Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Issues - Please Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware Issues - Please Help

Unread postby melboy » December 9th, 2010, 4:21 pm

Hi

You have had a file infector and looks as though mbam.exe is still infected. After running combofix and it has rebooted and produced it's log, re-install mbam.

If Combofix prompts you to update it at all, please allow it to update.

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File:: 
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    
    Registry:: 
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    
    DirLook::
    C:\Program Files\Malwarebytes' Anti-Malware
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


---------

After reboot & Combofix has produced it's log:

---------



Re-install Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Combofix Log

Unread postby Urban Monk » December 9th, 2010, 8:08 pm

ComboFix 10-12-08.04 - Ashok Shah 12/09/2010 18:27:21.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1475 [GMT -5:00]
Running from: c:\documents and settings\Ashok Shah\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ashok Shah\Desktop\cfscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\program files\Malwarebytes' Anti-Malware\mbam.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 14:24 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6721F2B4-37C6-4DD5-B138-8D9A96AFAD10}\mpengine.dll
2010-12-09 00:11 . 2010-12-09 00:11 -------- d-----w- c:\program files\ESET
2010-12-08 22:47 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-08 22:47 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-08 22:45 . 2010-12-08 22:45 -------- d-----w- c:\documents and settings\Ashok Shah\.java
2010-12-07 20:18 . 2010-12-07 20:18 89088 ----a-w- C:\mbr.exe
2010-12-06 23:07 . 2010-12-06 23:07 -------- d-----w- c:\documents and settings\Ashok Shah\Application Data\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2010-12-06 17:51 . 2010-12-06 17:51 -------- d-----w- c:\program files\Balsamiq Mockups
2010-12-04 08:30 . 2010-12-04 08:30 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-12-04 06:26 . 2010-12-04 06:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-12-04 06:20 . 2010-12-04 06:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-03 05:09 . 2010-12-03 05:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-12-02 16:25 . 2010-12-02 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-02 16:24 . 2010-12-02 17:38 -------- d-----w- c:\documents and settings\Ashok Shah\Local Settings\Application Data\NPE
2010-12-02 09:17 . 2010-12-02 09:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-12-02 07:31 . 2010-12-02 07:31 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-02 04:44 . 2010-12-02 04:44 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2010-12-02 04:41 . 2010-12-02 04:41 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2010-11-18 05:11 . 2010-11-18 05:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-11-10 17:49 . 2010-11-10 17:49 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-10 17:49 . 2010-11-10 17:49 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-09-14 02:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-09-14 02:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 04:33 . 2009-10-10 06:52 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2009-10-09 06:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 20:44 . 2009-03-12 04:06 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-28 20:44 . 2008-07-20 06:27 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-18 17:23 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:00 . 2010-09-15 08:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-15 07:29 . 2009-03-17 23:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 01:58 . 2010-09-14 01:58 96512 ----a-w- c:\windows\system32\drivers\ATAPI.SYS
2010-08-12 23:47 . 2005-05-08 04:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Malwarebytes' Anti-Malware ----

2010-11-30 21:35 . 2010-11-25 18:51 9874 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\lithuanian.lng
2010-11-30 21:35 . 2010-11-12 08:58 7819 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\arabic.lng
2010-11-30 21:35 . 2010-11-29 22:42 330576 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamnet.dll
2010-11-30 21:35 . 2010-11-29 22:42 515408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamcore.dll
2010-11-30 21:35 . 2010-11-30 21:35 709456 ----a-w- c:\program files\Malwarebytes' Anti-Malware\unins000.exe
2010-09-14 02:19 . 2010-11-30 21:35 10562 ----a-w- c:\program files\Malwarebytes' Anti-Malware\unins000.msg
2010-09-14 02:19 . 2010-11-29 22:42 363344 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
2010-09-14 02:19 . 2010-11-29 22:42 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
2010-09-14 02:19 . 2010-04-29 20:39 46416 ----a-w- c:\program files\Malwarebytes' Anti-Malware\ssubtmr6.dll
2010-09-14 02:19 . 2010-04-29 20:39 496976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2010-09-14 02:19 . 2010-11-17 19:15 10733 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\spanish.lng
2010-09-14 02:19 . 2010-11-18 05:34 9388 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\swedish.lng
2010-09-14 02:19 . 2010-11-20 06:12 9296 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\turkish.lng
2010-09-14 02:19 . 2010-11-13 04:01 9517 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\serbian.lng
2010-09-14 02:19 . 2010-11-13 04:46 9061 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\slovak.lng
2010-09-14 02:19 . 2010-11-14 19:06 8774 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\slovenian.lng
2010-09-14 02:19 . 2010-11-17 19:11 10112 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
2010-09-14 02:19 . 2010-11-14 05:51 10226 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng
2010-09-14 02:19 . 2010-11-17 19:21 10141 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\romanian.lng
2010-09-14 02:19 . 2010-11-13 15:55 9539 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\russian.lng
2010-09-14 02:19 . 2010-11-27 12:49 10450 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\macedonian.lng
2010-09-14 02:19 . 2010-11-18 05:06 8873 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\norwegian.lng
2010-09-14 02:19 . 2010-11-18 09:48 9354 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\polish.lng
2010-09-14 02:19 . 2010-11-13 18:34 10225 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\hungarian.lng
2010-09-14 02:19 . 2010-11-12 08:05 10173 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\italian.lng
2010-09-14 02:19 . 2010-11-13 20:15 7771 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\korean.lng
2010-09-14 02:19 . 2010-11-15 01:03 9682 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\latvian.lng
2010-09-14 02:19 . 2010-11-16 03:24 10658 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\german.lng
2010-09-14 02:19 . 2010-11-17 19:22 10483 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\greek.lng
2010-09-14 02:19 . 2010-11-17 19:17 6821 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\hebrew.lng
2010-09-14 02:19 . 2010-10-24 03:37 8784 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\english.lng
2010-09-14 02:19 . 2010-11-18 04:02 9053 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\estonian.lng
2010-09-14 02:19 . 2010-11-25 16:38 8966 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\finnish.lng
2010-09-14 02:19 . 2010-11-17 19:18 10730 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\french.lng
2010-09-14 02:19 . 2010-11-27 06:25 9023 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\czech.lng
2010-09-14 02:19 . 2010-11-17 19:21 9665 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\danish.lng
2010-09-14 02:19 . 2010-11-13 21:15 10094 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\dutch.lng
2010-09-14 02:19 . 2010-11-17 03:34 10166 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\catalan.lng
2010-09-14 02:19 . 2010-11-29 14:22 6057 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\chineseSI.lng
2010-09-14 02:19 . 2010-11-15 05:51 6576 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\chineseTR.lng
2010-09-14 02:19 . 2010-11-17 19:20 9480 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\croatian.lng
2010-09-14 02:19 . 2010-11-13 05:44 9674 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\belarusian.lng
2010-09-14 02:19 . 2010-11-13 05:34 9526 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\bosnian.lng
2010-09-14 02:19 . 2010-11-14 04:09 9776 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
2010-09-14 02:19 . 2010-04-29 20:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\xxxx.exe.exe
2010-09-14 02:19 . 2010-11-09 17:46 2769 ----a-w- c:\program files\Malwarebytes' Anti-Malware\changes.rtf
2010-09-14 02:19 . 2010-11-29 14:32 11385 ----a-w- c:\program files\Malwarebytes' Anti-Malware\license.txt
2010-09-14 02:19 . 2010-11-29 22:42 202576 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.dll
2010-09-14 02:19 . 2010-11-29 22:41 394941 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.chm
2010-09-14 02:19 . 2010-11-29 22:42 77648 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
2010-09-14 02:19 . 2010-11-30 21:35 20853 ----a-w- c:\program files\Malwarebytes' Anti-Malware\unins000.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 68856]
"googsystray"="c:\program files\googsystray\googsystray.exe" [2009-12-15 60928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-03 4493312]
"nwiz"="nwiz.exe" [2004-08-03 917504]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"AudCtrl"="AudCtrl.dll" [2002-03-21 47897]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"CoolSwitch"="c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-12 30192]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-12-04 53248]

c:\documents and settings\The Sneak\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-9 1783128]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Ashok Shah\Desktop\P7140323.JPG
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ashok Shah^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ashok Shah^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDSentry"=c:\windows\System32\DSentry.exe
"HostManager"=c:\program files\Common Files\AOL\1142488136\ee\AOLSoftware.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Ashok Shah\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 ASFAgent;ASF Agent;c:\program files\intel\ASF Agent\ASFAgent.exe [5/8/2002 9:51 AM 212992]
R2 NetAlrt;NetAlrt;c:\windows\SYSTEM32\DRIVERS\Netalrt.sys [5/7/2002 4:05 PM 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\SYSTEM32\DRIVERS\platalrt.sys [5/7/2002 4:06 PM 23744]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [7/22/2008 6:17 PM 46824]
R3 sbext;Sound Blaster Extigy Audio Driver;c:\windows\SYSTEM32\DRIVERS\sbext.sys [5/28/2003 5:40 PM 1152916]
S2 gupdate1c9245438d00c02;Google Update Service (gupdate1c9245438d00c02);c:\program files\Google\Update\GoogleUpdate.exe [10/2/2008 1:02 AM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/20/2004 1:47 AM 30192]
S3 TIAcxubt;D-Link WLAN USB Boot Device;c:\windows\system32\Drivers\tiacxubt.sys --> c:\windows\system32\Drivers\tiacxubt.sys [?]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;c:\windows\system32\Drivers\tiacxusb.sys --> c:\windows\system32\Drivers\tiacxusb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-12-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-22 16:08]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-02 06:02]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-02 06:02]

2010-12-09 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 19:28]

2010-12-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\
FF - component: c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Ashok Shah\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Ubiquity: ubiquity@labs.mozilla.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\ubiquity@labs.mozilla.com
FF - Extension: Firefox Universal Uploader (fireuploader): {0200c2a9-70da-4f6d-b527-f5f7d7877228} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
FF - Extension: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Extension: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\facepad@lazyrussian.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{43c35458-c907-439b-bcfd-07d373834689}: {43c35458-c907-439b-bcfd-07d373834689} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
FF - Extension: Multifox: multifox@hultmann - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\multifox@hultmann
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Read It Later: isreaditlater@ideashower.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\isreaditlater@ideashower.com
FF - Extension: vShare Plugin: vshare@toolbar - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\vshare@toolbar
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Ashok Shah\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 18:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???\????????\?w? ?w???????w???w4???????.??w4???????4????>?s4???Z????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\???????x?`??????C@?\???\??????sZ???\??????s\????&3?5??s?&3??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-09 18:54:06
ComboFix-quarantined-files.txt 2010-12-09 23:53
ComboFix2.txt 2010-12-08 05:32
ComboFix3.txt 2010-12-07 22:36
ComboFix4.txt 2010-09-19 07:53

Pre-Run: 2,196,217,856 bytes free
Post-Run: 2,188,013,568 bytes free

- - End Of File - - 282A45DBC3CD69F16518DA9C8B883ACE
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

Combofix Log

Unread postby Urban Monk » December 9th, 2010, 8:08 pm

ComboFix 10-12-08.04 - Ashok Shah 12/09/2010 18:27:21.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1475 [GMT -5:00]
Running from: c:\documents and settings\Ashok Shah\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ashok Shah\Desktop\cfscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\program files\Malwarebytes' Anti-Malware\mbam.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 14:24 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6721F2B4-37C6-4DD5-B138-8D9A96AFAD10}\mpengine.dll
2010-12-09 00:11 . 2010-12-09 00:11 -------- d-----w- c:\program files\ESET
2010-12-08 22:47 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-08 22:47 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-08 22:45 . 2010-12-08 22:45 -------- d-----w- c:\documents and settings\Ashok Shah\.java
2010-12-07 20:18 . 2010-12-07 20:18 89088 ----a-w- C:\mbr.exe
2010-12-06 23:07 . 2010-12-06 23:07 -------- d-----w- c:\documents and settings\Ashok Shah\Application Data\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2010-12-06 17:51 . 2010-12-06 17:51 -------- d-----w- c:\program files\Balsamiq Mockups
2010-12-04 08:30 . 2010-12-04 08:30 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-12-04 06:26 . 2010-12-04 06:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-12-04 06:20 . 2010-12-04 06:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-03 05:09 . 2010-12-03 05:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-12-02 16:25 . 2010-12-02 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-02 16:24 . 2010-12-02 17:38 -------- d-----w- c:\documents and settings\Ashok Shah\Local Settings\Application Data\NPE
2010-12-02 09:17 . 2010-12-02 09:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-12-02 07:31 . 2010-12-02 07:31 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-02 04:44 . 2010-12-02 04:44 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2010-12-02 04:41 . 2010-12-02 04:41 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2010-11-18 05:11 . 2010-11-18 05:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-11-10 17:49 . 2010-11-10 17:49 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-10 17:49 . 2010-11-10 17:49 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-09-14 02:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-09-14 02:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 04:33 . 2009-10-10 06:52 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2009-10-09 06:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 20:44 . 2009-03-12 04:06 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-28 20:44 . 2008-07-20 06:27 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-18 17:23 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:00 . 2010-09-15 08:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-15 07:29 . 2009-03-17 23:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 01:58 . 2010-09-14 01:58 96512 ----a-w- c:\windows\system32\drivers\ATAPI.SYS
2010-08-12 23:47 . 2005-05-08 04:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Malwarebytes' Anti-Malware ----

2010-11-30 21:35 . 2010-11-25 18:51 9874 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\lithuanian.lng
2010-11-30 21:35 . 2010-11-12 08:58 7819 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\arabic.lng
2010-11-30 21:35 . 2010-11-29 22:42 330576 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamnet.dll
2010-11-30 21:35 . 2010-11-29 22:42 515408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamcore.dll
2010-11-30 21:35 . 2010-11-30 21:35 709456 ----a-w- c:\program files\Malwarebytes' Anti-Malware\unins000.exe
2010-09-14 02:19 . 2010-11-30 21:35 10562 ----a-w- c:\program files\Malwarebytes' Anti-Malware\unins000.msg
2010-09-14 02:19 . 2010-11-29 22:42 363344 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
2010-09-14 02:19 . 2010-11-29 22:42 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
2010-09-14 02:19 . 2010-04-29 20:39 46416 ----a-w- c:\program files\Malwarebytes' Anti-Malware\ssubtmr6.dll
2010-09-14 02:19 . 2010-04-29 20:39 496976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2010-09-14 02:19 . 2010-11-17 19:15 10733 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\spanish.lng
2010-09-14 02:19 . 2010-11-18 05:34 9388 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\swedish.lng
2010-09-14 02:19 . 2010-11-20 06:12 9296 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\turkish.lng
2010-09-14 02:19 . 2010-11-13 04:01 9517 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\serbian.lng
2010-09-14 02:19 . 2010-11-13 04:46 9061 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\slovak.lng
2010-09-14 02:19 . 2010-11-14 19:06 8774 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\slovenian.lng
2010-09-14 02:19 . 2010-11-17 19:11 10112 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
2010-09-14 02:19 . 2010-11-14 05:51 10226 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng
2010-09-14 02:19 . 2010-11-17 19:21 10141 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\romanian.lng
2010-09-14 02:19 . 2010-11-13 15:55 9539 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\russian.lng
2010-09-14 02:19 . 2010-11-27 12:49 10450 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\macedonian.lng
2010-09-14 02:19 . 2010-11-18 05:06 8873 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\norwegian.lng
2010-09-14 02:19 . 2010-11-18 09:48 9354 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\polish.lng
2010-09-14 02:19 . 2010-11-13 18:34 10225 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\hungarian.lng
2010-09-14 02:19 . 2010-11-12 08:05 10173 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\italian.lng
2010-09-14 02:19 . 2010-11-13 20:15 7771 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\korean.lng
2010-09-14 02:19 . 2010-11-15 01:03 9682 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\latvian.lng
2010-09-14 02:19 . 2010-11-16 03:24 10658 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\german.lng
2010-09-14 02:19 . 2010-11-17 19:22 10483 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\greek.lng
2010-09-14 02:19 . 2010-11-17 19:17 6821 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\hebrew.lng
2010-09-14 02:19 . 2010-10-24 03:37 8784 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\english.lng
2010-09-14 02:19 . 2010-11-18 04:02 9053 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\estonian.lng
2010-09-14 02:19 . 2010-11-25 16:38 8966 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\finnish.lng
2010-09-14 02:19 . 2010-11-17 19:18 10730 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\french.lng
2010-09-14 02:19 . 2010-11-27 06:25 9023 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\czech.lng
2010-09-14 02:19 . 2010-11-17 19:21 9665 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\danish.lng
2010-09-14 02:19 . 2010-11-13 21:15 10094 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\dutch.lng
2010-09-14 02:19 . 2010-11-17 03:34 10166 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\catalan.lng
2010-09-14 02:19 . 2010-11-29 14:22 6057 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\chineseSI.lng
2010-09-14 02:19 . 2010-11-15 05:51 6576 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\chineseTR.lng
2010-09-14 02:19 . 2010-11-17 19:20 9480 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\croatian.lng
2010-09-14 02:19 . 2010-11-13 05:44 9674 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\belarusian.lng
2010-09-14 02:19 . 2010-11-13 05:34 9526 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\bosnian.lng
2010-09-14 02:19 . 2010-11-14 04:09 9776 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
2010-09-14 02:19 . 2010-04-29 20:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\xxxx.exe.exe
2010-09-14 02:19 . 2010-11-09 17:46 2769 ----a-w- c:\program files\Malwarebytes' Anti-Malware\changes.rtf
2010-09-14 02:19 . 2010-11-29 14:32 11385 ----a-w- c:\program files\Malwarebytes' Anti-Malware\license.txt
2010-09-14 02:19 . 2010-11-29 22:42 202576 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.dll
2010-09-14 02:19 . 2010-11-29 22:41 394941 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.chm
2010-09-14 02:19 . 2010-11-29 22:42 77648 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
2010-09-14 02:19 . 2010-11-30 21:35 20853 ----a-w- c:\program files\Malwarebytes' Anti-Malware\unins000.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 68856]
"googsystray"="c:\program files\googsystray\googsystray.exe" [2009-12-15 60928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-03 4493312]
"nwiz"="nwiz.exe" [2004-08-03 917504]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"AudCtrl"="AudCtrl.dll" [2002-03-21 47897]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"CoolSwitch"="c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-12 30192]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-12-04 53248]

c:\documents and settings\The Sneak\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-9 1783128]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Ashok Shah\Desktop\P7140323.JPG
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ashok Shah^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ashok Shah^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDSentry"=c:\windows\System32\DSentry.exe
"HostManager"=c:\program files\Common Files\AOL\1142488136\ee\AOLSoftware.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Ashok Shah\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 ASFAgent;ASF Agent;c:\program files\intel\ASF Agent\ASFAgent.exe [5/8/2002 9:51 AM 212992]
R2 NetAlrt;NetAlrt;c:\windows\SYSTEM32\DRIVERS\Netalrt.sys [5/7/2002 4:05 PM 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\SYSTEM32\DRIVERS\platalrt.sys [5/7/2002 4:06 PM 23744]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [7/22/2008 6:17 PM 46824]
R3 sbext;Sound Blaster Extigy Audio Driver;c:\windows\SYSTEM32\DRIVERS\sbext.sys [5/28/2003 5:40 PM 1152916]
S2 gupdate1c9245438d00c02;Google Update Service (gupdate1c9245438d00c02);c:\program files\Google\Update\GoogleUpdate.exe [10/2/2008 1:02 AM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/20/2004 1:47 AM 30192]
S3 TIAcxubt;D-Link WLAN USB Boot Device;c:\windows\system32\Drivers\tiacxubt.sys --> c:\windows\system32\Drivers\tiacxubt.sys [?]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;c:\windows\system32\Drivers\tiacxusb.sys --> c:\windows\system32\Drivers\tiacxusb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-12-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-22 16:08]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-02 06:02]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-02 06:02]

2010-12-09 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 19:28]

2010-12-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\
FF - component: c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Ashok Shah\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Ubiquity: ubiquity@labs.mozilla.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\ubiquity@labs.mozilla.com
FF - Extension: Firefox Universal Uploader (fireuploader): {0200c2a9-70da-4f6d-b527-f5f7d7877228} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
FF - Extension: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Extension: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\facepad@lazyrussian.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{43c35458-c907-439b-bcfd-07d373834689}: {43c35458-c907-439b-bcfd-07d373834689} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
FF - Extension: Multifox: multifox@hultmann - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\multifox@hultmann
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Read It Later: isreaditlater@ideashower.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\isreaditlater@ideashower.com
FF - Extension: vShare Plugin: vshare@toolbar - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\vshare@toolbar
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Ashok Shah\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 18:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???\????????\?w? ?w???????w???w4???????.??w4???????4????>?s4???Z????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\???????x?`??????C@?\???\??????sZ???\??????s\????&3?5??s?&3??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-09 18:54:06
ComboFix-quarantined-files.txt 2010-12-09 23:53
ComboFix2.txt 2010-12-08 05:32
ComboFix3.txt 2010-12-07 22:36
ComboFix4.txt 2010-09-19 07:53

Pre-Run: 2,196,217,856 bytes free
Post-Run: 2,188,013,568 bytes free

- - End Of File - - 282A45DBC3CD69F16518DA9C8B883ACE
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

Combofix Log

Unread postby Urban Monk » December 9th, 2010, 8:09 pm

ComboFix 10-12-08.04 - Ashok Shah 12/09/2010 18:27:21.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1475 [GMT -5:00]
Running from: c:\documents and settings\Ashok Shah\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ashok Shah\Desktop\cfscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\program files\Malwarebytes' Anti-Malware\mbam.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 14:24 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6721F2B4-37C6-4DD5-B138-8D9A96AFAD10}\mpengine.dll
2010-12-09 00:11 . 2010-12-09 00:11 -------- d-----w- c:\program files\ESET
2010-12-08 22:47 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-08 22:47 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-08 22:45 . 2010-12-08 22:45 -------- d-----w- c:\documents and settings\Ashok Shah\.java
2010-12-07 20:18 . 2010-12-07 20:18 89088 ----a-w- C:\mbr.exe
2010-12-06 23:07 . 2010-12-06 23:07 -------- d-----w- c:\documents and settings\Ashok Shah\Application Data\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2010-12-06 17:51 . 2010-12-06 17:51 -------- d-----w- c:\program files\Balsamiq Mockups
2010-12-04 08:30 . 2010-12-04 08:30 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-12-04 06:26 . 2010-12-04 06:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-12-04 06:20 . 2010-12-04 06:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-03 05:09 . 2010-12-03 05:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-12-02 16:25 . 2010-12-02 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-02 16:24 . 2010-12-02 17:38 -------- d-----w- c:\documents and settings\Ashok Shah\Local Settings\Application Data\NPE
2010-12-02 09:17 . 2010-12-02 09:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-12-02 07:31 . 2010-12-02 07:31 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-02 04:44 . 2010-12-02 04:44 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2010-12-02 04:41 . 2010-12-02 04:41 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2010-11-18 05:11 . 2010-11-18 05:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-11-10 17:49 . 2010-11-10 17:49 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-10 17:49 . 2010-11-10 17:49 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-09-14 02:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-09-14 02:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 04:33 . 2009-10-10 06:52 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2009-10-09 06:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 20:44 . 2009-03-12 04:06 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-28 20:44 . 2008-07-20 06:27 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-18 17:23 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:00 . 2010-09-15 08:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-15 07:29 . 2009-03-17 23:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 01:58 . 2010-09-14 01:58 96512 ----a-w- c:\windows\system32\drivers\ATAPI.SYS
2010-08-12 23:47 . 2005-05-08 04:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Malwarebytes' Anti-Malware ----

2010-11-30 21:35 . 2010-11-25 18:51 9874 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\lithuanian.lng
2010-11-30 21:35 . 2010-11-12 08:58 7819 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\arabic.lng
2010-11-30 21:35 . 2010-11-29 22:42 330576 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamnet.dll
2010-11-30 21:35 . 2010-11-29 22:42 515408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamcore.dll
2010-11-30 21:35 . 2010-11-30 21:35 709456 ----a-w- c:\program files\Malwarebytes' Anti-Malware\unins000.exe
2010-09-14 02:19 . 2010-11-30 21:35 10562 ----a-w- c:\program files\Malwarebytes' Anti-Malware\unins000.msg
2010-09-14 02:19 . 2010-11-29 22:42 363344 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
2010-09-14 02:19 . 2010-11-29 22:42 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
2010-09-14 02:19 . 2010-04-29 20:39 46416 ----a-w- c:\program files\Malwarebytes' Anti-Malware\ssubtmr6.dll
2010-09-14 02:19 . 2010-04-29 20:39 496976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2010-09-14 02:19 . 2010-11-17 19:15 10733 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\spanish.lng
2010-09-14 02:19 . 2010-11-18 05:34 9388 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\swedish.lng
2010-09-14 02:19 . 2010-11-20 06:12 9296 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\turkish.lng
2010-09-14 02:19 . 2010-11-13 04:01 9517 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\serbian.lng
2010-09-14 02:19 . 2010-11-13 04:46 9061 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\slovak.lng
2010-09-14 02:19 . 2010-11-14 19:06 8774 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\slovenian.lng
2010-09-14 02:19 . 2010-11-17 19:11 10112 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
2010-09-14 02:19 . 2010-11-14 05:51 10226 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng
2010-09-14 02:19 . 2010-11-17 19:21 10141 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\romanian.lng
2010-09-14 02:19 . 2010-11-13 15:55 9539 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\russian.lng
2010-09-14 02:19 . 2010-11-27 12:49 10450 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\macedonian.lng
2010-09-14 02:19 . 2010-11-18 05:06 8873 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\norwegian.lng
2010-09-14 02:19 . 2010-11-18 09:48 9354 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\polish.lng
2010-09-14 02:19 . 2010-11-13 18:34 10225 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\hungarian.lng
2010-09-14 02:19 . 2010-11-12 08:05 10173 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\italian.lng
2010-09-14 02:19 . 2010-11-13 20:15 7771 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\korean.lng
2010-09-14 02:19 . 2010-11-15 01:03 9682 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\latvian.lng
2010-09-14 02:19 . 2010-11-16 03:24 10658 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\german.lng
2010-09-14 02:19 . 2010-11-17 19:22 10483 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\greek.lng
2010-09-14 02:19 . 2010-11-17 19:17 6821 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\hebrew.lng
2010-09-14 02:19 . 2010-10-24 03:37 8784 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\english.lng
2010-09-14 02:19 . 2010-11-18 04:02 9053 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\estonian.lng
2010-09-14 02:19 . 2010-11-25 16:38 8966 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\finnish.lng
2010-09-14 02:19 . 2010-11-17 19:18 10730 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\french.lng
2010-09-14 02:19 . 2010-11-27 06:25 9023 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\czech.lng
2010-09-14 02:19 . 2010-11-17 19:21 9665 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\danish.lng
2010-09-14 02:19 . 2010-11-13 21:15 10094 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\dutch.lng
2010-09-14 02:19 . 2010-11-17 03:34 10166 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\catalan.lng
2010-09-14 02:19 . 2010-11-29 14:22 6057 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\chineseSI.lng
2010-09-14 02:19 . 2010-11-15 05:51 6576 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\chineseTR.lng
2010-09-14 02:19 . 2010-11-17 19:20 9480 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\croatian.lng
2010-09-14 02:19 . 2010-11-13 05:44 9674 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\belarusian.lng
2010-09-14 02:19 . 2010-11-13 05:34 9526 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\bosnian.lng
2010-09-14 02:19 . 2010-11-14 04:09 9776 ----a-w- c:\program files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
2010-09-14 02:19 . 2010-04-29 20:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\xxxx.exe.exe
2010-09-14 02:19 . 2010-11-09 17:46 2769 ----a-w- c:\program files\Malwarebytes' Anti-Malware\changes.rtf
2010-09-14 02:19 . 2010-11-29 14:32 11385 ----a-w- c:\program files\Malwarebytes' Anti-Malware\license.txt
2010-09-14 02:19 . 2010-11-29 22:42 202576 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.dll
2010-09-14 02:19 . 2010-11-29 22:41 394941 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.chm
2010-09-14 02:19 . 2010-11-29 22:42 77648 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
2010-09-14 02:19 . 2010-11-30 21:35 20853 ----a-w- c:\program files\Malwarebytes' Anti-Malware\unins000.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 68856]
"googsystray"="c:\program files\googsystray\googsystray.exe" [2009-12-15 60928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-03 4493312]
"nwiz"="nwiz.exe" [2004-08-03 917504]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"AudCtrl"="AudCtrl.dll" [2002-03-21 47897]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"CoolSwitch"="c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-12 30192]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-12-04 53248]

c:\documents and settings\The Sneak\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-9 1783128]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Ashok Shah\Desktop\P7140323.JPG
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ashok Shah^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ashok Shah^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDSentry"=c:\windows\System32\DSentry.exe
"HostManager"=c:\program files\Common Files\AOL\1142488136\ee\AOLSoftware.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Ashok Shah\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 ASFAgent;ASF Agent;c:\program files\intel\ASF Agent\ASFAgent.exe [5/8/2002 9:51 AM 212992]
R2 NetAlrt;NetAlrt;c:\windows\SYSTEM32\DRIVERS\Netalrt.sys [5/7/2002 4:05 PM 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\SYSTEM32\DRIVERS\platalrt.sys [5/7/2002 4:06 PM 23744]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [7/22/2008 6:17 PM 46824]
R3 sbext;Sound Blaster Extigy Audio Driver;c:\windows\SYSTEM32\DRIVERS\sbext.sys [5/28/2003 5:40 PM 1152916]
S2 gupdate1c9245438d00c02;Google Update Service (gupdate1c9245438d00c02);c:\program files\Google\Update\GoogleUpdate.exe [10/2/2008 1:02 AM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/20/2004 1:47 AM 30192]
S3 TIAcxubt;D-Link WLAN USB Boot Device;c:\windows\system32\Drivers\tiacxubt.sys --> c:\windows\system32\Drivers\tiacxubt.sys [?]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;c:\windows\system32\Drivers\tiacxusb.sys --> c:\windows\system32\Drivers\tiacxusb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-12-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-22 16:08]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-02 06:02]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-02 06:02]

2010-12-09 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 19:28]

2010-12-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\
FF - component: c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Ashok Shah\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Ubiquity: ubiquity@labs.mozilla.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\ubiquity@labs.mozilla.com
FF - Extension: Firefox Universal Uploader (fireuploader): {0200c2a9-70da-4f6d-b527-f5f7d7877228} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
FF - Extension: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Extension: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\facepad@lazyrussian.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{43c35458-c907-439b-bcfd-07d373834689}: {43c35458-c907-439b-bcfd-07d373834689} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
FF - Extension: Multifox: multifox@hultmann - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\multifox@hultmann
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Read It Later: isreaditlater@ideashower.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\isreaditlater@ideashower.com
FF - Extension: vShare Plugin: vshare@toolbar - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\vshare@toolbar
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Ashok Shah\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 18:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???\????????\?w? ?w???????w???w4???????.??w4???????4????>?s4???Z????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\???????x?`??????C@?\???\??????sZ???\??????s\????&3?5??s?&3??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-09 18:54:06
ComboFix-quarantined-files.txt 2010-12-09 23:53
ComboFix2.txt 2010-12-08 05:32
ComboFix3.txt 2010-12-07 22:36
ComboFix4.txt 2010-09-19 07:53

Pre-Run: 2,196,217,856 bytes free
Post-Run: 2,188,013,568 bytes free

- - End Of File - - 282A45DBC3CD69F16518DA9C8B883ACE
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

Re: Malware Issues - Please Help

Unread postby melboy » December 9th, 2010, 8:20 pm

Do you have the Malwarebytes log?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

MBAM log

Unread postby Urban Monk » December 9th, 2010, 8:27 pm

Malwarebytes' Anti-Malware 1.50
http://www.malwarebytes.org

Database version: 5283

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/9/2010 7:26:26 PM
mbam-log-2010-12-09 (19-26-26).txt

Scan type: Quick scan
Objects scanned: 178101
Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

Re: Malware Issues - Please Help

Unread postby melboy » December 10th, 2010, 1:24 pm

Hi

The logs look good - how are things running?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Issues - Please Help

Unread postby Urban Monk » December 10th, 2010, 1:55 pm

They seem decent. When I ran eset though, it reported a bunch of issues.

Is there anyway to check that everything is definitely gone?
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

Re: Malware Issues - Please Help

Unread postby melboy » December 10th, 2010, 8:02 pm

Hi

The detections by Eset with the exception of mbam.exe which we fixed with the last CFScript, had already been removed and were being detected by Eset in Combofix's quarantine or in System Restore. These will be dealt with by the uninstallation of Combofix.



Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are. If not, then please continue with the instructions below.



Uninstall Combofix
We Need to Remove ComboFix
  1. Please go to Start -> Run
  2. Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.
    Image
  3. Press OK (Or hit enter).
  4. Allow ComboFix to remove itself.



OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


======================================================


Your computer was infected with a ROOTKIT. In particular, the TDL4 rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore it may be prudent to:

  1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

Windows Rootkits

How do I respond to a possible identity theft and how do I prevent it

------------------------------------------------------------------------

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Install and use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
    Suggestions:

    [Please note that trial pay is not needed to get any product for free.]


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Issues - Please Help

Unread postby NonSuch » December 14th, 2010, 1:00 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 279 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware