 . 2009-02-22 17:10 722,472 --a------ c:\windows\System32\kdfmgr.exe
2009-02-21 12:26 . 2009-02-22 17:10 192,512 --a------ c:\windows\System32\kdfvmgr.exe
2009-02-21 12:26 . 2009-02-22 17:10 77,824 --a------ c:\windows\System32\kdfapi.dll
2009-02-21 12:26 . 2009-02-22 13:46 53,248 --a------ c:\windows\System32\Kdfhok.dll
2009-02-21 10:06 . 2009-02-21 10:06 410,984 --a------ c:\windows\System32\deploytk.dll
2009-02-15 03:33 . 2008-12-04 23:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 03:33 . 2008-12-04 23:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 03:33 . 2008-12-04 23:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 03:33 . 2008-12-04 23:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 03:33 . 2008-12-04 23:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 07:18 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 07:18 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-07 16:40 . 2009-02-07 16:40 

 d-------- c:\users\Rita\AppData\Roaming\Malwarebytes
2009-02-07 16:40 . 2009-02-07 16:40   d-------- c:\users\All Users\Malwarebytes
2009-02-07 16:40 . 2009-02-07 16:40   d-------- c:\programdata\Malwarebytes
2009-02-07 16:40 . 2009-02-22 10:37   d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 16:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-07 16:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-07 16:02 . 2008-11-26 20:39 1,195,384 --a------ c:\windows\System32\drivers\vsapint.sys
2009-02-07 16:02 . 2008-11-26 20:42 205,328 --a------ c:\windows\System32\drivers\tmxpflt.sys
2009-02-07 16:02 . 2008-11-26 20:42 36,368 --a------ c:\windows\System32\drivers\tmpreflt.sys
2009-02-07 15:47 . 2009-02-07 15:47   d-------- c:\windows\LocalSSL
2009-02-07 15:44 . 2009-02-07 15:47   d-------- c:\users\All Users\Trend Micro
2009-02-07 15:44 . 2009-02-07 15:47   d-------- c:\programdata\Trend Micro
2009-02-07 15:30 . 2009-02-07 15:30 256,528 --a------ c:\windows\System32\drivers\tmwfp.sys
2009-02-07 15:30 . 2009-02-07 15:30 145,424 --a------ c:\windows\System32\drivers\tmlwf.sys
2009-02-07 15:30 . 2009-02-07 15:30 144,912 --a------ c:\windows\System32\drivers\tmcomm.sys
2009-02-07 15:30 . 2009-02-07 15:30 80,400 --a------ c:\windows\System32\drivers\tmtdi.sys
2009-02-07 15:30 . 2009-02-07 15:30 50,192 --a------ c:\windows\System32\drivers\tmactmon.sys
2009-02-07 15:30 . 2009-02-07 15:30 49,680 --a------ c:\windows\System32\drivers\tmevtmgr.sys
2009-02-07 12:34 . 2008-02-11 20:13 920,088 --a------ c:\windows\System32\igxpun.exe
2009-02-07 12:34 . 2006-11-10 16:25 319,456 --a------ c:\windows\System32\difxapi.dll
2009-02-07 11:28 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-07 11:28 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-07 11:28 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-07 11:28 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-07 11:28 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-07 11:28 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-07 11:28 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-07 11:28 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-07 11:21 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-07 11:21 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-07 11:21 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-07 11:21 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-07 11:21 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-03 18:01 . 2009-02-04 20:22   d-------- c:\users\Rita\.housecall6.6

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 22:24 --------- d---a-w c:\programdata\TEMP
2009-02-21 15:06 --------- d-----w c:\program files\Java
2009-02-12 08:00 --------- d-----w c:\program files\Windows Mail
2009-02-07 20:46 --------- d-----w c:\program files\Trend Micro
2009-02-07 20:37 --------- d-----w c:\programdata\Symantec
2009-02-07 20:37 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-07 20:36 --------- d-----w c:\program files\Symantec
2009-02-03 18:42 --------- d-----w c:\programdata\pdf995
2009-01-30 05:16 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-30 05:16 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-01-30 05:16 --------- d-----w c:\program files\Common Files\Motive
2009-01-30 05:16 --------- d-----w c:\program files\BellSouth Application Management
2009-01-30 05:16 --------- d-----w c:\program files\BellSouth
2009-01-30 05:16 --------- d-----w c:\program files\AVerMedia MiniCard Hybrid TV
2009-01-30 05:16 --------- d-----w c:\program files\att-nap
2009-01-30 05:16 --------- d-----w c:\program files\AOL Install
2009-01-30 05:15 --------- d-----w c:\program files\ActiveHome Pro
2009-01-30 05:15 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-01-19 01:21 --------- d-----w c:\program files\Google
2009-01-18 19:11 --------- d-----w c:\users\Rita\AppData\Roaming\pdf995
2009-01-18 19:06 51,716 ----a-w c:\windows\System32\pdf995mon.dll
2009-01-18 19:06 249,856 ----a-w c:\windows\System32\pdfmona.dll
2009-01-18 19:06 --------- d-----w c:\program files\pdf995
2009-01-04 17:01 --------- d-----w c:\programdata\X10 Settings
2008-12-30 14:39 --------- d-----w c:\programdata\Active Home Professional
2008-12-30 13:47 --------- d-----w c:\program files\Common Files\X10
2008-11-28 18:24 174 --sha-w c:\program files\desktop.ini
2008-11-28 17:43 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-28 17:43 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-15 17:57 20 ---h--w c:\users\All Users\PKP_DLdw.DAT
2008-10-15 17:57 20 ---h--w c:\programdata\PKP_DLdw.DAT
2008-09-13 20:00 61,224 ----a-w c:\users\Rita\GoToAssistDownloadHelper.exe
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-12-02 02:04 76 --sh--r c:\windows\CT4CET.bin
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-02-07 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2007-01-30 431600]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"MediaButtons"="c:\windows\System32\MediaButtons.exe" [2008-03-19 2433024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-18 185872]
"DLCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-02-07 970808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-13 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-02-07 497008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-12-01 7168]
MediaButtons.lnk - c:\windows\system32\MediaButtons.exe [2008-09-14 2433024]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-12-01 696320]
UserSwitch.lnk - c:\windows\system32\FastUserSwitching.exe [2008-09-14 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 13:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E12FFDA-B662-4B72-B477-2E2507C5BC97}"= TCP:10421:SingleClick Discovery Protocol
"{1EC8AFB2-C30D-45EA-973F-66362B534FB3}"= UDP:139:NetBIOS File/Printer Sharing
"{F8411B53-2F42-46C6-A4C2-716FB2D7C5E8}"= TCP:10426:SingleClick ICC
"{BFE8FF9C-8E93-47BD-B2BB-3F977B5F4764}"= UDP:445:Microsoft Directory Services
"{956C725F-E391-49BC-A7C3-0A9D7687065E}"= TCP:138:NetBIOS Datagram Service
"{C744403D-C3BC-48FB-B55D-2A8B32012D04}"= TCP:137:NetBIOS Name Service
"{BFB2F71D-77B7-418D-81DD-D75DAB3DBE92}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{D2C7F54F-7295-4049-8195-9292C2745E52}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{04840DB3-F7D9-4BEA-A151-EBD996F3A7F0}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{479C6A9F-DF6A-43FC-BD7B-3D20CECA4F22}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{06FE31A4-CCE8-44B1-A96F-5AEE100E5569}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{84F8E185-B276-4076-8FAB-2454FB358883}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{3F81CB9E-C9A8-4A32-8DB4-454FC68AA85A}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{3CDAD547-57F9-45B4-BAAB-F356C4A132D1}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{1DACD4D0-3C2A-45E9-9CC5-BF29C527F41E}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{E0A24E93-748F-4058-B0B7-BB6C3116003D}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{597723F7-9348-4876-B25E-CE7A5B3BCA78}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{95EA8AC2-0D05-42CB-A4A8-7CE2AE47B288}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9CE3DD8D-F6F7-4D91-A4C6-EF5A730C688F}"= UDP:c:\windows\System32\dlbacoms.exe:AIO Printer A940 Server
"{06EAC327-B2EB-43C9-B78C-EF4F76333EF5}"= TCP:c:\windows\System32\dlbacoms.exe:AIO Printer A940 Server
"{FFC1EB59-72CD-428A-BF9A-4CF2190500D9}"= UDP:c:\program files\att-nap\McciBrowser.exe:motivebrowser.exe
"{4F105B3D-6ADC-4C9D-9281-F208F15B882D}"= TCP:c:\program files\att-nap\McciBrowser.exe:motivebrowser.exe
"{24BCBF52-70A8-4B9B-8636-96ED4016978D}"= TCP:67:DHCP Discovery Service
"{0698C99C-6EA5-4504-BA8A-AA54F9E4085D}"= TCP:67:DHCP Discovery Service
"{1C2FA7DB-9436-455C-9FAD-A3F6BDDFDB68}"= UDP:c:\windows\System32\dlcccoms.exe:Lexmark Communications System
"{5D3460C9-7A27-4247-8C1C-BFDAEE6D082F}"= TCP:c:\windows\System32\dlcccoms.exe:Lexmark Communications System
"{062980EB-FB29-43DE-A605-3FC82DA29BCE}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dlccpswx.exe:Printer Status Window
"{C49E8C39-B384-4AC2-B2A8-435564B2A0A6}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dlccpswx.exe:Printer Status Window
"{C6F5DF79-721C-4906-AC0B-3A47B0D7DF88}"= UDP:c:\program files\Dell Photo AIO Printer 924\dlccmon.exe:Device Monitor
"{5CDFD7B7-BB8D-487F-BF59-6AA1E3018F80}"= TCP:c:\program files\Dell Photo AIO Printer 924\dlccmon.exe:Device Monitor
"{270DBF29-FAF3-4A9A-99DD-C7FEB4CBE4D2}"= UDP:c:\program files\Dell Photo AIO Printer 924\dlccaiox.exe:All In One Center
"{B7BAA77E-D6DB-4CC5-A114-7830C9FE4B10}"= TCP:c:\program files\Dell Photo AIO Printer 924\dlccaiox.exe:All In One Center
"{1D8FF1C0-E0F7-4968-B793-A64B6D81DC01}"= TCP:10421:SingleClick Discovery Protocol
"{534B03BE-6D62-43E5-8621-D1D773642335}"= TCP:10426:SingleClick ICC
"{FA3B70F5-8875-430E-9F67-2D30698BD32A}"= UDP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{5AE4F6DF-3F1F-41FC-9AF3-4E8CEDACE7EC}"= TCP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{02CDC5AF-3A1B-4155-84A2-CD4A73B0B520}"= UDP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{7089434B-CF04-41D6-963C-7BE7468C7A81}"= TCP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{93113E7D-86B3-43B8-ACE8-2A441FFB5810}"= UDP:c:\program files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{E1712690-5E0B-494A-90F4-1B6D03254A44}"= TCP:c:\program files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{766FC126-E005-44E6-A50E-4E5AB0B2D108}"= UDP:c:\program files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{451A5B95-AF12-4742-A702-227D3B684BA4}"= TCP:c:\program files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [2009-02-07 145424]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [2007-02-18 5376]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe [2007-06-27 272600]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2009-02-07 181584]
R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [2009-02-07 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-02-07 492888]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2009-02-07 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-02-07 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [2009-02-07 256528]
R3 CXSONORA;AVerMedia 23885 AvStream Video Capture;c:\windows\System32\drivers\A885VCap.sys [2007-10-15 733824]
R3 DLXPDisplayName;DLXPDisplayName;c:\windows\System32\drivers\DLACPI.sys [2008-09-14 14392]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [2007-12-01 5632]
R3 OEM07Vfx;Creative Camera OEM007 Video VFX Driver;c:\windows\System32\drivers\OEM07Vfx.sys [2007-10-15 7424]
R3 OEM07Vid;Creative Camera OEM007 Driver;c:\windows\System32\drivers\OEM07Vid.sys [2007-10-15 235552]
S2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe -service --> c:\windows\system32\dlbacoms.exe -service [?]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\System32\drivers\usbbc.sys [2008-04-29 15576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ    BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1f3086a-ccda-11dd-874e-001e8c2d998d}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-msiexec - msiconf.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.att.net/s/s.dll?spage=hb/index.htm&ck=&ck=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {B2DCBF69-EF93-4252-BBC7-BD870EBD9EDE} - hxxps://casemanagement.dstip.redcross.org/service/18372/applets/SiebelAx_HI_Client.cab
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel",             1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad",                   false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 17:26:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6140)
c:\program files\SetPoint\lgscroll.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\DELLOSD.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\dlcccoms.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Trend Micro\TrendSecure\TSCFCommander.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-02-22 17:33:05 - machine was rebooted
ComboFix-quarantined-files.txt  2009-02-22 22:32:46

Pre-Run: 148,112,474,112 bytes free
Post-Run: 148,461,117,440 bytes free

363 --- E O F --- 2009-02-16 08:01:38

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:59 PM, on 2/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Windows\System32\DELLOSD.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\system32\FastUserSwitching.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/s/s.dll?spage=hb/index.htm&ck=&ck=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MediaButtons] C:\Windows\System32\MediaButtons.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-21-2047519159-742209462-3996352476-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-2047519159-742209462-3996352476-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-2047519159-742209462-3996352476-1000\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-2047519159-742209462-3996352476-1000\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: MediaButtons.lnk = ?
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O4 - Global Startup: UserSwitch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235228797274&h=cc3a41ac8e420f657e39df0d9e3fef31/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {B2DCBF69-EF93-4252-BBC7-BD870EBD9EDE} (Siebel High Interactivity Framework) - https://casemanagement.dstip.redcross.org/service/18372/applets/SiebelAx_HI_Client.cab
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: dlba_device - Unknown owner - C:\Windows\system32\dlbacoms.exe (file missing)
O23 - Service: dlcc_device -   - C:\Windows\system32\dlcccoms.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13177 bytes

I have send an email to the community admin

 

Bugbatter

3 Apprentice

 • 

20.5K Posts

February 22nd, 2009 16:00

What is the " neccessary file." that Spyhunter is looking for?

What is the name of the process that you can stop using Task Manager?

f_herb

11 Posts

February 22nd, 2009 18:00

  The popup is Spyhunter3 Updater - "Instant Update will ensure that you have the latest version of Spyhunter, as well as the most up-3.skn is missingto-date Spyhunter definitions. To update your Spyhunter program files and definitions, just click the appropriate buttons" - Program Update or Register Now

The Application in Windows Task Manager is "Spyhunter3 Updater"

The Error is "File Spyhunter

View More

View All

No Events found!

Top