Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Browsers hijacked

(In Progress)
(!)

mainecoonlady's Avatar
mainecoonlady mainecoonlady is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Dec 2012
09-Dec-2012, 03:13 PM #1
Unhappy Browsers hijacked
Hello
Recently about 4 days ago I had downloaded a program that turned out to be infected by a virus that has taken over my browsers (mainly use Firefox) by redirecting them. I have tried so many things to get rid of it with no success. I bought a couple of virus scanners that haven't been able to fix this. I tried running different programs and still the virus is there
This has been so frustrating and I am hoping someone here will be able to help me remove this.

Thank you in advance for any help

Here are my logs:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+, x86 Family 15 Model 67 Stepping 3
Processor Count: 2
RAM: 3071 Mb
Graphics Card: NVIDIA GeForce 8400 GS, 512 Mb
Hard Drives: C: Total - 305234 MB, Free - 142052 MB; D: Total - 305242 MB, Free - 246203 MB;
Motherboard: ASUSTeK Computer INC., M3A76-CM
Antivirus: Bitdefender Antivirus, Updated: Yes, On-Demand Scanner: Enabled

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17114 BrowserJavaVersion: 1.6.0_34
Run by Jeanne at 11:05:34 on 2012-12-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2054 [GMT -5:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Disabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdcserv.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\GEEK SQUAD UPS\ppped.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Eazy-Ware\ezSched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\geek squad ups\pppeuser.exe"
uRun: [AnyDVD] d:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [EazyScheduler] c:\program files\eazy-ware\ezSched.exe
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe"
mRun: [Omnipage] d:\program files\scansoft\omnipagese\opware32.exe
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186161300957
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{99BD14E1-2041-427D-868B-5777FB1CCB40} : DHCPNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{B4CFECBF-4727-42D1-90E4-F30354EA41A0} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jeanne\application data\mozilla\firefox\profiles\xfim8qv7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://apype.com
FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserre cordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim. dll
FF - plugin: c:\documents and settings\jeanne\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\winzip courier\npwzwmc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: d:\program files\canon\zoombrowser ex\program\NPCIG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-12-6 622616]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2012-12-6 161312]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-7-14 28544]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-30 27496]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdcserv.exe [2009-2-22 99248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-9 399432]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-10-8 766400]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2012-12-6 55544]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-12-6 481464]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2012-12-6 116248]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-6 551808]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-30 1057024]
S0 8d0e9726e76f6b62;zigwomzodupd.exe;\SystemRoot\\SystemRoot\System32\Drivers\ 8d0e9726e76f6b62.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8d0e9726e76f6b62.sys [?]
S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
S1 dmmtvfqa;dmmtvfqa;\??\c:\windows\system32\drivers\dmmtvfqa.sys --> c:\windows\system32\drivers\dmmtvfqa.sys [?]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-9 676936]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-11-27 401920]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-12-6 66392]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-10-7 39048]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-9 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [2009-3-3 18432]
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [2009-3-3 26368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2012-12-6 59152]
.
=============== File Associations ===============
.
ShellExec: DVDXPlayer.exe: open=c:\program files\dvd x studios\dvd x player 4.1 standard\DVDXPlayer.exe" "%1
.
=============== Created Last 30 ================
.
2012-12-09 14:47:09 -------- d-----w- c:\documents and settings\jeanne\application data\Malwarebytes
2012-12-09 14:46:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-12-09 14:46:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-09 14:46:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-09 08:08:27 -------- d-----r- c:\program files\Skype
2012-12-08 21:12:01 -------- d-sha-r- C:\cmdcons
2012-12-08 20:57:52 98816 ----a-w- c:\windows\sed.exe
2012-12-08 20:57:52 256000 ----a-w- c:\windows\PEV.exe
2012-12-08 20:57:52 208896 ----a-w- c:\windows\MBR.exe
2012-12-08 20:34:03 -------- d-----w- C:\Program Files (x86)
2012-12-08 13:37:06 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-12-08 13:19:25 -------- d-----w- c:\program files\HitmanPro
2012-12-08 13:18:28 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-12-08 01:25:09 -------- d-----w- c:\documents and settings\all users\application data\Dumps
2012-12-08 01:09:41 -------- d-----w- c:\documents and settings\jeanne\application data\AVG2013
2012-12-08 01:04:39 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-12-08 00:55:29 -------- d-----w- c:\documents and settings\jeanne\local settings\application data\MFAData
2012-12-08 00:55:29 -------- d-----w- c:\documents and settings\jeanne\local settings\application data\Avg2013
2012-12-08 00:34:10 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2012-12-08 00:34:04 -------- d-----w- c:\program files\Security Task Manager
2012-12-08 00:30:24 -------- d-----w- c:\documents and settings\jeanne\application data\SpeedMaxPc
2012-12-08 00:30:15 -------- d-----w- c:\program files\common files\SpeedMaxPc
2012-12-08 00:30:14 -------- d-----w- c:\program files\SpeedMaxPc
2012-12-08 00:30:13 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2012-12-07 11:07:41 110080 ----a-r- c:\documents and settings\jeanne\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconF7A21AF7.exe
2012-12-07 11:07:41 110080 ----a-r- c:\documents and settings\jeanne\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconD7F16134.exe
2012-12-07 11:07:41 110080 ----a-r- c:\documents and settings\jeanne\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconCF33A0CE.exe
2012-12-07 11:07:38 -------- d-----w- C:\sh4ldr
2012-12-07 10:48:37 -------- d-----w- c:\documents and settings\jeanne\application data\SpeedyPC Software
2012-12-07 10:48:37 -------- d-----w- c:\documents and settings\jeanne\application data\DriverCure
2012-12-07 10:44:59 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-12-07 10:44:50 -------- d-----w- c:\program files\SpeedyPC Software
2012-12-07 10:44:50 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-12-07 00:52:38 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-12-07 00:22:25 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
2012-12-07 00:22:15 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-12-07 00:22:15 511328 ----a-w- c:\windows\capicom.dll
2012-12-07 00:22:15 116248 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2012-12-07 00:22:06 481464 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-12-07 00:22:05 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-12-07 00:16:25 -------- d-----w- c:\documents and settings\jeanne\application data\Bitdefender
2012-12-07 00:16:23 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
2012-12-07 00:15:18 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys
2012-12-07 00:15:16 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-12-07 00:06:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-06 10:19:34 -------- d-----w- c:\documents and settings\jeanne\application data\PC Cleaners
2012-12-06 10:19:27 -------- d-----w- c:\program files\PC Cleaners
2012-12-06 10:19:27 -------- d-----w- c:\documents and settings\jeanne\application data\PCPro
2012-12-06 10:19:27 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2012-12-06 00:48:10 14232 ----a-w- c:\windows\system32\sh4native.exe
2012-12-06 00:47:57 -------- d-----w- c:\program files\Enigma Software Group
2012-12-06 00:47:35 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-05 23:15:52 -------- d-----w- c:\program files\A Youtube Downloader Free
2012-12-05 22:43:21 -------- d-----w- c:\documents and settings\jeanne\local settings\application data\Lime PRO
.
==================== Find3M ====================
.
2012-12-06 10:19:15 4584760 ----a-w- c:\windows\uninst.exe
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 01:50:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 01:50:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-02 08:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 08:46:00 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-14 08:05:20 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2005-05-03 03:25:48 618093 ----a-w- c:\program files\TabIt-2.01-trial.exe
2004-12-03 19:32:00 3241317 ----a-w- c:\program files\GoldMinerSetup.exe
2003-08-16 18:45:38 2372368 ----a-w- c:\program files\PowerEncoder101.exe
2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll AnyDVD.sys atapi.sys pciide.sys PCIIDEX.SYS
c:\windows\system32\drivers\AnyDVD.sys SlySoft, Inc. AnyDVD
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x8AE28AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\0000008f[0x8AE2F9E8]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IdeDeviceP3T0L0-11[0x8AE2DD98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 11:05:46.93 ===============
mainecoonlady's Avatar
mainecoonlady mainecoonlady is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Dec 2012
09-Dec-2012, 03:16 PM #2
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:59 AM, on 12/9/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17114)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdcserv.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\GEEK SQUAD UPS\ppped.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Eazy-Ware\ezSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [EazyScheduler] C:\Program Files\Eazy-Ware\ezSched.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\GEEK SQUAD UPS\pppeuser.exe"
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186161300957
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: GEEK SQUAD POWER MANAGEMENT Service (ppped) - Unknown owner - C:\Program Files\GEEK SQUAD UPS\ppped.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
O23 - Service: Bitdefender Virus Shield (vsserv) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10768 bytes
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
09-Dec-2012, 03:25 PM #3
1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the Update completes, select Next



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:



11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:



12. Select "Yes" to close down the program. If NO infections were found you will see the following image:



13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown



Post those two logs in your reply.

Kevin
mainecoonlady's Avatar
mainecoonlady mainecoonlady is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Dec 2012
09-Dec-2012, 05:10 PM #4
Thank you for replying so quickly.
Here are the 2 logs

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.11

Java version: 1.6.0_34

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.812000 GHz
Memory total: 3220217856, free: 2255958016

------------ Kernel report ------------
12/09/2012 15:26:43
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\System32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
pavboot.sys
VolSnap.sys
atapi.sys
nvata.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
avc3.sys
gzflt.sys
trufos.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avgmfx86.sys
avglogx.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ha20x2k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\drivers\ctac32k.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\monfilt.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\rt2870.sys
\SystemRoot\system32\drivers\LUsbKbd.sys
\SystemRoot\System32\Drivers\Udfs.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\LHidKE.Sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\LMouKE.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\avckf.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\System32\Drivers\PCASp50.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\DRIVERS\ipfltdrv.sys
\??\C:\DOCUME~1\Jeanne\LOCALS~1\Temp\mbr.sys
\??\C:\DOCUME~1\Jeanne\LOCALS~1\Temp\kftcruod.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8896dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000b7\
Lower Device Object: 0xffffffff8896ace0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8ae27ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-19\
Lower Device Object: 0xffffffff8ae49d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ae28ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-11\
Lower Device Object: 0xffffffff8ae2dd98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2012.12.09.05
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae28ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae298f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae28ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae2f9e8, DeviceName: \Device\0000008f\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae2dd98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-11\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe27996a0, 0xffffffff8ae28ab8, 0xfffffffffb6a12c8
Lower DeviceData: 0xffffffffe617b420, 0xffffffff8ae2dd98, 0xffffffff862fc808
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7E487E48

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625121217
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320071851520 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625120335-625140335)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8ae27ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae26e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae27ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae4b9e8, DeviceName: \Device\00000090\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae49d98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-19\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe502c798, 0xffffffff8ae27ab8, 0xfffffffffb84d040
Lower DeviceData: 0xffffffffe1bdacf0, 0xffffffff8ae49d98, 0xffffffff861aaf18
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 21289F0A

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 625137282

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8896dab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff889858b0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8896dab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8896ace0, DeviceName: \Device\000000b7\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xffffffffe1edba10, 0xffffffff8896dab8, 0xffffffff87b9aab8
Lower DeviceData: 0xffffffffe1ee13f8, 0xffffffff8896ace0, 0xffffffff85fe1a68
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0x6)
Partition is NOT ACTIVE.
Partition starts at LBA: 129 Numsec = 3906879

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2017525248 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\instance.dat" is compressed (flags = 1)
Done!
Scan finished
=======================================


Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.09.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Jeanne :: JEANNE-MARIKOON [administrator]

12/9/2012 3:47:39 PM
mbar-log-2012-12-09 (15-47-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27923
Time elapsed: 20 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
09-Dec-2012, 05:16 PM #5
Those logs are clean, OK do the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

Combofix
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
mainecoonlady's Avatar
mainecoonlady mainecoonlady is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Dec 2012
09-Dec-2012, 07:13 PM #6
Bitdefender Internet Security 2013
I don't know how to shut down Bit Defender Internet Security 2013. I turned all the switches to off and yet the icon for it is still at the bottom right of my computer. I tried to run Combofix but it says Bitdefender still running
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
09-Dec-2012, 07:49 PM #7
These are the instructions given with the help function of Combofix:

BIT DEFENDER
  • Double click on the system icon for Bit Defender.
  • When the Bit Defender window appears, move mouse arrow to the left side and click >> Virus Shield.
  • Move mouse arrow to the black check by Virus Shield is enabled and click.
  • The black works will change to red, >> Virus Shield is disabled.
  • Move mouse arrow to the top right corner and click the down arrows.
  • Bit Defender is now inactive.
  • To enable Bit Defender, do the same steps except click to enable.

Does that help?
mainecoonlady's Avatar
mainecoonlady mainecoonlady is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Dec 2012
09-Dec-2012, 08:46 PM #8
Those directions don't work for the 2913 version, but I think I got it to shut off by switching everything to off. Here is the log file

ComboFix 12-12-07.01 - Jeanne 12/09/2012 18:31:48.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2389 [GMT -5:00]
Running from: c:\documents and settings\Jeanne\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jeanne\Application Data\inst.exe
C:\Thumbs.db
c:\windows\iun6002.exe
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
.
.
2012-12-09 20:26 . 2012-12-09 20:26 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-12-09 14:47 . 2012-12-09 14:47 -------- d-----w- c:\documents and settings\Jeanne\Application Data\Malwarebytes
2012-12-09 14:46 . 2012-12-09 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-12-09 14:46 . 2012-12-09 14:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-09 14:46 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-09 08:08 . 2012-12-09 08:08 -------- d-----w- c:\program files\Common Files\Skype
2012-12-09 08:08 . 2012-12-09 08:08 -------- d-----r- c:\program files\Skype
2012-12-08 20:34 . 2012-12-08 20:34 -------- d-----w- C:\Program Files (x86)
2012-12-08 13:37 . 2012-12-08 13:37 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-12-08 13:19 . 2012-12-08 13:19 -------- d-----w- c:\program files\HitmanPro
2012-12-08 13:18 . 2012-12-08 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-12-08 01:25 . 2012-12-08 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Dumps
2012-12-08 01:09 . 2012-12-08 01:09 -------- d-----w- c:\documents and settings\Jeanne\Application Data\AVG2013
2012-12-08 01:04 . 2012-12-09 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2012-12-08 01:03 . 2012-12-08 01:03 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013
2012-12-08 00:55 . 2012-12-08 00:55 -------- d-----w- c:\documents and settings\Jeanne\Local Settings\Application Data\MFAData
2012-12-08 00:55 . 2012-12-08 00:55 -------- d-----w- c:\documents and settings\Jeanne\Local Settings\Application Data\Avg2013
2012-12-08 00:34 . 2012-12-08 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-12-08 00:34 . 2012-12-08 00:34 -------- d-----w- c:\program files\Security Task Manager
2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\documents and settings\Jeanne\Application Data\SpeedMaxPc
2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\program files\Common Files\SpeedMaxPc
2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\program files\SpeedMaxPc
2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-12-07 11:07 . 2012-12-07 11:07 110080 ----a-r- c:\documents and settings\Jeanne\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe
2012-12-07 11:07 . 2012-12-07 11:07 110080 ----a-r- c:\documents and settings\Jeanne\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconD7F16134.exe
2012-12-07 11:07 . 2012-12-07 11:07 110080 ----a-r- c:\documents and settings\Jeanne\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe
2012-12-07 11:07 . 2012-12-07 11:08 -------- d-----w- C:\sh4ldr
2012-12-07 10:48 . 2012-12-07 10:48 -------- d-----w- c:\documents and settings\Jeanne\Application Data\SpeedyPC Software
2012-12-07 10:48 . 2012-12-07 10:48 -------- d-----w- c:\documents and settings\Jeanne\Application Data\DriverCure
2012-12-07 10:44 . 2012-12-07 10:44 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-12-07 10:44 . 2012-12-07 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-12-07 10:44 . 2012-12-07 10:44 -------- d-----w- c:\program files\SpeedyPC Software
2012-12-07 00:57 . 2012-12-07 00:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2012-12-07 00:52 . 2012-12-07 00:52 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-12-07 00:22 . 2012-12-07 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-12-07 00:22 . 2012-09-21 22:16 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-12-07 00:22 . 2012-07-06 19:13 116248 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2012-12-07 00:22 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
2012-12-07 00:22 . 2012-10-10 19:00 481464 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-12-07 00:22 . 2012-10-10 19:00 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-12-07 00:16 . 2012-12-07 00:16 -------- d-----w- c:\documents and settings\Jeanne\Application Data\Bitdefender
2012-12-07 00:16 . 2012-12-07 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2012-12-07 00:15 . 2012-08-29 22:24 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys
2012-12-07 00:15 . 2012-10-31 17:13 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-12-07 00:06 . 2012-12-07 00:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\Jeanne\Application Data\PC Cleaners
2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\Jeanne\Application Data\PCPro
2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\program files\PC Cleaners
2012-12-06 00:48 . 2010-05-13 23:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2012-12-06 00:47 . 2012-12-06 00:47 -------- d-----w- c:\program files\Enigma Software Group
2012-12-06 00:47 . 2012-12-07 11:07 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-05 23:15 . 2012-12-06 23:23 -------- d-----w- c:\program files\A Youtube Downloader Free
2012-12-05 22:43 . 2012-12-05 22:43 -------- d-----w- c:\documents and settings\Jeanne\Local Settings\Application Data\Lime PRO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 10:19 . 2007-08-04 20:15 4584760 ----a-w- c:\windows\uninst.exe
2012-10-22 08:37 . 2002-08-29 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 01:50 . 2012-08-27 21:49 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 01:50 . 2011-06-06 16:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-05 08:32 . 2012-10-05 08:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 18:04 . 2002-08-29 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-02 08:30 . 2012-10-02 08:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 08:46 . 2012-09-21 08:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-14 08:05 . 2012-09-14 08:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2005-05-03 03:25 . 2007-08-06 16:33 618093 ----a-w- c:\program files\TabIt-2.01-trial.exe
2004-12-03 19:32 . 2007-08-06 16:33 3241317 ----a-w- c:\program files\GoldMinerSetup.exe
2003-08-16 18:45 . 2007-08-06 16:33 2372368 ----a-w- c:\program files\PowerEncoder101.exe
2012-12-03 00:44 . 2012-12-03 00:44 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PowerPanel Personal Edition User Interaction"="c:\program files\GEEK SQUAD UPS\pppeuser.exe" [2007-03-10 270336]
"AnyDVD"="d:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-12-28 3214272]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTHelper"="CTHELPER.EXE" [2006-05-24 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]
"EazyScheduler"="c:\program files\Eazy-Ware\ezSched.exe" [2007-02-08 430408]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 28160]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 20480]
"Omnipage"="d:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-11-27 1613368]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2012-10-09 6286784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-30 766536]
"Z1"="c:\documents and settings\Jeanne\Desktop\zip\mbar\mbar.exe" [2012-12-09 1342312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2007-12-14 6922240]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hitman Pro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hitman Pro37CrusaderBoot]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
"c:\\Program Files\\Serif\\WebPlus Essentials\\1.0\\Program\\WebPlus Essentials.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcwbgw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [12/6/2012 7:22 PM 622616]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [12/6/2012 7:15 PM 161312]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/14/2009 2:47 PM 28544]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/30/2012 5:24 AM 27496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdcserv.exe [2/22/2009 4:16 PM 99248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/9/2012 9:46 AM 399432]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2013\updatesrv.exe [12/6/2012 7:22 PM 55544]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\BitDefender\Bitdefender Firewall\bdfndisf.sys [12/6/2012 7:22 PM 116248]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 4:57 PM 13904]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/9/2012 3:26 PM 35144]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/4/2007 5:52 PM 47360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/30/2009 12:08 AM 1057024]
S0 8d0e9726e76f6b62;zigwomzodupd.exe;\SystemRoot\\SystemRoot\System32\Drivers\ 8d0e9726e76f6b62.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8d0e9726e76f6b62.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]
S1 dmmtvfqa;dmmtvfqa;\??\c:\windows\system32\drivers\dmmtvfqa.sys --> c:\windows\system32\drivers\dmmtvfqa.sys [?]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/9/2012 9:46 AM 676936]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 2:40 AM 118784]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [10/8/2012 7:21 PM 766400]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [11/27/2010 9:07 AM 401920]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [12/6/2012 7:22 PM 481464]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [12/6/2012 7:22 PM 66392]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [6/22/2012 12:01 PM 19984]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [10/7/2007 2:51 PM 39048]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/9/2012 9:46 AM 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [3/3/2009 4:31 PM 18432]
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [3/3/2009 4:31 PM 26368]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\BitDefender\Bitdefender 2013\bdparentalservice.exe [12/6/2012 7:22 PM 59152]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPFILTERDRIVER
*NewlyCreated* - KFTCRUOD
*NewlyCreated* - MBAMCHAMELEON
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSCHEDULER
*NewlyCreated* - MBAMSERVICE
*Deregistered* - kftcruod
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 01:50]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-152049171-839522115-1004Core.job
- c:\documents and settings\Jeanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-08 21:14]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-152049171-839522115-1004UA.job
- c:\documents and settings\Jeanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-08 21:14]
.
2012-12-09 c:\windows\Tasks\pc-dis-upd.job
- c:\program files\PC Cleaners\PCCleaners.exe [2012-12-06 10:19]
.
2012-12-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-152049171-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-152049171-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-12-09 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2012-06-26 21:32]
.
2012-12-07 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-11-26 18:02]
.
2012-12-09 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-11-26 18:02]
.
2012-12-09 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-11-26 18:02]
.
2012-12-08 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-11-26 18:02]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jeanne\Application Data\Mozilla\Firefox\Profiles\xfim8qv7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://apype.com
FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Power_Encoder_1.0 - c:\windows\iun6002.exe
AddRemove-Replay_AV_807 - c:\windows\iun6002.exe
AddRemove-Replay_Converter_1 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-09 18:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\( * |]
"DisplayName"="??"
"DeviceDesc"="??"
"ProviderName"="?\11???\11\08"
"MFG"="?\08???"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\drivers\\chipset\\xp\\smbus\\smbusati.inf\00 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-12-09 18:46:34
ComboFix-quarantined-files.txt 2012-12-09 23:46
ComboFix2.txt 2012-12-08 21:24
.
Pre-Run: 148,843,196,416 bytes free
Post-Run: 148,922,634,240 bytes free
.
- - End Of File - - 336049399A79FE57968A861221DBE96D
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
10-Dec-2012, 04:11 AM #9
There appears to be several security program remnants still running on your system, these may very well conflict with your resident protection BitDefender. OK do the following:

Select the Windows Key and R key together, in the Run box copy paste %userprofile%\desktop\mbar\mbar.exe /r hit enter...

Next,

Go here http://www.avg.com/us-en/utilities Use the AVG clean up tool to remove all remnants of AVG

Next,

UNinstall the following:

SpyHunter Security Suite
HitmanPro


Re-boot your PC.....

Next,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
ClearJavaCache::
File::
c:\windows\system32\drivers\pavboot.sys
c:\windows\system32\drivers\dmmtvfqa.sys
c:\windows\system32\drivers\sbapifs.sys 
c:\windows\system32\drivers\sbaphd.sys
Driver::
pavboot
sbaphd
sbapifs
DirLook::
c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program
copy and paste the report here

Next,

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Post the logs from Combofix, Eset and Security Check in your reply...

Kevin..
mainecoonlady's Avatar
mainecoonlady mainecoonlady is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Dec 2012
10-Dec-2012, 06:54 AM #10
I'm sorry Kevin, my keyboard doesn't seem to have a Windows key. It has a bunch of other ones, but nothing that says Windows or the logo. My F2 key does have a picture of the letter "W" in a square, but don't think that's it.
Can I just open run on the start menu?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
10-Dec-2012, 02:38 PM #11
Yes of course, just open "Run" anyway that suites you....
mainecoonlady's Avatar
mainecoonlady mainecoonlady is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Dec 2012
10-Dec-2012, 05:21 PM #12
Hello,

I'm home from work now...
when I tried: Select the Windows Key and R key together, in the Run box copy paste %userprofile%\desktop\mbar\mbar.exe /r hit enter...

I get an error message saying: cannot find C:\documents
My file is called C:\documents and settings

I don't know where to find the (script)??? that is telling it C:\documents so I can add 'and settings" to it.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
10-Dec-2012, 05:45 PM #13
Just leave the first step, don`t bother running the script %userprofile%\desktop\mbar\mbar.exe /r continue with the rest...
mainecoonlady's Avatar
mainecoonlady mainecoonlady is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Dec 2012
10-Dec-2012, 06:41 PM #14
here is the Combo fix log. I had all the virus scanners shut down prior to running this, but after reboot some of them came back on, so not sure if this log is ok or not? I can do it again if necessary.


ComboFix 12-12-10.01 - Jeanne 12/10/2012 17:12:54.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2447 [GMT -5:00]
Running from: c:\documents and settings\Jeanne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeanne\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
FILE ::
"c:\windows\system32\drivers\dmmtvfqa.sys"
"c:\windows\system32\drivers\pavboot.sys"
"c:\windows\system32\drivers\sbaphd.sys"
"c:\windows\system32\drivers\sbapifs.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PAVBOOT
-------\Service_pavboot
-------\Service_sbaphd
-------\Service_sbapifs
.
.
((((((((((((((((((((((((( Files Created from 2012-11-10 to 2012-12-10 )))))))))))))))))))))))))))))))
.
.
2012-12-09 20:26 . 2012-12-09 20:26 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-12-09 14:47 . 2012-12-09 14:47 -------- d-----w- c:\documents and settings\Jeanne\Application Data\Malwarebytes
2012-12-09 14:46 . 2012-12-09 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-12-09 14:46 . 2012-12-09 14:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-09 14:46 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-09 08:08 . 2012-12-09 08:08 -------- d-----w- c:\program files\Common Files\Skype
2012-12-09 08:08 . 2012-12-09 08:08 -------- d-----r- c:\program files\Skype
2012-12-08 20:34 . 2012-12-08 20:34 -------- d-----w- C:\Program Files (x86)
2012-12-08 13:37 . 2012-12-08 13:37 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-12-08 13:18 . 2012-12-08 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-12-08 01:25 . 2012-12-08 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Dumps
2012-12-08 00:34 . 2012-12-08 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-12-08 00:34 . 2012-12-08 00:34 -------- d-----w- c:\program files\Security Task Manager
2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\documents and settings\Jeanne\Application Data\SpeedMaxPc
2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\program files\Common Files\SpeedMaxPc
2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\program files\SpeedMaxPc
2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-12-07 10:48 . 2012-12-07 10:48 -------- d-----w- c:\documents and settings\Jeanne\Application Data\SpeedyPC Software
2012-12-07 10:48 . 2012-12-07 10:48 -------- d-----w- c:\documents and settings\Jeanne\Application Data\DriverCure
2012-12-07 10:44 . 2012-12-07 10:44 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-12-07 10:44 . 2012-12-07 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-12-07 10:44 . 2012-12-07 10:44 -------- d-----w- c:\program files\SpeedyPC Software
2012-12-07 00:57 . 2012-12-07 00:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2012-12-07 00:52 . 2012-12-07 00:52 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-12-07 00:22 . 2012-12-07 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-12-07 00:22 . 2012-09-21 22:16 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-12-07 00:22 . 2012-07-06 19:13 116248 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2012-12-07 00:22 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
2012-12-07 00:22 . 2012-10-10 19:00 481464 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-12-07 00:22 . 2012-10-10 19:00 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-12-07 00:16 . 2012-12-07 00:16 -------- d-----w- c:\documents and settings\Jeanne\Application Data\Bitdefender
2012-12-07 00:16 . 2012-12-07 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2012-12-07 00:15 . 2012-08-29 22:24 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys
2012-12-07 00:15 . 2012-10-31 17:13 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-12-07 00:06 . 2012-12-07 00:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\Jeanne\Application Data\PC Cleaners
2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\Jeanne\Application Data\PCPro
2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\program files\PC Cleaners
2012-12-06 00:48 . 2010-05-13 23:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2012-12-06 00:47 . 2012-12-06 00:47 -------- d-----w- c:\program files\Enigma Software Group
2012-12-06 00:47 . 2012-12-10 22:04 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-05 23:15 . 2012-12-06 23:23 -------- d-----w- c:\program files\A Youtube Downloader Free
2012-12-05 22:43 . 2012-12-05 22:43 -------- d-----w- c:\documents and settings\Jeanne\Local Settings\Application Data\Lime PRO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 10:19 . 2007-08-04 20:15 4584760 ----a-w- c:\windows\uninst.exe
2012-10-22 08:37 . 2002-08-29 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 01:50 . 2012-08-27 21:49 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 01:50 . 2011-06-06 16:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2002-08-29 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2005-05-03 03:25 . 2007-08-06 16:33 618093 ----a-w- c:\program files\TabIt-2.01-trial.exe
2004-12-03 19:32 . 2007-08-06 16:33 3241317 ----a-w- c:\program files\GoldMinerSetup.exe
2003-08-16 18:45 . 2007-08-06 16:33 2372368 ----a-w- c:\program files\PowerEncoder101.exe
2012-12-03 00:44 . 2012-12-03 00:44 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP ----
.
2012-12-10 22:04 . 2012-12-10 22:04 7685 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseData.ini
2012-12-10 22:04 . 2012-12-10 22:04 176545 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla17.dll
2012-12-10 22:04 . 2012-12-10 22:04 179687 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla.dll
2012-12-10 22:04 . 2012-12-10 22:04 175992 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla20.dll
2012-12-10 22:04 . 2012-12-10 22:04 176035 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla19.dll
2012-12-10 22:04 . 2012-12-10 22:04 179687 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla18.exe
2012-12-10 22:04 . 2012-12-10 22:04 176035 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla2.dll
2012-12-10 22:04 . 2012-12-10 22:04 27499 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCall.dll
2012-12-10 22:04 . 2012-12-10 22:04 180877 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla21.dll
2012-12-06 00:47 . 2012-12-06 00:47 180877 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla21.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PowerPanel Personal Edition User Interaction"="c:\program files\GEEK SQUAD UPS\pppeuser.exe" [2007-03-10 270336]
"AnyDVD"="d:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-12-28 3214272]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTHelper"="CTHELPER.EXE" [2006-05-24 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]
"EazyScheduler"="c:\program files\Eazy-Ware\ezSched.exe" [2007-02-08 430408]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 28160]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 20480]
"Omnipage"="d:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-11-27 1613368]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2007-12-14 6922240]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
"c:\\Program Files\\Serif\\WebPlus Essentials\\1.0\\Program\\WebPlus Essentials.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcwbgw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [12/6/2012 7:22 PM 622616]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [12/6/2012 7:15 PM 161312]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/30/2012 5:24 AM 27496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdcserv.exe [2/22/2009 4:16 PM 99248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/9/2012 9:46 AM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/9/2012 9:46 AM 676936]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 2:40 AM 118784]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2013\updatesrv.exe [12/6/2012 7:22 PM 55544]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\BitDefender\Bitdefender Firewall\bdfndisf.sys [12/6/2012 7:22 PM 116248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/9/2012 9:46 AM 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/4/2007 5:52 PM 47360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/30/2009 12:08 AM 1057024]
S0 8d0e9726e76f6b62;zigwomzodupd.exe;\SystemRoot\\SystemRoot\System32\Drivers\ 8d0e9726e76f6b62.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8d0e9726e76f6b62.sys [?]
S1 dmmtvfqa;dmmtvfqa;\??\c:\windows\system32\drivers\dmmtvfqa.sys --> c:\windows\system32\drivers\dmmtvfqa.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [11/27/2010 9:07 AM 401920]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [12/6/2012 7:22 PM 481464]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [12/6/2012 7:22 PM 66392]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [10/7/2007 2:51 PM 39048]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/9/2012 3:26 PM 35144]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [3/3/2009 4:31 PM 18432]
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [3/3/2009 4:31 PM 26368]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\BitDefender\Bitdefender 2013\bdparentalservice.exe [12/6/2012 7:22 PM 59152]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 01:50]
.
2012-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-152049171-839522115-1004Core.job
- c:\documents and settings\Jeanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-08 21:14]
.
2012-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-152049171-839522115-1004UA.job
- c:\documents and settings\Jeanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-08 21:14]
.
2012-12-10 c:\windows\Tasks\pc-dis-upd.job
- c:\program files\PC Cleaners\PCCleaners.exe [2012-12-06 10:19]
.
2012-12-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-152049171-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-152049171-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-12-09 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2012-06-26 21:32]
.
2012-12-07 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-11-26 18:02]
.
2012-12-09 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-11-26 18:02]
.
2012-12-10 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-11-26 18:02]
.
2012-12-08 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-11-26 18:02]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jeanne\Application Data\Mozilla\Firefox\Profiles\xfim8qv7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://apype.com
FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-10 17:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\( * ‘|]
"DisplayName"="??"
"DeviceDesc"="??"
"ProviderName"="?\11???\11\08"
"MFG"="?\08???"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\drivers\\chipset\\xp\\smbus\\smbusati.inf\00 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(6648)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
d:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
d:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender 2013\vsserv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdccoms.exe
c:\program files\GEEK SQUAD UPS\ppped.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\PSIService.exe
c:\progra~1\Dantz\RETROS~1\retrorun.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\CTHELPER.EXE
c:\windows\system32\CTXFIHLP.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
.
**************************************************************************
.
Completion time: 2012-12-10 17:33:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-10 22:33
ComboFix2.txt 2012-12-09 23:46
ComboFix3.txt 2012-12-08 21:24
.
Pre-Run: 149,037,928,448 bytes free
Post-Run: 148,923,469,824 bytes free
.
- - End Of File - - 21B6BC9FEB24B5A996A1183ED6D41E86
mainecoonlady's Avatar
mainecoonlady mainecoonlady is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Dec 2012
10-Dec-2012, 08:20 PM #15
Eset Scan log:

C:\Program Files\PC Cleaners\PCCleaners.exe a variant of Win32/PCCleaners application
C:\System Volume Information\_restore{17DBA894-65F8-42BE-B6B8-9C6E4E3185A0}\RP1880\A0143739.dll Win32/Adware.Agent.NJV application
D:\Downloads\avastfreeantivirus.exe a variant of Win32/OpenInstall application
D:\Downloads\musicrockstar.exe a variant of Win32/InstallIQ application
D:\Downloads\winzip155.exe a variant of Win32/OpenInstall application
D:\Downloads\wzcourier35(2).exe Win32/OpenCandy application
D:\Downloads\wzcourier35.exe Win32/OpenCandy application
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑