Search Engine Redirects to Ads,USB Cable Cause CPU Shutdown,virus Warning Popups

**evilfantasy** · #11 12th Aug 2009, 07:41

See if this works please.

Download ComboFix from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop.

Link 1
Link 2
Link 3

Rename ComboFix to Combo-Fix before saving it to the desktop.

**Jacko2983** · #12 12th Aug 2009, 15:56

I am now on the VirusTotal step. It is not allowing me to copy and paste that code into the window on that website. I can copy it from the code window, but when I try to paste it the "paste" option is still grayed out.

**evilfantasy** · #13 12th Aug 2009, 16:01

Copy it and then click once in the window where you paste it then on your keyboard press CTRL and V both at the same time.

If that doesn't work just click the Browse button and locate the file that way.

**Jacko2983** · #14 12th Aug 2009, 16:03

I tried it that way also and it does not let me paste it. When I browse for it it says the file is not found.

**evilfantasy** · #15 12th Aug 2009, 16:06

Try unhiding your files and folders then Browse for it again.

To enable the viewing of Hidden files follow these steps:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.

**Jacko2983** · #16 12th Aug 2009, 16:21

It is still saying that the file does not exist. I went to my c drive and went through the path you gave to view it for myself and the file really was not there...

**evilfantasy** · #17 12th Aug 2009, 16:23

OK just move on to the next step of running ComboFix please.

**Jacko2983** · #18 12th Aug 2009, 16:25

Ok... Combofix was actually the previous step you listed. Here is the log.

ComboFix 09-08-10.06 - Jackie 08/12/2009 17:07.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.174 [GMT -5:00]
Running from: c:\documents and settings\Jackie\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jackie\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}
FILE ::
"c:\windows\system32\nafamamo.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\105d11ef.msp
c:\windows\Installer\105d134b.msp
c:\windows\Installer\105d1376.msp
c:\windows\Installer\209be3e.msi
c:\windows\Installer\22483bd.msp
c:\windows\Installer\22483c4.msp
c:\windows\Installer\298e602.msi
c:\windows\Installer\37653e7.msp
c:\windows\Installer\37653ee.msp
c:\windows\Installer\5e14b7.msp
c:\windows\Installer\5e14be.msp
c:\windows\Installer\67029.msi
c:\windows\Installer\683b1.msi
c:\windows\Installer\74b2dae.msp
c:\windows\Installer\74b2ebc.msp
c:\windows\Installer\74b2ec3.msp
c:\windows\Installer\825ad1.msi
c:\windows\Installer\8f74.msi
c:\windows\Installer\c7174ed.msp
c:\windows\Installer\c7175fb.msp
c:\windows\Installer\c717602.msp
c:\windows\Installer\d46c6.msi
c:\windows\Installer\eef9422.msi
c:\windows\Installer\f6e542e.msp
c:\windows\Installer\f6e553c.msp
c:\windows\Installer\f6e5543.msp
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\drivers\vsfoceemvnwyqu.sys
c:\windows\system32\dumprep.exe
c:\windows\system32\vsfocebklvvjut.dat
c:\windows\system32\vsfocedbajgbdy.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_vsfocehpvtkoqq
-------\Service_vsfocehpvtkoqq

((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.
2009-08-11 19:27 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 13:01 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 13:01 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 21:44 . 2009-08-05 21:44 152576 ----a-w- c:\documents and settings\Frankie\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 00:20 . 2009-08-11 22:55 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-02 04:33 . 2009-08-02 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-02 04:33 . 2009-08-02 17:04 -------- d-----w- c:\program files\NOS
2009-07-21 23:32 . 2009-07-29 03:52 -------- d-----w- c:\program files\Shared
2009-07-18 15:42 . 2009-07-18 15:42 -------- d-----w- c:\program files\iPod
2009-07-18 15:42 . 2009-07-18 15:44 -------- d-----w- c:\program files\iTunes
2009-07-18 15:26 . 2009-07-18 15:26 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-12 00:50 . 2006-04-05 02:18 -------- d-----w- c:\program files\Dell
2009-08-12 00:50 . 2006-04-05 02:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-11 22:55 . 2009-04-17 03:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 04:31 . 2006-04-08 00:32 -------- d-----w- c:\program files\Dl_cats
2009-08-08 21:55 . 2008-01-14 07:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 21:44 . 2006-04-05 02:16 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2009-04-17 03:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-04-17 03:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 20:03 . 2009-04-16 23:42 117760 ----a-w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-08-02 20:03 . 2009-04-16 23:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-25 10:23 . 2009-01-13 23:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 15:42 . 2008-01-19 05:43 -------- d-----w- c:\program files\Common Files\Apple
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 19:43 . 2006-04-05 02:32 -------- d-----w- c:\program files\McAfee
2009-07-12 19:23 . 2009-07-12 19:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 19:23 . 2009-04-16 23:41 -------- d-----w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com
2009-07-12 02:48 . 2009-04-19 04:21 -------- d-----w- c:\program files\Trend Micro
2009-07-11 22:43 . 2006-04-05 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-03 17:09 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 03:04 . 2006-05-07 16:37 -------- d-----w- c:\documents and settings\Jackie\Application Data\LimeWire
2009-06-23 12:36 . 2009-06-23 12:36 390664 ----a-w- c:\documents and settings\Jackie\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-21 03:31 . 2009-06-21 03:31 152576 ----a-w- c:\documents and settings\Jackie\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 18:05 . 2006-04-07 01:45 62504 ----a-w- c:\documents and settings\Jackie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-14 17:40 . 2009-06-14 17:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-14 17:36 . 2006-04-10 22:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-14 17:36 . 2009-06-14 17:36 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-14 17:36 . 2009-06-14 17:36 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-14 17:36 . 2009-06-14 17:36 129784 ------w- c:\windows\system32\pxafs.dll
2009-06-14 17:36 . 2009-06-14 17:36 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-06-14 17:36 . 2009-06-14 17:36 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-06-12 12:31 . 2004-08-10 17:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-10 18:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-10 17:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 17:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-12-19 23:17 . 2008-12-19 23:05 853860607 -c--a-w- c:\program files\ADBEPHSPCS4_LS1.7z
2008-12-19 23:05 . 2008-12-19 23:05 1228240 ----a-w- c:\program files\ADBEPHSPCS4_LS1.exe
2007-12-10 03:04 . 2007-09-16 15:39 88 --sha-r- c:\windows\system32\A4E934F6EB.sys
2006-06-06 03:00 . 2006-04-07 01:45 104 -csh--r- c:\windows\system32\EBF634E9A4.sys
2009-05-08 04:43 . 2006-04-07 01:45 8354 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2003-05-14 1847296]
"SSRunScript"="c:\program files\Support.com\Charter\bin\SSRunScript.exe" [2003-02-19 40960]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-09 36904]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-25 198160]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\DLCCtime.dll" [2005-06-07 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
c:\documents and settings\Jackie\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-7-31 385024]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-4 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-4 24576]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144900070\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144900070\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google Video\\gupload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\DLA\\DLACTRLW.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:https
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs 0bbc.sys [11/12/2008 5:02 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.ex e [12/21/2008 2:43 PM 1086840]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-02 15:53]
2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-02 15:53]
2009-08-07 c:\windows\Tasks\wrSpySweeper_LCDA255A558564399AE2 6AA303B7F83CC.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-12-21 23:11]
2009-08-07 c:\windows\Tasks\wrSpySweeper_LCDA255A558564399AE2 6AA303B7F83CC.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-12-21 23:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://cccamera.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/barnyardinvasion/sis/slgwebinstall.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/ghbabeldeluxe/zylomplayer.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://cccamera.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 17:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(808)
c:\windows\system32\WININET.dll
c:\program files\SiteAdvisor\6172\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
************************************************** ************************
.
Completion time: 2009-08-12 17:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-12 22:47
Pre-Run: 5,572,280,320 bytes free
Post-Run: 7,206,862,848 bytes free
300 --- E O F --- 2009-08-12 03:46

**evilfantasy** · #19 12th Aug 2009, 16:30

Well that's why you couldn't find it. It was removed by ComboFix.

Looking at the log now. Be back with another reply shortly...

**evilfantasy** · #20 12th Aug 2009, 17:02

Looks good now but we should run another scan just to be sure we didn't miss anything.

First a little cleanup.

Uninstall ComboFix

Click Start then Run and enter everything from the Code box below into the run box and then click OK.

Code:

"%userprofile%\Desktop\Combo-fix" /u

Note: The space between the Combofix" and the /u must be there.

The above procedure will

Delete ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

----------

If you get an error please manually delete all ComboFix files. <- Important!

Combo-Fix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.