infected ...

ComboFix 12-08-07.05 - JOJO A. PEREZ 08/08/2012 18:49:47.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1978.1375 [GMT -7:00]
Running from: c:\users\JOJO A. PEREZ\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\intellidownload\gunzip.exe
c:\program files\intellidownload\search.exe
c:\windows\7Loader.TAG
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 01:56 . 2012-08-09 01:56 -------- d-----w- c:\users\JOJO A. PEREZ\AppData\Local\temp
2012-08-09 01:56 . 2012-08-09 01:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-09 01:56 . 2012-08-09 01:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-09 01:56 . 2012-08-09 01:56 -------- d-----w- c:\users\bleepIN' GUEST\AppData\Local\temp
2012-08-09 01:56 . 2012-08-09 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-09 00:22 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2ACE3F6-4E06-461E-AC6B-94DB20FDF744}\mpengine.dll
2012-08-09 00:20 . 2012-08-09 00:20 -------- d-----w- c:\users\bleepIN' GUEST\AppData\Local\Facebook
2012-08-07 23:49 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-07 22:04 . 2012-08-07 22:04 -------- d-----w- c:\users\bleepIN' GUEST\New folder (2)
2012-08-01 15:40 . 2012-08-01 15:40 -------- d-----w- c:\program files\Application Updater
2012-08-01 15:40 . 2012-08-01 15:40 -------- d-----w- c:\program files\YTD Toolbar
2012-07-31 22:42 . 2012-07-31 23:02 -------- d-----w- c:\users\JOJO A. PEREZ\AppData\Local\RockMelt
2012-07-31 02:13 . 2012-07-31 02:13 -------- d-----w- c:\program files\OpenApp
2012-07-31 02:12 . 2012-07-31 02:13 -------- d-----w- c:\program files\smartdl
2012-07-30 02:26 . 2012-07-30 02:26 184765 ----a-w- C:\torrent.exe
2012-07-13 17:57 . 2012-07-28 05:08 15840 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-07-13 17:57 . 2012-07-28 05:08 69088 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-07-13 17:57 . 2012-07-28 05:08 2243552 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-07-13 17:57 . 2012-07-28 05:08 813536 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-07-13 17:57 . 2012-07-13 17:57 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-13 04:23 . 2012-07-13 04:23 -------- d-----w- c:\program files\FilesFrog Update Checker
2012-07-13 03:52 . 2012-07-13 03:55 -------- d-----w- c:\users\JOJO A. PEREZ\AppData\Roaming\eType
2012-07-13 03:51 . 2012-07-13 03:51 -------- d-----w- c:\program files\BabylonToolbar
2012-07-13 03:50 . 2012-07-13 03:50 -------- d-----w- c:\users\JOJO A. PEREZ\AppData\Roaming\Babylon
2012-07-13 03:50 . 2012-07-13 03:50 -------- d-----w- c:\programdata\Babylon
2012-07-12 04:55 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 04:46 . 2012-07-12 04:46 -------- d-----w- c:\users\JOJO A. PEREZ\.m2
2012-07-12 04:45 . 2012-07-12 04:46 -------- d-----w- c:\users\JOJO A. PEREZ\.netbeans
2012-07-12 01:54 . 2012-07-31 00:16 -------- d-----w- c:\users\JOJO A. PEREZ\.nbi
2012-07-12 01:15 . 2012-07-12 01:17 -------- d-----w- c:\program files\Oracle
2012-07-12 01:13 . 2012-04-05 01:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-12 01:13 . 2012-04-05 01:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-11 19:51 . 2012-06-02 04:51 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 19:51 . 2012-06-02 04:50 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 19:51 . 2012-06-02 04:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 19:51 . 2012-06-02 04:48 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 19:51 . 2012-06-02 04:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 19:50 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 19:50 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 19:50 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 01:48 . 2012-06-08 03:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 01:48 . 2012-06-08 03:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-04 05:56 . 2012-07-09 01:43 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-04 05:56 . 2012-07-09 01:43 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38146162-197E-4940-91B0-B9BADCFB7FD9}\gapaengine.dll
2012-06-02 22:19 . 2012-06-28 00:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-28 00:51 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-28 00:51 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-28 00:51 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-28 00:51 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-28 00:51 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-28 00:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-28 00:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-28 00:51 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 03:41 . 2012-07-03 21:21 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B077766-5AF6-4C7B-A08C-628B27E5D557}\mpengine.dll
2012-07-28 05:09 . 2012-07-13 17:58 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{035FDC10-9F1D-430E-87DA-573FFBF5608D}]
2012-05-23 14:27 510296 ----a-w- c:\program files\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\4shared.com\tb4sha.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA0454C5-FD30-428E-8DB9-3FF87A612F64}]
2012-07-25 23:19 92160 ----a-w- c:\program files\OpenApp\bho_project.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 04:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{035FDC10-9F1D-430E-87DA-573FFBF5608D}"= "c:\program files\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll" [2012-05-23 510296]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{035fdc10-9f1d-430e-87da-573ffbf5608d}]
[HKEY_CLASSES_ROOT\YNanoClient.IE.1]
[HKEY_CLASSES_ROOT\TypeLib\{B5590E3C-C53C-4464-99BA-8AEF95C750ED}]
[HKEY_CLASSES_ROOT\YNanoClient.IE]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\tb4sha.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"E09AXLRD_1681534"="c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE" [2008-06-03 351000]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-01-04 328568]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"SDP"="c:\program files\FilesFrog Update Checker\update_checker.exe" [2012-05-31 200784]
"RockMelt Update"="c:\users\JOJO A. PEREZ\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-07-31 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-27 1095560]
.
c:\users\bleepIN' GUEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\JOJO A. PEREZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 10:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 11:25 6595928 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 18:41 33792 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 YNanoService;Yahoo! NanoClient Service;c:\program files\Yahoo!\YNanoClient\cpn0\YNanoService.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 01:48]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 23:03]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 23:03]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3273752555-1675684337-509532073-1000Core.job
- c:\users\JOJO A. PEREZ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 01:24]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3273752555-1675684337-509532073-1000UA.job
- c:\users\JOJO A. PEREZ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 01:24]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3273752555-1675684337-509532073-1001Core.job
- c:\users\bleepIN' GUEST\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 01:50]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3273752555-1675684337-509532073-1001UA.job
- c:\users\bleepIN' GUEST\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 01:50]
.
2012-08-08 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3273752555-1675684337-509532073-1000Core.job
- c:\users\JOJO A. PEREZ\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-31 22:42]
.
2012-08-09 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3273752555-1675684337-509532073-1000UA.job
- c:\users\JOJO A. PEREZ\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-31 22:42]
.
2012-08-07 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3273752555-1675684337-509532073-1001Core.job
- c:\users\bleepIN' GUEST\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-20 03:20]
.
2012-08-09 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3273752555-1675684337-509532073-1001UA.job
- c:\users\bleepIN' GUEST\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-20 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startsearcher.com
mStart Page = hxxp://www.startsearcher.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1BB3F4D5-CD3A-45A4-ACB6-F08D3F7CC7D5}: NameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{3201C501-233F-4276-A2EC-A81D3340D4B8}: NameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{51596833-0CCE-45A2-91BF-BAAB79417A26}: NameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{93A6DCA1-F54C-4BE6-9218-ADEDEADC3C0E}: NameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{C1D673D0-FAA3-4304-9E24-1614CB0B0824}: NameServer = 202.126.40.5 222.127.143.5
FF - ProfilePath - c:\users\JOJO A. PEREZ\AppData\Roaming\Mozilla\Firefox\Profiles\izy6lx99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDyCtCyB0CyE0AzytBzztCtCtD0Dzz0CtN0D0TzutBtDtCtBtDyCtCzz&cr=466346720
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDyCtCyB0CyE0AzytBzztCtCtD0Dzz0CtN0D0TzutBtDtCtBtDyCtCzz&cr=466346720
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - c2ba0d8c0000000000000617c4a92811
FF - user.js: extensions.funmoods.instlDay - 15509
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2215:35
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=112543
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - c2ba0d8c0000000000000617c4a92811
FF - user.js: extensions.BabylonToolbar_i.hardId - c2ba0d8c0000000000000617c4a92811
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15534
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:51
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3273752555-1675684337-509532073-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):0c,4b,62,9a,d9,0c,ac,82,4a,68,ad,9b,10,2f,9a,bf,d1,28,39,88,67,
b9,bb,1f,b7,33,13,e4,e6,6e,84,ce,45,6a,bd,d3,8e,d6,5b,01,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3273752555-1675684337-509532073-1000_Classes\CLSID\{edee679b-27a5-40c0-9295-e345d460bb54}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002b
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-08 18:57:40
ComboFix-quarantined-files.txt 2012-08-09 01:57
ComboFix2.txt 2012-08-06 22:03
.
Pre-Run: 29,045,477,376 bytes free
Post-Run: 28,862,042,112 bytes free
.
- - End Of File - - 942356E713A2A95CA6A86D7E0409A94E

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

• Please download DeFogger to your desktop.
  
  Double click DeFogger to run the tool.
  
• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.


Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download DDS:

• Please download DDS by sUBs from one of the links below and save it to your desktop:
  
  
  Download DDS and save it to your desktop
  
  Link1
  Link2
  Link3
  
  Please disable any anti-malware program that will block scripts from running before running DDS.
  
  
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

information and logs:

• In your next post I need the following
  
  
• .logs from DDS
• let me know of any problems you may have had

Gringo

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.