Jump to content

Problem with search provider


Steam

Recommended Posts

On the search toolbar up in firefox and Internet Explorer, m computer automatically picks Search.fast-find.com. Even if I remove it, the next time I load up firefox, it's still there. Nothing else is wrong with my computer, but I don't like the fact that a bit of spyware's messing with my computer and its search engines.

Bumping this in the offchance someone hasn't seen it.

You need to read:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hi,

Please download DDS and save it to your desktop.

  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

DDS.txt

DDS (Ver_10-12-05.01) - NTFSx86

Run by Guy at 18:14:29.07 on Thu 12/09/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.942 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\StacSV.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\AIM\aim.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Guy\Desktop\dds.com

============== Pseudo HJT Report ===============

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\guy\applic~1\mozilla\firefox\profiles\p56wp879.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=

FF - component: c:\documents and settings\guy\application data\mozilla\firefox\profiles\p56wp879.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll

FF - component: c:\documents and settings\guy\application data\mozilla\firefox\profiles\p56wp879.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\guy\application data\mozilla\firefox\profiles\p56wp879.default\extensions\csweblauncher@cyberstep.com\plugins\npCsWebLauncher.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Extension: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - c:\docume~1\guy\applic~1\mozilla\firefox\profiles\p56wp879.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\guy\applic~1\mozilla\firefox\profiles\p56wp879.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Extension: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - c:\docume~1\guy\applic~1\mozilla\firefox\profiles\p56wp879.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

FF - Extension: CS Web Launcher: CSWebLauncher@cyberstep.com - c:\docume~1\guy\applic~1\mozilla\firefox\profiles\p56wp879.default\extensions\CSWebLauncher@cyberstep.com

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Search

FF - user.js: browser.search.order.1 - Search

FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-14 214664]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-1-31 54752]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-28 88176]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-28 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-28 144704]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-1-28 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-28 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-28 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-28 40552]

S0 cerc6;cerc6; [x]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-6 704864]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-28 34248]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]

S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-5-7 1051976]

=============== Created Last 30 ================

2010-12-06 01:18:00 89088 ----a-w- c:\windows\MBR.exe

2010-12-06 01:17:59 98816 ----a-w- c:\windows\sed.exe

2010-12-06 01:17:59 256512 ----a-w- c:\windows\PEV.exe

2010-12-06 01:17:59 161792 ----a-w- c:\windows\SWREG.exe

2010-11-20 04:10:15 -------- d-----w- C:\OC ReMix - Super Street Fighter II Turbo HD Remix Official Soundtrack

2010-11-20 04:09:20 -------- d-----w- C:\[shinsen-Subs] Juusoukikou Dancouga Nova

==================== Find3M ====================

2010-10-29 07:23:25 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-29 07:23:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-24 14:09:47 0 ----a-w- c:\windows\Lbolecazu.bin

2010-10-22 21:20:11 0 ----a-w- c:\windows\system32\lsp38.tmp

2010-10-21 01:52:51 186 ----a-w- c:\docume~1\guy\applic~1\19344.bat

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 18:15:25.20 ===============

Link to post
Share on other sites

Rootkit.txt

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xB6BB6000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10240000 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 195.62 )

0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6283264 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 195.62 )

0xB6753000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 4206592 bytes (Intel Corporation, Intel

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

C:\ComboFix.txt

ComboFix 10-12-16.02 - Guy 12/16/2010 20:15:09.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.972 [GMT -5:00]

Running from: c:\documents and settings\Guy\Desktop\ComboFix.exe

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))

.

2010-12-15 20:20 . 2010-12-15 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-12-15 15:29 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-15 15:28 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-20 04:10 . 2010-11-20 04:10 -------- d-----w- C:\OC ReMix - Super Street Fighter II Turbo HD Remix Official Soundtrack

2010-11-20 04:09 . 2010-11-20 04:09 -------- d-----w- C:\[shinsen-Subs] Juusoukikou Dancouga Nova

2010-11-18 18:12 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-18 18:12 . 2010-01-28 21:52 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-29 07:23 . 2010-10-29 07:23 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-29 07:23 . 2010-10-29 07:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-28 13:13 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-04 10:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-24 17:23 . 2010-04-12 19:58 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2010-10-22 21:20 . 2010-10-22 21:20 0 ----a-w- c:\windows\system32\lsp38.tmp

2010-10-21 01:52 . 2010-10-21 01:52 186 ----a-w- c:\documents and settings\Guy\Application Data\19344.bat

2010-09-18 19:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-12-06_01.26.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-15 21:53 . 2010-12-15 21:53 16384 c:\windows\Temp\Perflib_Perfdata_580.dat

+ 2008-04-14 09:42 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe

- 2008-04-14 09:42 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe

- 2010-10-23 23:40 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll

+ 2010-10-23 23:40 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll

+ 2010-01-29 00:08 . 2010-12-16 14:31 68523 c:\windows\system32\nvModes.dat

- 2010-01-29 00:08 . 2010-12-04 05:25 68523 c:\windows\system32\nvModes.dat

+ 2006-03-04 03:33 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll

- 2006-03-04 03:33 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll

+ 2009-03-08 11:31 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll

- 2009-03-08 11:31 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe

+ 2010-10-22 11:46 . 2010-10-22 11:46 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll

+ 2004-08-04 10:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll

- 2004-08-04 10:00 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll

+ 2010-10-26 15:12 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll

- 2010-10-26 15:12 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll

- 2009-03-08 08:31 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-03-08 08:31 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2010-10-26 15:12 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2010-10-26 15:12 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-03-08 08:34 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-03-08 08:34 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-03-08 08:33 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2009-03-08 08:33 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2010-01-28 21:58 . 2010-12-17 00:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2010-01-28 21:58 . 2010-12-05 22:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2010-01-28 21:58 . 2010-12-05 22:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-01-28 21:58 . 2010-12-17 00:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2010-10-28 03:36 . 2010-12-05 22:05 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2010-12-06 03:02 . 2010-12-17 00:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2010-12-15 21:10 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll

+ 2004-08-04 10:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll

- 2004-08-04 10:00 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll

- 2006-03-04 03:33 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll

+ 2006-03-04 03:33 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll

+ 2009-03-08 11:32 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll

- 2009-03-08 11:32 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 136568 c:\windows\system32\Macromed\Shockwave 10\SCC.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 810496 c:\windows\system32\Macromed\Shockwave 10\gi.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 471040 c:\windows\system32\Macromed\Shockwave 10\Control.dll

+ 2006-03-04 03:33 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll

- 2006-03-04 03:33 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll

+ 2004-08-04 10:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll

- 2004-08-04 10:00 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 10:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe

+ 2010-01-28 13:44 . 2010-12-15 21:53 126912 c:\windows\system32\FNTCACHE.DAT

- 2010-01-28 13:44 . 2010-10-30 19:26 126912 c:\windows\system32\FNTCACHE.DAT

- 2009-03-08 08:34 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll

+ 2009-03-08 08:34 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll

+ 2009-03-08 08:34 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll

- 2009-03-08 08:34 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll

+ 2009-03-08 08:32 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll

- 2009-03-08 08:32 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll

+ 2010-10-26 15:12 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll

- 2010-10-26 15:12 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-10-26 15:12 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2010-10-26 15:12 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2009-03-08 08:31 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll

- 2009-03-08 08:31 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll

- 2010-10-26 15:12 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2010-10-26 15:12 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2009-03-08 18:09 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-08 18:09 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-08 08:32 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe

+ 2010-10-26 15:12 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll

+ 2010-12-15 20:23 . 2010-12-15 20:23 811008 c:\windows\Installer\1f9ce5a3.msi

+ 2010-12-15 21:10 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll

+ 2010-12-15 21:10 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll

+ 2010-12-15 21:10 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe

+ 2010-12-15 21:10 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll

+ 2010-12-15 21:10 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe

+ 2006-03-18 11:09 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll

- 2006-03-18 11:09 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll

+ 2008-04-14 09:42 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll

+ 2006-03-23 17:32 . 2010-11-06 00:26 5959168 c:\windows\system32\mshtml.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 1495040 c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll

+ 2009-03-08 11:32 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll

+ 2010-10-26 15:10 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys

+ 2009-03-08 08:34 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll

- 2009-03-08 08:34 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll

+ 2010-10-23 20:37 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll

+ 2009-03-08 08:41 . 2010-11-06 00:26 5959168 c:\windows\system32\dllcache\mshtml.dll

+ 2010-10-26 15:12 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll

+ 2010-12-15 20:21 . 2010-12-15 20:21 9472000 c:\windows\Installer\1f9ce53d.msi

+ 2010-12-15 21:10 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll

+ 2010-01-28 23:46 . 2010-12-15 21:07 37366216 c:\windows\system32\MRT.exe

+ 2009-03-08 11:39 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll

+ 2010-10-26 15:12 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll

+ 2010-12-15 21:10 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]

"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]

"NVHotkey"="nvHotkey.dll" [2009-11-21 87144]

"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe]

2005-10-08 04:01 3032576 ----a-w- c:\program files\StorageSync\StrgSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TuneUp.UtilitiesSvc"=2 (0x2)

"UxTuneUp"=2 (0x2)

"TuneUp.Defrag"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\loom\\Loom.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\jedi outcast\\GameData\\jk2sp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\jedi outcast\\GameData\\jk2mp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=

"c:\\Program Files\\ABC\\abc.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/28/2010 5:27 PM 88176]

S0 cerc6;cerc6; [x]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 1:18 PM 10064]

S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [5/7/2010 8:04 PM 1051976]

.

Contents of the 'Scheduled Tasks' folder

2010-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-12-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-28 20:22]

2010-12-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-28 20:22]

2010-12-17 c:\windows\Tasks\VersionCheck.job

- c:\documents and settings\All Users\Application Data\WSTB\upd8.0.3.exe [2010-10-20 15:34]

.

.

------- Supplementary Scan -------

.

FF - ProfilePath - c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\p56wp879.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

FF - Ext: CS Web Launcher: CSWebLauncher@cyberstep.com - %profile%\extensions\CSWebLauncher@cyberstep.com

FF - user.js: browser.search.order.1 - Search

FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-16 20:19

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-616249376-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:5f,fa,56,fb,18,85,61,2a,b8,be,39,41,6d,fd,72,94,fd,11,6a,00,38,

5e,7a,50,e6,2a,0c,87,aa,08,d9,53,f1,61,e0,6a,5f,75,fb,4c,20,d3,b3,82,d8,19,\

"rkeysecu"=hex:33,0d,be,db,26,d4,ca,da,ff,01,56,3c,0e,77,4e,88

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

@=""

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

@=""

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

@=""

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1548)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(8020)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-12-16 20:21:26

ComboFix-quarantined-files.txt 2010-12-17 01:21

ComboFix2.txt 2010-12-06 01:27

ComboFix3.txt 2010-10-28 02:50

Pre-Run: 14,692,151,296 bytes free

Post-Run: 15,787,495,424 bytes free

- - End Of File - - 9741DF705C7486AC6DC9AFFE6CF83308

Link to post
Share on other sites

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\documents and settings\Guy\Application Data\19344.bat
c:\windows\system32\lsp38.tmp
c:\windows\Tasks\VersionCheck.job
c:\windows\Lbolecazu.bin

Folder::
c:\documents and settings\All Users\Application Data\WSTB


FireFox::
FF - ProfilePath - c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\p56wp879.default\
FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

C:\ComboFix.txt

ComboFix 10-12-16.02 - Guy 12/21/2010 10:57:52.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1321 [GMT -5:00]

Running from: c:\documents and settings\Guy\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Guy\Desktop\CFScript.txt

AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::

"c:\documents and settings\Guy\Application Data\19344.bat"

"c:\windows\Lbolecazu.bin"

"c:\windows\system32\lsp38.tmp"

"c:\windows\Tasks\VersionCheck.job"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\WSTB

c:\documents and settings\All Users\Application Data\WSTB\upd8.0.3.exe

c:\documents and settings\Guy\Application Data\19344.bat

c:\windows\Lbolecazu.bin

c:\windows\system32\lsp38.tmp

c:\windows\Tasks\VersionCheck.job

.

((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))

.

2010-12-18 03:47 . 2010-12-20 15:17 -------- d-----w- c:\program files\JDownloader

2010-12-15 20:20 . 2010-12-15 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-12-15 15:29 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-15 15:28 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-18 18:12 . 2010-01-28 21:52 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-29 07:23 . 2010-10-29 07:23 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-29 07:23 . 2010-10-29 07:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-28 13:13 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-04 10:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-24 17:23 . 2010-04-12 19:58 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

.

((((((((((((((((((((((((((((( SnapShot_2010-12-17_01.19.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-21 15:46 . 2010-12-21 15:46 16384 c:\windows\Temp\Perflib_Perfdata_440.dat

- 2010-01-29 00:08 . 2010-12-16 14:31 68523 c:\windows\system32\nvModes.dat

+ 2010-01-29 00:08 . 2010-12-19 23:02 68523 c:\windows\system32\nvModes.dat

+ 2010-01-28 21:58 . 2010-12-21 15:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2010-01-28 21:58 . 2010-12-17 00:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2010-01-28 21:58 . 2010-12-17 00:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-01-28 21:58 . 2010-12-21 15:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-12-17 04:25 . 2010-12-21 15:22 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2010-12-06 03:02 . 2010-12-17 00:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]

"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]

"NVHotkey"="nvHotkey.dll" [2009-11-21 87144]

"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe]

2005-10-08 04:01 3032576 ----a-w- c:\program files\StorageSync\StrgSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TuneUp.UtilitiesSvc"=2 (0x2)

"UxTuneUp"=2 (0x2)

"TuneUp.Defrag"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\loom\\Loom.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\jedi outcast\\GameData\\jk2sp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\jedi outcast\\GameData\\jk2mp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=

"c:\\Program Files\\ABC\\abc.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/28/2010 5:27 PM 88176]

S0 cerc6;cerc6; [x]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 1:18 PM 10064]

S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [5/7/2010 8:04 PM 1051976]

.

Contents of the 'Scheduled Tasks' folder

2010-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-12-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-28 20:22]

2010-12-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-28 20:22]

.

.

------- Supplementary Scan -------

.

FF - ProfilePath - c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\p56wp879.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

FF - Ext: CS Web Launcher: CSWebLauncher@cyberstep.com - %profile%\extensions\CSWebLauncher@cyberstep.com

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-21 11:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-616249376-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:5f,fa,56,fb,18,85,61,2a,b8,be,39,41,6d,fd,72,94,fd,11,6a,00,38,

5e,7a,50,e6,2a,0c,87,aa,08,d9,53,f1,61,e0,6a,5f,75,fb,4c,20,d3,b3,82,d8,19,\

"rkeysecu"=hex:33,0d,be,db,26,d4,ca,da,ff,01,56,3c,0e,77,4e,88

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

@=""

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

@=""

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

@=""

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1380)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\windows\system32\netprovcredman.dll

.

Completion time: 2010-12-21 11:05:50

ComboFix-quarantined-files.txt 2010-12-21 16:05

ComboFix2.txt 2010-12-17 01:21

ComboFix3.txt 2010-12-06 01:27

ComboFix4.txt 2010-10-28 02:50

Pre-Run: 16,230,653,952 bytes free

Post-Run: 16,496,496,640 bytes free

- - End Of File - - 5A4564EF6F18CE63EB31AF82E0EE9ADB

Link to post
Share on other sites

Hi,

I'm sorry for the late response.

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Malaware.txt

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5428

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/31/2010 2:36:58 PM

mbam-log-2010-12-31 (14-36-58).txt

Scan type: Full scan (C:\|)

Objects scanned: 263269

Time elapsed: 1 hour(s), 15 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{759b4e11-2924-477f-854f-66727c7bfe8c}\RP5\A0002954.exe (Adware.BHO) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\documents and settings\all users\application data\WSTB\upd8.0.3.exe.vir (Adware.BHO) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.