Hello drcurious
Me too the file does not appear in your DDS logs, nor was it removed by Combofix and as you mentioned it was not picked up by systemlook.I am perplexed.
How is the machine running in general? Are there any symptoms being displayed that are out of the ordinary? (Redirects, popups, error messages etc).
Lets continue with the following:
- Please work through the following steps
- Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").
- NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
- Copy and Paste the text in the quotebox below into the open Notepad window:
Firefox::
FF - ProfilePath - c:\documents and settings\Owner.A-1STORAGE\Application Data\Mozilla\Firefox\Profiles\ggz2ycl5.default\
FF - prefs.js: network.proxy.http_port - 61980
FF - prefs.js: network.proxy.type - 4
- Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
- Close any open browsers.
- Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Refering to the picture below, drag CFScript.txt into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
- Once the log is produced, re-engage your resident anti virus.
- Temporary File Cleaner
- Download TFC to your desktop.
- Close any open windows.
- Double click the TFC icon to run the program.
- TFC will close all open programs itself in order to run.
- Click the Start button to begin the process.
- Allow TFC to run uninterrupted.
- The program should not take long to finish.
- Once complete it should automatically reboot your machine.
- If your machine does not reboot automatically, manually reboot to ensure a complete clean.
- Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.
- MalwareBytes AntiMalware:
- I can see that you have MBAM installed.
- Double click on your MalwareBytes AntiMalware icon to launch the program.
- Click on the "Update" tab and then on "Check for Updates".
- The program will now install the latest Malware definition files.
- Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
- Once the program has scanned your computer, a log file will be created in Notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
- When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
- The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
- Come back here to this thread and Paste the log in your next reply.
Please post the Combofix log and the MBAM log in your next reply.