1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browsers hijacked

Discussion in 'Virus & Other Malware Removal' started by mainecoonlady, Dec 9, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. mainecoonlady

    mainecoonlady Thread Starter

    Joined:
    Dec 9, 2012
    Messages:
    39
    Hello
    Recently about 4 days ago I had downloaded a program that turned out to be infected by a virus that has taken over my browsers (mainly use Firefox) by redirecting them. I have tried so many things to get rid of it with no success. I bought a couple of virus scanners that haven't been able to fix this. I tried running different programs and still the virus is there :(
    This has been so frustrating and I am hoping someone here will be able to help me remove this.

    Thank you in advance for any help

    Here are my logs:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+, x86 Family 15 Model 67 Stepping 3
    Processor Count: 2
    RAM: 3071 Mb
    Graphics Card: NVIDIA GeForce 8400 GS, 512 Mb
    Hard Drives: C: Total - 305234 MB, Free - 142052 MB; D: Total - 305242 MB, Free - 246203 MB;
    Motherboard: ASUSTeK Computer INC., M3A76-CM
    Antivirus: Bitdefender Antivirus, Updated: Yes, On-Demand Scanner: Enabled

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.17114 BrowserJavaVersion: 1.6.0_34
    Run by Jeanne at 11:05:34 on 2012-12-09
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2054 [GMT -5:00]
    .
    AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *Disabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdcserv.exe
    C:\WINDOWS\system32\lxdccoms.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\GEEK SQUAD UPS\ppped.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Eazy-Ware\ezSched.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
    D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\geek squad ups\pppeuser.exe"
    uRun: [AnyDVD] d:\program files\slysoft\anydvd\AnyDVDtray.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [EazyScheduler] c:\program files\eazy-ware\ezSched.exe
    mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
    mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe"
    mRun: [Omnipage] d:\program files\scansoft\omnipagese\opware32.exe
    mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
    mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe
    mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186161300957
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{99BD14E1-2041-427D-868B-5777FB1CCB40} : DHCPNameServer = 68.87.71.230 68.87.73.246
    TCP: Interfaces\{B4CFECBF-4727-42D1-90E4-F30354EA41A0} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\jeanne\application data\mozilla\firefox\profiles\xfim8qv7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
    FF - prefs.js: browser.search.selectedEngine - Custom search
    FF - prefs.js: browser.startup.homepage - hxxp://apype.com
    FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\jeanne\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\winzip courier\npwzwmc.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: d:\program files\canon\zoombrowser ex\program\NPCIG.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-12-6 622616]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2012-12-6 161312]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-7-14 28544]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-30 27496]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
    R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
    R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2009-2-22 99248]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-9 399432]
    R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-10-8 766400]
    R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2012-12-6 55544]
    R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-12-6 481464]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2012-12-6 116248]
    R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
    R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-6 551808]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-30 1057024]
    S0 8d0e9726e76f6b62;zigwomzodupd.exe;\SystemRoot\\SystemRoot\System32\Drivers\8d0e9726e76f6b62.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8d0e9726e76f6b62.sys [?]
    S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    S1 dmmtvfqa;dmmtvfqa;\??\c:\windows\system32\drivers\dmmtvfqa.sys --> c:\windows\system32\drivers\dmmtvfqa.sys [?]
    S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-9 676936]
    S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-11-27 401920]
    S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-12-6 66392]
    S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-10-7 39048]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-9 22856]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
    S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [2009-3-3 18432]
    S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [2009-3-3 26368]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2012-12-6 59152]
    .
    =============== File Associations ===============
    .
    ShellExec: DVDXPlayer.exe: open=c:\program files\dvd x studios\dvd x player 4.1 standard\DVDXPlayer.exe" "%1
    .
    =============== Created Last 30 ================
    .
    2012-12-09 14:47:09 -------- d-----w- c:\documents and settings\jeanne\application data\Malwarebytes
    2012-12-09 14:46:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-12-09 14:46:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-09 14:46:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-12-09 08:08:27 -------- d-----r- c:\program files\Skype
    2012-12-08 21:12:01 -------- d-sha-r- C:\cmdcons
    2012-12-08 20:57:52 98816 ----a-w- c:\windows\sed.exe
    2012-12-08 20:57:52 256000 ----a-w- c:\windows\PEV.exe
    2012-12-08 20:57:52 208896 ----a-w- c:\windows\MBR.exe
    2012-12-08 20:34:03 -------- d-----w- C:\Program Files (x86)
    2012-12-08 13:37:06 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2012-12-08 13:19:25 -------- d-----w- c:\program files\HitmanPro
    2012-12-08 13:18:28 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
    2012-12-08 01:25:09 -------- d-----w- c:\documents and settings\all users\application data\Dumps
    2012-12-08 01:09:41 -------- d-----w- c:\documents and settings\jeanne\application data\AVG2013
    2012-12-08 01:04:39 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
    2012-12-08 00:55:29 -------- d-----w- c:\documents and settings\jeanne\local settings\application data\MFAData
    2012-12-08 00:55:29 -------- d-----w- c:\documents and settings\jeanne\local settings\application data\Avg2013
    2012-12-08 00:34:10 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
    2012-12-08 00:34:04 -------- d-----w- c:\program files\Security Task Manager
    2012-12-08 00:30:24 -------- d-----w- c:\documents and settings\jeanne\application data\SpeedMaxPc
    2012-12-08 00:30:15 -------- d-----w- c:\program files\common files\SpeedMaxPc
    2012-12-08 00:30:14 -------- d-----w- c:\program files\SpeedMaxPc
    2012-12-08 00:30:13 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
    2012-12-07 11:07:41 110080 ----a-r- c:\documents and settings\jeanne\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconF7A21AF7.exe
    2012-12-07 11:07:41 110080 ----a-r- c:\documents and settings\jeanne\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconD7F16134.exe
    2012-12-07 11:07:41 110080 ----a-r- c:\documents and settings\jeanne\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconCF33A0CE.exe
    2012-12-07 11:07:38 -------- d-----w- C:\sh4ldr
    2012-12-07 10:48:37 -------- d-----w- c:\documents and settings\jeanne\application data\SpeedyPC Software
    2012-12-07 10:48:37 -------- d-----w- c:\documents and settings\jeanne\application data\DriverCure
    2012-12-07 10:44:59 -------- d-----w- c:\program files\common files\SpeedyPC Software
    2012-12-07 10:44:50 -------- d-----w- c:\program files\SpeedyPC Software
    2012-12-07 10:44:50 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
    2012-12-07 00:52:38 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
    2012-12-07 00:22:25 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
    2012-12-07 00:22:15 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2012-12-07 00:22:15 511328 ----a-w- c:\windows\capicom.dll
    2012-12-07 00:22:15 116248 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
    2012-12-07 00:22:06 481464 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-12-07 00:22:05 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-12-07 00:16:25 -------- d-----w- c:\documents and settings\jeanne\application data\Bitdefender
    2012-12-07 00:16:23 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
    2012-12-07 00:15:18 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys
    2012-12-07 00:15:16 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
    2012-12-07 00:06:54 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-06 10:19:34 -------- d-----w- c:\documents and settings\jeanne\application data\PC Cleaners
    2012-12-06 10:19:27 -------- d-----w- c:\program files\PC Cleaners
    2012-12-06 10:19:27 -------- d-----w- c:\documents and settings\jeanne\application data\PCPro
    2012-12-06 10:19:27 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
    2012-12-06 00:48:10 14232 ----a-w- c:\windows\system32\sh4native.exe
    2012-12-06 00:47:57 -------- d-----w- c:\program files\Enigma Software Group
    2012-12-06 00:47:35 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
    2012-12-05 23:15:52 -------- d-----w- c:\program files\A Youtube Downloader Free
    2012-12-05 22:43:21 -------- d-----w- c:\documents and settings\jeanne\local settings\application data\Lime PRO
    .
    ==================== Find3M ====================
    .
    2012-12-06 10:19:15 4584760 ----a-w- c:\windows\uninst.exe
    2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-09 01:50:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-09 01:50:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-10-02 08:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-09-21 08:46:00 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2012-09-14 08:05:20 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2005-05-03 03:25:48 618093 ----a-w- c:\program files\TabIt-2.01-trial.exe
    2004-12-03 19:32:00 3241317 ----a-w- c:\program files\GoldMinerSetup.exe
    2003-08-16 18:45:38 2372368 ----a-w- c:\program files\PowerEncoder101.exe
    2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll AnyDVD.sys atapi.sys pciide.sys PCIIDEX.SYS
    c:\windows\system32\drivers\AnyDVD.sys SlySoft, Inc. AnyDVD
    1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x8AE28AB8]
    3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\0000008f[0x8AE2F9E8]
    5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IdeDeviceP3T0L0-11[0x8AE2DD98]
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    user != kernel MBR !!!
    .
    ============= FINISH: 11:05:46.93 ===============
     
  2. mainecoonlady

    mainecoonlady Thread Starter

    Joined:
    Dec 9, 2012
    Messages:
    39
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:58:59 AM, on 12/9/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17114)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdcserv.exe
    C:\WINDOWS\system32\lxdccoms.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\GEEK SQUAD UPS\ppped.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Eazy-Ware\ezSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
    D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    D:\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [EazyScheduler] C:\Program Files\Eazy-Ware\ezSched.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
    O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
    O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\GEEK SQUAD UPS\pppeuser.exe"
    O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1186161300957
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
    O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: GEEK SQUAD POWER MANAGEMENT Service (ppped) - Unknown owner - C:\Program Files\GEEK SQUAD UPS\ppped.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
    O23 - Service: Bitdefender Virus Shield (vsserv) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 10768 bytes
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
    2. Unzip the File to a convenient location. (Recommend the Desktop)
    3. Open the folder where the contents were unzipped to run mbar.exe

    [​IMG]

    4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    [​IMG]

    5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

    6. The following image opens, select Next.

    [​IMG]

    7. The following image opens, select Update

    [​IMG]

    8. When the Update completes, select Next

    [​IMG]

    9. In the following window ensure "Targets" are ticked. Then select "Scan"

    [​IMG]

    10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

    [​IMG]

    11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

    [​IMG]

    12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

    [​IMG]

    13. Select "Exit" to close down.
    14. Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    [​IMG]

    Post those two logs in your reply.

    Kevin
     
  4. mainecoonlady

    mainecoonlady Thread Starter

    Joined:
    Dec 9, 2012
    Messages:
    39
    Thank you for replying so quickly.
    Here are the 2 logs

    [FONT=&quot][/FONT]---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 7.0.5730.11

    Java version: 1.6.0_34

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.812000 GHz
    Memory total: 3220217856, free: 2255958016

    ------------ Kernel report ------------
    12/09/2012 15:26:43
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\System32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\System32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\System32\DRIVERS\BATTC.SYS
    pciide.sys
    \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    PartMgr.sys
    pavboot.sys
    VolSnap.sys
    atapi.sys
    nvata.sys
    disk.sys
    \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    avc3.sys
    gzflt.sys
    trufos.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    avgrkx86.sys
    avgmfx86.sys
    avglogx.sys
    \SystemRoot\system32\DRIVERS\AmdK8.sys
    \SystemRoot\system32\DRIVERS\nv4_mini.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\AnyDVD.sys
    \SystemRoot\System32\DRIVERS\cdrom.sys
    \SystemRoot\System32\DRIVERS\redbook.sys
    \SystemRoot\System32\DRIVERS\ks.sys
    \SystemRoot\System32\DRIVERS\usbohci.sys
    \SystemRoot\System32\DRIVERS\USBPORT.SYS
    \SystemRoot\System32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\System32\DRIVERS\fdc.sys
    \SystemRoot\System32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\System32\DRIVERS\serial.sys
    \SystemRoot\System32\DRIVERS\serenum.sys
    \SystemRoot\system32\drivers\ctaud2k.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ctoss2k.sys
    \SystemRoot\system32\drivers\ctprxy2k.sys
    \SystemRoot\System32\DRIVERS\wmiacpi.sys
    \SystemRoot\System32\DRIVERS\audstub.sys
    \SystemRoot\System32\DRIVERS\rasl2tp.sys
    \SystemRoot\System32\DRIVERS\ndistapi.sys
    \SystemRoot\System32\DRIVERS\ndiswan.sys
    \SystemRoot\System32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\DRIVERS\raspptp.sys
    \SystemRoot\System32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\psched.sys
    \SystemRoot\System32\DRIVERS\msgpc.sys
    \SystemRoot\System32\DRIVERS\ptilink.sys
    \SystemRoot\System32\DRIVERS\raspti.sys
    \SystemRoot\System32\Drivers\pcouffin.sys
    \SystemRoot\System32\DRIVERS\termdd.sys
    \SystemRoot\System32\DRIVERS\kbdclass.sys
    \SystemRoot\System32\DRIVERS\mouclass.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\System32\DRIVERS\swenum.sys
    \SystemRoot\System32\DRIVERS\update.sys
    \SystemRoot\System32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\DRIVERS\usbhub.sys
    \SystemRoot\System32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\ha20x2k.sys
    \SystemRoot\system32\drivers\emupia2k.sys
    \SystemRoot\system32\drivers\ctsfm2k.sys
    \SystemRoot\system32\drivers\ctac32k.sys
    \SystemRoot\system32\drivers\viahduaa.sys
    \SystemRoot\system32\drivers\monfilt.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\System32\DRIVERS\tcpip.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
    \SystemRoot\System32\DRIVERS\wanarp.sys
    \SystemRoot\System32\DRIVERS\ipnat.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbios.sys
    \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    \SystemRoot\System32\DRIVERS\rdbss.sys
    \SystemRoot\System32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\system32\DRIVERS\rt2870.sys
    \SystemRoot\system32\drivers\LUsbKbd.sys
    \SystemRoot\System32\Drivers\Udfs.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\LHidKE.Sys
    \SystemRoot\System32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\LMouKE.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\nv4_disp.dll
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\AegisP.sys
    \SystemRoot\System32\Drivers\PCASp50.sys
    \SystemRoot\System32\DRIVERS\ndisuio.sys
    \SystemRoot\System32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\System32\DRIVERS\ipfltdrv.sys
    \??\C:\DOCUME~1\Jeanne\LOCALS~1\Temp\mbr.sys
    \??\C:\DOCUME~1\Jeanne\LOCALS~1\Temp\kftcruod.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR4
    Upper Device Object: 0xffffffff8896dab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000b7\
    Lower Device Object: 0xffffffff8896ace0
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    DriverEntry returned 0x0
    Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff8ae27ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-19\
    Lower Device Object: 0xffffffff8ae49d98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    DriverEntry returned 0x0
    Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8ae28ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-11\
    Lower Device Object: 0xffffffff8ae2dd98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Downloaded database version: v2012.12.09.05
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8ae28ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8ae298f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8ae28ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8ae2f9e8, DeviceName: \Device\0000008f\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8ae2dd98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-11\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe27996a0, 0xffffffff8ae28ab8, 0xfffffffffb6a12c8
    Lower DeviceData: 0xffffffffe617b420, 0xffffffff8ae2dd98, 0xffffffff862fc808
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 7E487E48

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 625121217
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320071851520 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-625120335-625140335)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8ae27ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8ae26e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8ae27ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8ae4b9e8, DeviceName: \Device\00000090\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8ae49d98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-19\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe502c798, 0xffffffff8ae27ab8, 0xfffffffffb84d040
    Lower DeviceData: 0xffffffffe1bdacf0, 0xffffffff8ae49d98, 0xffffffff861aaf18
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 21289F0A

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 625137282

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xffffffff8896dab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff889858b0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8896dab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8896ace0, DeviceName: \Device\000000b7\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe1edba10, 0xffffffff8896dab8, 0xffffffff87b9aab8
    Lower DeviceData: 0xffffffffe1ee13f8, 0xffffffff8896ace0, 0xffffffff85fe1a68
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 0

    Partition information:

    Partition 0 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 129 Numsec = 3906879

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 2017525248 bytes
    Sector size: 512 bytes

    Done!
    Performing system, memory and registry scan...
    Read File: File "C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.dat" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\instance.dat" is compressed (flags = 1)
    Done!
    Scan finished
    =======================================


    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org

    Database version: v2012.12.09.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.11
    Jeanne :: JEANNE-MARIKOON [administrator]

    12/9/2012 3:47:39 PM
    mbar-log-2012-12-09 (15-47-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 27923
    Time elapsed: 20 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Those logs are clean, OK do the following:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    Combofix

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  6. mainecoonlady

    mainecoonlady Thread Starter

    Joined:
    Dec 9, 2012
    Messages:
    39
    I don't know how to shut down Bit Defender Internet Security 2013. I turned all the switches to off and yet the icon for it is still at the bottom right of my computer. I tried to run Combofix but it says Bitdefender still running :confused:
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    These are the instructions given with the help function of Combofix:

    BIT DEFENDER
    • Double click on the system icon for Bit Defender.
    • When the Bit Defender window appears, move mouse arrow to the left side and click >> Virus Shield.
    • Move mouse arrow to the black check by Virus Shield is enabled and click.
    • The black works will change to red, >> Virus Shield is disabled.
    • Move mouse arrow to the top right corner and click the down arrows.
    • Bit Defender is now inactive.
    • To enable Bit Defender, do the same steps except click to enable.

    Does that help?
     
  8. mainecoonlady

    mainecoonlady Thread Starter

    Joined:
    Dec 9, 2012
    Messages:
    39
    Those directions don't work for the 2913 version, but I think I got it to shut off by switching everything to off. Here is the log file

    ComboFix 12-12-07.01 - Jeanne 12/09/2012 18:31:48.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2389 [GMT -5:00]
    Running from: c:\documents and settings\Jeanne\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Jeanne\Application Data\inst.exe
    C:\Thumbs.db
    c:\windows\iun6002.exe
    c:\windows\system32\dllcache\wmpvis.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-09 20:26 . 2012-12-09 20:26 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2012-12-09 14:47 . 2012-12-09 14:47 -------- d-----w- c:\documents and settings\Jeanne\Application Data\Malwarebytes
    2012-12-09 14:46 . 2012-12-09 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-12-09 14:46 . 2012-12-09 14:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-12-09 14:46 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-09 08:08 . 2012-12-09 08:08 -------- d-----w- c:\program files\Common Files\Skype
    2012-12-09 08:08 . 2012-12-09 08:08 -------- d-----r- c:\program files\Skype
    2012-12-08 20:34 . 2012-12-08 20:34 -------- d-----w- C:\Program Files (x86)
    2012-12-08 13:37 . 2012-12-08 13:37 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2012-12-08 13:19 . 2012-12-08 13:19 -------- d-----w- c:\program files\HitmanPro
    2012-12-08 13:18 . 2012-12-08 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
    2012-12-08 01:25 . 2012-12-08 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Dumps
    2012-12-08 01:09 . 2012-12-08 01:09 -------- d-----w- c:\documents and settings\Jeanne\Application Data\AVG2013
    2012-12-08 01:04 . 2012-12-09 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
    2012-12-08 01:03 . 2012-12-08 01:03 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013
    2012-12-08 00:55 . 2012-12-08 00:55 -------- d-----w- c:\documents and settings\Jeanne\Local Settings\Application Data\MFAData
    2012-12-08 00:55 . 2012-12-08 00:55 -------- d-----w- c:\documents and settings\Jeanne\Local Settings\Application Data\Avg2013
    2012-12-08 00:34 . 2012-12-08 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-12-08 00:34 . 2012-12-08 00:34 -------- d-----w- c:\program files\Security Task Manager
    2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\documents and settings\Jeanne\Application Data\SpeedMaxPc
    2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\program files\Common Files\SpeedMaxPc
    2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\program files\SpeedMaxPc
    2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
    2012-12-07 11:07 . 2012-12-07 11:07 110080 ----a-r- c:\documents and settings\Jeanne\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe
    2012-12-07 11:07 . 2012-12-07 11:07 110080 ----a-r- c:\documents and settings\Jeanne\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconD7F16134.exe
    2012-12-07 11:07 . 2012-12-07 11:07 110080 ----a-r- c:\documents and settings\Jeanne\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe
    2012-12-07 11:07 . 2012-12-07 11:08 -------- d-----w- C:\sh4ldr
    2012-12-07 10:48 . 2012-12-07 10:48 -------- d-----w- c:\documents and settings\Jeanne\Application Data\SpeedyPC Software
    2012-12-07 10:48 . 2012-12-07 10:48 -------- d-----w- c:\documents and settings\Jeanne\Application Data\DriverCure
    2012-12-07 10:44 . 2012-12-07 10:44 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
    2012-12-07 10:44 . 2012-12-07 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
    2012-12-07 10:44 . 2012-12-07 10:44 -------- d-----w- c:\program files\SpeedyPC Software
    2012-12-07 00:57 . 2012-12-07 00:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
    2012-12-07 00:52 . 2012-12-07 00:52 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
    2012-12-07 00:22 . 2012-12-07 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
    2012-12-07 00:22 . 2012-09-21 22:16 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2012-12-07 00:22 . 2012-07-06 19:13 116248 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
    2012-12-07 00:22 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
    2012-12-07 00:22 . 2012-10-10 19:00 481464 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-12-07 00:22 . 2012-10-10 19:00 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-12-07 00:16 . 2012-12-07 00:16 -------- d-----w- c:\documents and settings\Jeanne\Application Data\Bitdefender
    2012-12-07 00:16 . 2012-12-07 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
    2012-12-07 00:15 . 2012-08-29 22:24 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys
    2012-12-07 00:15 . 2012-10-31 17:13 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
    2012-12-07 00:06 . 2012-12-07 00:06 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\Jeanne\Application Data\PC Cleaners
    2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\Jeanne\Application Data\PCPro
    2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
    2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\program files\PC Cleaners
    2012-12-06 00:48 . 2010-05-13 23:34 14232 ----a-w- c:\windows\system32\sh4native.exe
    2012-12-06 00:47 . 2012-12-06 00:47 -------- d-----w- c:\program files\Enigma Software Group
    2012-12-06 00:47 . 2012-12-07 11:07 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
    2012-12-05 23:15 . 2012-12-06 23:23 -------- d-----w- c:\program files\A Youtube Downloader Free
    2012-12-05 22:43 . 2012-12-05 22:43 -------- d-----w- c:\documents and settings\Jeanne\Local Settings\Application Data\Lime PRO
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-06 10:19 . 2007-08-04 20:15 4584760 ----a-w- c:\windows\uninst.exe
    2012-10-22 08:37 . 2002-08-29 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-09 01:50 . 2012-08-27 21:49 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-09 01:50 . 2011-06-06 16:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-05 08:32 . 2012-10-05 08:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2012-10-02 18:04 . 2002-08-29 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-10-02 08:30 . 2012-10-02 08:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-09-21 08:46 . 2012-09-21 08:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2012-09-14 08:05 . 2012-09-14 08:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2005-05-03 03:25 . 2007-08-06 16:33 618093 ----a-w- c:\program files\TabIt-2.01-trial.exe
    2004-12-03 19:32 . 2007-08-06 16:33 3241317 ----a-w- c:\program files\GoldMinerSetup.exe
    2003-08-16 18:45 . 2007-08-06 16:33 2372368 ----a-w- c:\program files\PowerEncoder101.exe
    2012-12-03 00:44 . 2012-12-03 00:44 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
    "PowerPanel Personal Edition User Interaction"="c:\program files\GEEK SQUAD UPS\pppeuser.exe" [2007-03-10 270336]
    "AnyDVD"="d:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-12-28 3214272]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "CTHelper"="CTHELPER.EXE" [2006-05-24 17920]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]
    "EazyScheduler"="c:\program files\Eazy-Ware\ezSched.exe" [2007-02-08 430408]
    "QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
    "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
    "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 28160]
    "lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 20480]
    "Omnipage"="d:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
    "AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
    "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-11-27 1613368]
    "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2012-10-09 6286784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-30 766536]
    "Z1"="c:\documents and settings\Jeanne\Desktop\zip\mbar\mbar.exe" [2012-12-09 1342312]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2007-12-14 6922240]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "c:\\WINDOWS\\system32\\lxdccoms.exe"=
    "c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "d:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
    "c:\\Program Files\\Serif\\WebPlus Essentials\\1.0\\Program\\WebPlus Essentials.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcwbgw.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [12/6/2012 7:22 PM 622616]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]
    R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [12/6/2012 7:15 PM 161312]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/14/2009 2:47 PM 28544]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/30/2012 5:24 AM 27496]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
    R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
    R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2/22/2009 4:16 PM 99248]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/9/2012 9:46 AM 399432]
    R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2013\updatesrv.exe [12/6/2012 7:22 PM 55544]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\BitDefender\Bitdefender Firewall\bdfndisf.sys [12/6/2012 7:22 PM 116248]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 4:57 PM 13904]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/9/2012 3:26 PM 35144]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/4/2007 5:52 PM 47360]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/30/2009 12:08 AM 1057024]
    S0 8d0e9726e76f6b62;zigwomzodupd.exe;\SystemRoot\\SystemRoot\System32\Drivers\8d0e9726e76f6b62.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8d0e9726e76f6b62.sys [?]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]
    S1 dmmtvfqa;dmmtvfqa;\??\c:\windows\system32\drivers\dmmtvfqa.sys --> c:\windows\system32\drivers\dmmtvfqa.sys [?]
    S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
    S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/9/2012 9:46 AM 676936]
    S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 2:40 AM 118784]
    S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
    S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [10/8/2012 7:21 PM 766400]
    S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [11/27/2010 9:07 AM 401920]
    S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [12/6/2012 7:22 PM 481464]
    S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [12/6/2012 7:22 PM 66392]
    S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [6/22/2012 12:01 PM 19984]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [10/7/2007 2:51 PM 39048]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/9/2012 9:46 AM 22856]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
    S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [3/3/2009 4:31 PM 18432]
    S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [3/3/2009 4:31 PM 26368]
    S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\BitDefender\Bitdefender 2013\bdparentalservice.exe [12/6/2012 7:22 PM 59152]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - IPFILTERDRIVER
    *NewlyCreated* - KFTCRUOD
    *NewlyCreated* - MBAMCHAMELEON
    *NewlyCreated* - MBAMPROTECTOR
    *NewlyCreated* - MBAMSCHEDULER
    *NewlyCreated* - MBAMSERVICE
    *Deregistered* - kftcruod
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 01:50]
    .
    2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-152049171-839522115-1004Core.job
    - c:\documents and settings\Jeanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-08 21:14]
    .
    2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-152049171-839522115-1004UA.job
    - c:\documents and settings\Jeanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-08 21:14]
    .
    2012-12-09 c:\windows\Tasks\pc-dis-upd.job
    - c:\program files\PC Cleaners\PCCleaners.exe [2012-12-06 10:19]
    .
    2012-12-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-152049171-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
    .
    2012-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-152049171-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
    .
    2012-12-09 c:\windows\Tasks\SpeedMaxPc Registration3.job
    - c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2012-06-26 21:32]
    .
    2012-12-07 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-11-26 18:02]
    .
    2012-12-09 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-11-26 18:02]
    .
    2012-12-09 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-11-26 18:02]
    .
    2012-12-08 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-11-26 18:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Jeanne\Application Data\Mozilla\Firefox\Profiles\xfim8qv7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
    FF - prefs.js: browser.search.selectedEngine - Custom search
    FF - prefs.js: browser.startup.homepage - hxxp://apype.com
    FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Power_Encoder_1.0 - c:\windows\iun6002.exe
    AddRemove-Replay_AV_807 - c:\windows\iun6002.exe
    AddRemove-Replay_Converter_1 - c:\windows\iun6002.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-12-09 18:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?
    CTxfiHlp = CTXFIHLP.EXE?
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\( *þ¥‘|]
    "DisplayName"="??"
    "DeviceDesc"="??"
    "ProviderName"="?\11???\11\08"
    "MFG"="?\08???"
    "ReinstallString"=".10.1000.8"
    "DeviceInstanceIds"=multi:"e:\\drivers\\chipset\\xp\\smbus\\smbusati.inf\00"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1044)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2012-12-09 18:46:34
    ComboFix-quarantined-files.txt 2012-12-09 23:46
    ComboFix2.txt 2012-12-08 21:24
    .
    Pre-Run: 148,843,196,416 bytes free
    Post-Run: 148,922,634,240 bytes free
    .
    - - End Of File - - 336049399A79FE57968A861221DBE96D
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    There appears to be several security program remnants still running on your system, these may very well conflict with your resident protection BitDefender. OK do the following:

    Select the Windows Key and R key together, in the Run box copy paste %userprofile%\desktop\mbar\mbar.exe /r hit enter...

    Next,

    Go here http://www.avg.com/us-en/utilities Use the AVG clean up tool to remove all remnants of AVG

    Next,

    UNinstall the following:

    SpyHunter Security Suite
    HitmanPro


    Re-boot your PC.....

    Next,

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    File::
    c:\windows\system32\drivers\pavboot.sys
    c:\windows\system32\drivers\dmmtvfqa.sys
    c:\windows\system32\drivers\sbapifs.sys 
    c:\windows\system32\drivers\sbaphd.sys
    Driver::
    pavboot
    sbaphd
    sbapifs
    DirLook::
    c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Post the logs from Combofix, Eset and Security Check in your reply...

    Kevin..
     
  10. mainecoonlady

    mainecoonlady Thread Starter

    Joined:
    Dec 9, 2012
    Messages:
    39
    I'm sorry Kevin, my keyboard doesn't seem to have a Windows key. It has a bunch of other ones, but nothing that says Windows or the logo. My F2 key does have a picture of the letter "W" in a square, but don't think that's it.
    Can I just open run on the start menu?
    :confused:
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Yes of course, just open "Run" anyway that suites you....
     
  12. mainecoonlady

    mainecoonlady Thread Starter

    Joined:
    Dec 9, 2012
    Messages:
    39
    Hello,

    I'm home from work now...
    when I tried: Select the Windows Key and R key together, in the Run box copy paste %userprofile%\desktop\mbar\mbar.exe /r hit enter...

    I get an error message saying: cannot find C:\documents
    My file is called C:\documents and settings

    I don't know where to find the (script)??? that is telling it C:\documents so I can add 'and settings" to it.
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Just leave the first step, don`t bother running the script %userprofile%\desktop\mbar\mbar.exe /r continue with the rest...
     
  14. mainecoonlady

    mainecoonlady Thread Starter

    Joined:
    Dec 9, 2012
    Messages:
    39
    here is the Combo fix log. I had all the virus scanners shut down prior to running this, but after reboot some of them came back on, so not sure if this log is ok or not? I can do it again if necessary.


    ComboFix 12-12-10.01 - Jeanne 12/10/2012 17:12:54.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2447 [GMT -5:00]
    Running from: c:\documents and settings\Jeanne\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Jeanne\Desktop\CFScript.txt
    AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    .
    FILE ::
    "c:\windows\system32\drivers\dmmtvfqa.sys"
    "c:\windows\system32\drivers\pavboot.sys"
    "c:\windows\system32\drivers\sbaphd.sys"
    "c:\windows\system32\drivers\sbapifs.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_PAVBOOT
    -------\Service_pavboot
    -------\Service_sbaphd
    -------\Service_sbapifs
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-10 to 2012-12-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-09 20:26 . 2012-12-09 20:26 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2012-12-09 14:47 . 2012-12-09 14:47 -------- d-----w- c:\documents and settings\Jeanne\Application Data\Malwarebytes
    2012-12-09 14:46 . 2012-12-09 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-12-09 14:46 . 2012-12-09 14:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-12-09 14:46 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-09 08:08 . 2012-12-09 08:08 -------- d-----w- c:\program files\Common Files\Skype
    2012-12-09 08:08 . 2012-12-09 08:08 -------- d-----r- c:\program files\Skype
    2012-12-08 20:34 . 2012-12-08 20:34 -------- d-----w- C:\Program Files (x86)
    2012-12-08 13:37 . 2012-12-08 13:37 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2012-12-08 13:18 . 2012-12-08 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
    2012-12-08 01:25 . 2012-12-08 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Dumps
    2012-12-08 00:34 . 2012-12-08 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-12-08 00:34 . 2012-12-08 00:34 -------- d-----w- c:\program files\Security Task Manager
    2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\documents and settings\Jeanne\Application Data\SpeedMaxPc
    2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\program files\Common Files\SpeedMaxPc
    2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\program files\SpeedMaxPc
    2012-12-08 00:30 . 2012-12-08 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
    2012-12-07 10:48 . 2012-12-07 10:48 -------- d-----w- c:\documents and settings\Jeanne\Application Data\SpeedyPC Software
    2012-12-07 10:48 . 2012-12-07 10:48 -------- d-----w- c:\documents and settings\Jeanne\Application Data\DriverCure
    2012-12-07 10:44 . 2012-12-07 10:44 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
    2012-12-07 10:44 . 2012-12-07 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
    2012-12-07 10:44 . 2012-12-07 10:44 -------- d-----w- c:\program files\SpeedyPC Software
    2012-12-07 00:57 . 2012-12-07 00:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
    2012-12-07 00:52 . 2012-12-07 00:52 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
    2012-12-07 00:22 . 2012-12-07 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
    2012-12-07 00:22 . 2012-09-21 22:16 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2012-12-07 00:22 . 2012-07-06 19:13 116248 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
    2012-12-07 00:22 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
    2012-12-07 00:22 . 2012-10-10 19:00 481464 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-12-07 00:22 . 2012-10-10 19:00 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-12-07 00:16 . 2012-12-07 00:16 -------- d-----w- c:\documents and settings\Jeanne\Application Data\Bitdefender
    2012-12-07 00:16 . 2012-12-07 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
    2012-12-07 00:15 . 2012-08-29 22:24 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys
    2012-12-07 00:15 . 2012-10-31 17:13 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
    2012-12-07 00:06 . 2012-12-07 00:06 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\Jeanne\Application Data\PC Cleaners
    2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\Jeanne\Application Data\PCPro
    2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
    2012-12-06 10:19 . 2012-12-06 10:19 -------- d-----w- c:\program files\PC Cleaners
    2012-12-06 00:48 . 2010-05-13 23:34 14232 ----a-w- c:\windows\system32\sh4native.exe
    2012-12-06 00:47 . 2012-12-06 00:47 -------- d-----w- c:\program files\Enigma Software Group
    2012-12-06 00:47 . 2012-12-10 22:04 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
    2012-12-05 23:15 . 2012-12-06 23:23 -------- d-----w- c:\program files\A Youtube Downloader Free
    2012-12-05 22:43 . 2012-12-05 22:43 -------- d-----w- c:\documents and settings\Jeanne\Local Settings\Application Data\Lime PRO
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-06 10:19 . 2007-08-04 20:15 4584760 ----a-w- c:\windows\uninst.exe
    2012-10-22 08:37 . 2002-08-29 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-09 01:50 . 2012-08-27 21:49 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-09 01:50 . 2011-06-06 16:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-02 18:04 . 2002-08-29 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
    2005-05-03 03:25 . 2007-08-06 16:33 618093 ----a-w- c:\program files\TabIt-2.01-trial.exe
    2004-12-03 19:32 . 2007-08-06 16:33 3241317 ----a-w- c:\program files\GoldMinerSetup.exe
    2003-08-16 18:45 . 2007-08-06 16:33 2372368 ----a-w- c:\program files\PowerEncoder101.exe
    2012-12-03 00:44 . 2012-12-03 00:44 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP ----
    .
    2012-12-10 22:04 . 2012-12-10 22:04 7685 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseData.ini
    2012-12-10 22:04 . 2012-12-10 22:04 176545 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla17.dll
    2012-12-10 22:04 . 2012-12-10 22:04 179687 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla.dll
    2012-12-10 22:04 . 2012-12-10 22:04 175992 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla20.dll
    2012-12-10 22:04 . 2012-12-10 22:04 176035 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla19.dll
    2012-12-10 22:04 . 2012-12-10 22:04 179687 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla18.exe
    2012-12-10 22:04 . 2012-12-10 22:04 176035 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla2.dll
    2012-12-10 22:04 . 2012-12-10 22:04 27499 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCall.dll
    2012-12-10 22:04 . 2012-12-10 22:04 180877 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla21.dll
    2012-12-06 00:47 . 2012-12-06 00:47 180877 ----a-w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla21.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
    "PowerPanel Personal Edition User Interaction"="c:\program files\GEEK SQUAD UPS\pppeuser.exe" [2007-03-10 270336]
    "AnyDVD"="d:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-12-28 3214272]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "CTHelper"="CTHELPER.EXE" [2006-05-24 17920]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]
    "EazyScheduler"="c:\program files\Eazy-Ware\ezSched.exe" [2007-02-08 430408]
    "QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
    "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
    "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 28160]
    "lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 20480]
    "Omnipage"="d:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
    "AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
    "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-11-27 1613368]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2007-12-14 6922240]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "c:\\WINDOWS\\system32\\lxdccoms.exe"=
    "c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "d:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
    "c:\\Program Files\\Serif\\WebPlus Essentials\\1.0\\Program\\WebPlus Essentials.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcwbgw.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [12/6/2012 7:22 PM 622616]
    R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [12/6/2012 7:15 PM 161312]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/30/2012 5:24 AM 27496]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]
    R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
    R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2/22/2009 4:16 PM 99248]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/9/2012 9:46 AM 399432]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/9/2012 9:46 AM 676936]
    R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 2:40 AM 118784]
    R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2013\updatesrv.exe [12/6/2012 7:22 PM 55544]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\BitDefender\Bitdefender Firewall\bdfndisf.sys [12/6/2012 7:22 PM 116248]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/9/2012 9:46 AM 22856]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/4/2007 5:52 PM 47360]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/30/2009 12:08 AM 1057024]
    S0 8d0e9726e76f6b62;zigwomzodupd.exe;\SystemRoot\\SystemRoot\System32\Drivers\8d0e9726e76f6b62.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8d0e9726e76f6b62.sys [?]
    S1 dmmtvfqa;dmmtvfqa;\??\c:\windows\system32\drivers\dmmtvfqa.sys --> c:\windows\system32\drivers\dmmtvfqa.sys [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
    S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [11/27/2010 9:07 AM 401920]
    S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [12/6/2012 7:22 PM 481464]
    S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [12/6/2012 7:22 PM 66392]
    S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [10/7/2007 2:51 PM 39048]
    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/9/2012 3:26 PM 35144]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
    S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [3/3/2009 4:31 PM 18432]
    S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [3/3/2009 4:31 PM 26368]
    S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\BitDefender\Bitdefender 2013\bdparentalservice.exe [12/6/2012 7:22 PM 59152]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 01:50]
    .
    2012-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-152049171-839522115-1004Core.job
    - c:\documents and settings\Jeanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-08 21:14]
    .
    2012-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-152049171-839522115-1004UA.job
    - c:\documents and settings\Jeanne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-08 21:14]
    .
    2012-12-10 c:\windows\Tasks\pc-dis-upd.job
    - c:\program files\PC Cleaners\PCCleaners.exe [2012-12-06 10:19]
    .
    2012-12-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-152049171-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
    .
    2012-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-152049171-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
    .
    2012-12-09 c:\windows\Tasks\SpeedMaxPc Registration3.job
    - c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2012-06-26 21:32]
    .
    2012-12-07 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-11-26 18:02]
    .
    2012-12-09 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-11-26 18:02]
    .
    2012-12-10 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-11-26 18:02]
    .
    2012-12-08 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-11-26 18:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Jeanne\Application Data\Mozilla\Firefox\Profiles\xfim8qv7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
    FF - prefs.js: browser.search.selectedEngine - Custom search
    FF - prefs.js: browser.startup.homepage - hxxp://apype.com
    FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-12-10 17:28
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?
    CTxfiHlp = CTXFIHLP.EXE?
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\( *þ¥&#8216;|]
    "DisplayName"="??"
    "DeviceDesc"="??"
    "ProviderName"="?\11???\11\08"
    "MFG"="?\08???"
    "ReinstallString"=".10.1000.8"
    "DeviceInstanceIds"=multi:"e:\\drivers\\chipset\\xp\\smbus\\smbusati.inf\00"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1040)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(6648)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
    d:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
    d:\program files\ScanSoft\OmniPageSE\ophook32.dll
    c:\windows\system32\ctagent.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Bitdefender\Bitdefender 2013\vsserv.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxdccoms.exe
    c:\program files\GEEK SQUAD UPS\ppped.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\windows\system32\PSIService.exe
    c:\progra~1\Dantz\RETROS~1\retrorun.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\CTHELPER.EXE
    c:\windows\system32\CTXFIHLP.EXE
    c:\windows\SYSTEM32\CTXFISPI.EXE
    c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-12-10 17:33:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-10 22:33
    ComboFix2.txt 2012-12-09 23:46
    ComboFix3.txt 2012-12-08 21:24
    .
    Pre-Run: 149,037,928,448 bytes free
    Post-Run: 148,923,469,824 bytes free
    .
    - - End Of File - - 21B6BC9FEB24B5A996A1183ED6D41E86
     
  15. mainecoonlady

    mainecoonlady Thread Starter

    Joined:
    Dec 9, 2012
    Messages:
    39
    Eset Scan log:

    C:\Program Files\PC Cleaners\PCCleaners.exe a variant of Win32/PCCleaners application
    C:\System Volume Information\_restore{17DBA894-65F8-42BE-B6B8-9C6E4E3185A0}\RP1880\A0143739.dll Win32/Adware.Agent.NJV application
    D:\Downloads\avastfreeantivirus.exe a variant of Win32/OpenInstall application
    D:\Downloads\musicrockstar.exe a variant of Win32/InstallIQ application
    D:\Downloads\winzip155.exe a variant of Win32/OpenInstall application
    D:\Downloads\wzcourier35(2).exe Win32/OpenCandy application
    D:\Downloads\wzcourier35.exe Win32/OpenCandy application
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1080206