Jump to content


Photo

Problems with homepage - mystart powered by blekko


  • This topic is locked This topic is locked
13 replies to this topic

#1 Troy1234

Troy1234

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 24 May 2012 - 10:22 PM

Recently, my home page in Chrome/Firefox/Explorer was changed to mystart (powered by blekko). I have reset them back, but periodically, they will revert back to the mystart home page. I want to get rid of this once and for all.

Additionally, coinciding with this issue, my PC has starting running really slow. In taskmanager, Firefox (which I don;t even open) is running and using close to ~100% of my CPU. Very strange and this seems to happen randomly.

Assistance is greatly appreciated. Requested logs are below:



Malware Bytes Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Troy :: OLIVIA01 [administrator]

5/24/2012 9:19:27 PM
mbam-log-2012-05-24 (21-19-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281014
Time elapsed: 39 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Troy at 22:07:37 on 2012-05-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.490 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Microsoft Security Client\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.att.net
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258129260578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94F99626-932D-4A15-BABB-29E8573D9E19} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A6F63B66-8527-467F-B716-D5841BDECB88} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A6F63B66-8527-467F-B716-D5841BDECB88} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\aibelive\voicec~1\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\troy\application data\mozilla\firefox\profiles\rwrpbgmv.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-1-17 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704]
R1 MpKsl4d37723e;MpKsl4d37723e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e484922-c6e4-4a54-a979-2c9e7a712211}\MpKsl4d37723e.sys [2012-5-24 29904]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1960584]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-7 55152]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\srs labs\srs premium sound\SRS_VolSync.exe [2009-4-22 107744]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-9 49664]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-7 232872]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-1 39296]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-7 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-16 113120]
.
=============== Created Last 30 ================
.
2012-05-24 09:23:32 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e484922-c6e4-4a54-a979-2c9e7a712211}\offreg.dll
2012-05-24 09:23:32 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e484922-c6e4-4a54-a979-2c9e7a712211}\MpKsl4d37723e.sys
2012-05-24 09:21:13 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e484922-c6e4-4a54-a979-2c9e7a712211}\mpengine.dll
2012-05-23 01:56:41 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-17 13:11:45 -------- d-----w- c:\documents and settings\troy\local settings\application data\Comodo
2012-05-17 01:46:17 -------- d-----w- c:\program files\blekkotb_soc
2012-05-16 19:44:28 -------- d-----w- c:\documents and settings\troy\application data\blekkotb_019
2012-05-06 14:45:00 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-05-05 13:39:55 15756768 ----a-w- c:\program files\mozilla firefox\xul.dll
.
==================== Find3M ====================
.
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 00:11:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-01 00:11:43 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-21 01:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 22:08:58.73 ===============





Security Check Log (Checkup.txt)


Results of screen317's Security Check version 0.99.38
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java version out of date!
Adobe Flash Player 11.2.202.228
Adobe Reader X (10.1.2)
Mozilla Firefox (13.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,268 posts

Posted 26 May 2012 - 07:13 AM

Hello, Welcome to SpywareInfoForum
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingc...opic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===


Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com...d/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 30


===

Post the ComboFix log for my review.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 Troy1234

Troy1234

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 26 May 2012 - 08:56 AM

Thanks for the help, nasdaq.

Combofix.txt log:



ComboFix 12-05-26.02 - Troy 05/26/2012 8:31.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.451 [GMT -5:00]
Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\program files\Shared
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\0a7472cfa03d5263.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3ba57d33f68007e2.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\78ba37c604a496dd.fb
c:\windows\system32\Cache\7aef11c853dd7eb3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 09:14 . 2012-05-26 09:14 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4D46D23-008F-41F8-8F58-A1F0732ACF35}\offreg.dll
2012-05-26 09:14 . 2012-05-26 09:14 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4D46D23-008F-41F8-8F58-A1F0732ACF35}\MpKsl89f3c30b.sys
2012-05-26 09:12 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4D46D23-008F-41F8-8F58-A1F0732ACF35}\mpengine.dll
2012-05-25 09:21 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-17 13:11 . 2012-05-17 13:11 -------- d-----w- c:\documents and settings\Troy\Local Settings\Application Data\Comodo
2012-05-17 01:46 . 2012-05-17 01:46 -------- d-----w- c:\program files\blekkotb_soc
2012-05-16 19:44 . 2012-05-16 19:44 -------- d-----w- c:\documents and settings\Troy\Application Data\blekkotb_019
2012-05-15 13:21 . 2012-05-15 13:21 -------- d-----w- c:\documents and settings\Olivia\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn
2012-05-06 14:45 . 2012-05-17 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-05-05 13:39 . 2012-05-19 03:58 15756768 ----a-w- c:\program files\Mozilla Firefox\xul.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2009-04-29 10:54 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2012-01-27 14:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 00:11 . 2012-03-31 23:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 00:11 . 2012-03-31 23:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 01:44 . 2011-04-18 19:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2009-04-29 10:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2009-04-29 10:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2009-04-29 10:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2009-04-29 10:54 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2009-04-29 10:54 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-04-29 10:54 385024 ----a-w- c:\windows\system32\html.iec
2012-05-19 03:59 . 2012-05-05 13:40 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-7 376832]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Premium Sound]
2009-04-22 22:14 3405048 ----a-w- c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/17/2012 10:00 PM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/19/2011 7:59 PM 31704]
R1 MpKsl89f3c30b;MpKsl89f3c30b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4D46D23-008F-41F8-8F58-A1F0732ACF35}\MpKsl89f3c30b.sys [5/26/2012 4:14 AM 29904]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO GeekBuddy\CLPSLS.exe [11/23/2011 5:27 AM 1052472]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [4/22/2009 5:14 PM 107744]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/9/2009 6:17 AM 49664]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [5/7/2009 9:35 PM 232872]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/1/2009 9:19 PM 39296]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/26/2011 12:15 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 6:58 PM 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/7/2009 8:19 PM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/26/2011 12:15 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3/16/2012 7:52 PM 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL89F3C30B
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:11]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 17:15]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 17:15]
.
2012-05-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.att.net
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94F99626-932D-4A15-BABB-29E8573D9E19}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A6F63B66-8527-467F-B716-D5841BDECB88}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\rwrpbgmv.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-AT&T Yahoo! Browser Configuration - c:\program files\SBC Yahoo!\Connection Manager\uninstATTConfig.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-26 08:41
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\guard32.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(760)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-05-26 08:45:25
ComboFix-quarantined-files.txt 2012-05-26 13:45
.
Pre-Run: 57,247,412,224 bytes free
Post-Run: 57,445,810,176 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 02483C7419BC0EE8D162453E75EB9FE4

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,268 posts

Posted 27 May 2012 - 06:52 AM

Open notepad and copy/paste the text in the quote box below into it:

Firefox::
FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\rwrpbgmv.default\
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=



Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 Troy1234

Troy1234

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 27 May 2012 - 09:48 AM

The Firefox home page seems OK, but the issue is that the mystart powered by blekko seems to come back periodically. Over time, if it doesn't come back, I will know for sure that the problem has been fixed. Hard to tell at this point...

Google chrome still starts with the mystart powered by blekko as the home page. Still need to correct this and get rid of this for good.

Also, will these fixes correct the speed on my comp/internet or is that a completely separate issue? Since I started that, comp/internet seems to be a bit better, but again hard to tell if fixed for good.

Updated combofix log is below:


ComboFix 12-05-27.01 - Troy 05/27/2012 9:28.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.569 [GMT -5:00]
Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Troy\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 14:18 . 2012-05-27 14:18 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E6DECFB-41FA-46FE-980D-1592E7B0279A}\offreg.dll
2012-05-27 14:13 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E6DECFB-41FA-46FE-980D-1592E7B0279A}\mpengine.dll
2012-05-26 21:05 . 2012-05-26 21:05 -------- d-----w- c:\documents and settings\Troy\Local Settings\Application Data\Sun
2012-05-26 14:03 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-26 13:52 . 2012-05-26 13:52 -------- d-----w- c:\program files\Common Files\Java
2012-05-26 13:51 . 2012-05-26 13:51 -------- d-----w- c:\program files\Oracle
2012-05-26 13:51 . 2012-05-26 13:51 -------- d-----w- c:\documents and settings\Troy\Application Data\Oracle
2012-05-26 13:51 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-17 13:11 . 2012-05-17 13:11 -------- d-----w- c:\documents and settings\Troy\Local Settings\Application Data\Comodo
2012-05-17 01:46 . 2012-05-17 01:46 -------- d-----w- c:\program files\blekkotb_soc
2012-05-16 19:44 . 2012-05-16 19:44 -------- d-----w- c:\documents and settings\Troy\Application Data\blekkotb_019
2012-05-15 13:21 . 2012-05-15 13:21 -------- d-----w- c:\documents and settings\Olivia\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn
2012-05-06 14:45 . 2012-05-17 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-05-05 13:39 . 2012-05-26 13:52 15748576 ----a-w- c:\program files\Mozilla Firefox\xul.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2009-04-29 10:54 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 23:47 . 2012-01-27 14:38 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 23:47 . 2011-03-20 22:06 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56 . 2012-01-27 14:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 00:11 . 2012-03-31 23:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 00:11 . 2012-03-31 23:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 01:44 . 2011-04-18 19:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2009-04-29 10:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2009-04-29 10:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2009-04-29 10:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2009-04-29 10:54 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2009-04-29 10:54 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-04-29 10:54 385024 ----a-w- c:\windows\system32\html.iec
2012-05-26 13:53 . 2012-05-05 13:40 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-26_13.41.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-26 13:59 . 2012-05-26 13:59 16384 c:\windows\Temp\Perflib_Perfdata_78c.dat
- 2009-04-29 10:54 . 2012-05-26 01:22 68528 c:\windows\system32\perfc009.dat
+ 2009-04-29 10:54 . 2012-05-26 14:04 68528 c:\windows\system32\perfc009.dat
- 2009-05-08 14:05 . 2012-05-26 01:20 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-08 14:05 . 2012-05-26 13:59 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-08 14:05 . 2012-05-26 13:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-08 14:05 . 2012-05-26 01:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-08 14:05 . 2012-05-26 13:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-08 14:05 . 2012-05-26 01:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-29 10:54 . 2012-05-26 14:04 433722 c:\windows\system32\perfh009.dat
- 2009-04-29 10:54 . 2012-05-26 01:22 433722 c:\windows\system32\perfh009.dat
+ 2012-05-26 13:51 . 2012-04-04 23:47 227720 c:\windows\system32\javaws.exe
+ 2012-05-26 13:51 . 2012-05-26 13:50 174024 c:\windows\system32\javaw.exe
+ 2012-05-26 13:51 . 2012-05-26 13:50 174024 c:\windows\system32\java.exe
+ 2012-05-26 13:52 . 2012-05-26 13:52 176128 c:\windows\Installer\2c6c1f5.msi
+ 2012-05-26 13:51 . 2012-05-26 13:51 457216 c:\windows\Installer\2c6c1e5.msi
+ 2012-05-26 13:50 . 2012-05-26 13:50 863744 c:\windows\Installer\2c6c1e1.msi
+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows\Installer\30774.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

#6 Troy1234

Troy1234

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 27 May 2012 - 09:50 AM

Oops - realized I did not post the whole log. Sorry. Entire Comboxif/CFScript log is below:



ComboFix 12-05-27.01 - Troy 05/27/2012 9:28.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.569 [GMT -5:00]
Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Troy\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 14:18 . 2012-05-27 14:18 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E6DECFB-41FA-46FE-980D-1592E7B0279A}\offreg.dll
2012-05-27 14:13 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E6DECFB-41FA-46FE-980D-1592E7B0279A}\mpengine.dll
2012-05-26 21:05 . 2012-05-26 21:05 -------- d-----w- c:\documents and settings\Troy\Local Settings\Application Data\Sun
2012-05-26 14:03 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-26 13:52 . 2012-05-26 13:52 -------- d-----w- c:\program files\Common Files\Java
2012-05-26 13:51 . 2012-05-26 13:51 -------- d-----w- c:\program files\Oracle
2012-05-26 13:51 . 2012-05-26 13:51 -------- d-----w- c:\documents and settings\Troy\Application Data\Oracle
2012-05-26 13:51 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-17 13:11 . 2012-05-17 13:11 -------- d-----w- c:\documents and settings\Troy\Local Settings\Application Data\Comodo
2012-05-17 01:46 . 2012-05-17 01:46 -------- d-----w- c:\program files\blekkotb_soc
2012-05-16 19:44 . 2012-05-16 19:44 -------- d-----w- c:\documents and settings\Troy\Application Data\blekkotb_019
2012-05-15 13:21 . 2012-05-15 13:21 -------- d-----w- c:\documents and settings\Olivia\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn
2012-05-06 14:45 . 2012-05-17 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-05-05 13:39 . 2012-05-26 13:52 15748576 ----a-w- c:\program files\Mozilla Firefox\xul.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2009-04-29 10:54 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 23:47 . 2012-01-27 14:38 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 23:47 . 2011-03-20 22:06 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56 . 2012-01-27 14:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 00:11 . 2012-03-31 23:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 00:11 . 2012-03-31 23:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 01:44 . 2011-04-18 19:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2009-04-29 10:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2009-04-29 10:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2009-04-29 10:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2009-04-29 10:54 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2009-04-29 10:54 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-04-29 10:54 385024 ----a-w- c:\windows\system32\html.iec
2012-05-26 13:53 . 2012-05-05 13:40 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-26_13.41.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-26 13:59 . 2012-05-26 13:59 16384 c:\windows\Temp\Perflib_Perfdata_78c.dat
- 2009-04-29 10:54 . 2012-05-26 01:22 68528 c:\windows\system32\perfc009.dat
+ 2009-04-29 10:54 . 2012-05-26 14:04 68528 c:\windows\system32\perfc009.dat
- 2009-05-08 14:05 . 2012-05-26 01:20 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-08 14:05 . 2012-05-26 13:59 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-08 14:05 . 2012-05-26 13:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-08 14:05 . 2012-05-26 01:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-08 14:05 . 2012-05-26 13:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-08 14:05 . 2012-05-26 01:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-29 10:54 . 2012-05-26 14:04 433722 c:\windows\system32\perfh009.dat
- 2009-04-29 10:54 . 2012-05-26 01:22 433722 c:\windows\system32\perfh009.dat
+ 2012-05-26 13:51 . 2012-04-04 23:47 227720 c:\windows\system32\javaws.exe
+ 2012-05-26 13:51 . 2012-05-26 13:50 174024 c:\windows\system32\javaw.exe
+ 2012-05-26 13:51 . 2012-05-26 13:50 174024 c:\windows\system32\java.exe
+ 2012-05-26 13:52 . 2012-05-26 13:52 176128 c:\windows\Installer\2c6c1f5.msi
+ 2012-05-26 13:51 . 2012-05-26 13:51 457216 c:\windows\Installer\2c6c1e5.msi
+ 2012-05-26 13:50 . 2012-05-26 13:50 863744 c:\windows\Installer\2c6c1e1.msi
+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows\Installer\30774.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-7 376832]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Premium Sound]
2009-04-22 22:14 3405048 ----a-w- c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/17/2012 10:00 PM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/19/2011 7:59 PM 31704]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO GeekBuddy\CLPSLS.exe [11/23/2011 5:27 AM 1052472]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [4/22/2009 5:14 PM 107744]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/9/2009 6:17 AM 49664]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [5/7/2009 9:35 PM 232872]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/1/2009 9:19 PM 39296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/26/2011 12:15 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 6:58 PM 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/7/2009 8:19 PM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/26/2011 12:15 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3/16/2012 7:52 PM 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:11]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 17:15]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 17:15]
.
2012-05-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.att.net
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94F99626-932D-4A15-BABB-29E8573D9E19}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A6F63B66-8527-467F-B716-D5841BDECB88}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\rwrpbgmv.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-27 09:38
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\guard32.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(532)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-05-27 09:42:55
ComboFix-quarantined-files.txt 2012-05-27 14:42
.
Pre-Run: 57,092,743,168 bytes free
Post-Run: 57,079,562,240 bytes free
.
- - End Of File - - D80D5E100B627AF1AC6C0BC288D39ECF

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,268 posts

Posted 28 May 2012 - 06:41 AM

Your log is clean.

Try this. Let me know if the start page still present.

Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 Troy1234

Troy1234

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 28 May 2012 - 08:49 AM

Did that, but google still starts with mystart powered by blekko. :think:

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,268 posts

Posted 29 May 2012 - 07:10 AM

This topic may help remove it. Make Google your default browser.

http://help.incredim...?article_id=325

Keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 Troy1234

Troy1234

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 29 May 2012 - 09:17 PM

That didn't exactly work...but there was another setting that I found under 'on startup' where i deleted my start powered by blekko and it is working ok now (I think).


Can you give me quick tips on how to make my comp faster? It has been running a bit slow of late. Or do I have to start another post?

Thanks!

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,268 posts

Posted 30 May 2012 - 07:01 AM

Try these suggestions from Microsoft.

Optimize your computer for peak performance
http://www.microsoft...e/optimize.mspx

Put your PC maintenance routine on autopilot
http://www.microsoft...aintenance.mspx

Restore Your Computer's Performance with Windows XP
http://www.microsoft...estoreperf.mspx

Maintenance tasks that improve performance
http://www.microsoft...mproveperf.mspx
====
You will need the Windows XP disk to execute this scan.
From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.
===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 Troy1234

Troy1234

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 30 May 2012 - 07:53 AM

Anything to help if I don't have the windows XP disc? I don;t think I have it anymore.

Thanks for the help (BTW) :D

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,268 posts

Posted 31 May 2012 - 06:42 AM

See what you can do with the Microsoft articles.

Make sure you have the latest updates from 3rd party co.

Secunia Personal Software Inspector (PSI)
http://secunia.com/v...nning/personal/
Secunia PSI is a security scanner which identifies programs that are insecure and need updates.
If interested in security I would download the tool and run it.
<<<>>>
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,268 posts

Posted 06 June 2012 - 07:52 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button