TechSpot

Can't load up google and can't use other search engines (hijacked?)?

Inactive
By skysummers
Feb 21, 2011
  1. Hi, hoping that someone can help.
    Just bought my son the Acer Aspire One D260 laptop and have a problem, not sure if this helps but it is a dual boot system, Android and Windows 7.
    We can get online no probs at all, but can not go onto any search engine at all.
    We have tried downloading various programs to remove any virus that may be on their but nothing seems to be doing the trick.
    Any advise would be very much appreciate as we are pulling our hair out with it now!!
    Thanks
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot!


    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. skysummers

    skysummers TS Rookie Topic Starter

    here are the logs

    •Malwarebytes Anti-Malware log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5831

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    21/02/2011 18:34:59
    mbam-log-2011-02-21 (18-34-59).txt

    Scan type: Quick scan
    Objects scanned: 139111
    Time elapsed: 9 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    •GMER log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-21 18:45:29
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GJ00
    Running: oniw8wk7.exe; Driver: C:\Users\ZOE-CA~1\AppData\Local\Temp\ugldypow.sys


    ---- Devices - GMER 1.0.15 ----

    Device ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip mdvrmng.sys
    AttachedDevice \Driver\tdx \Device\Tcp mdvrmng.sys
    AttachedDevice \Driver\tdx \Device\Udp mdvrmng.sys

    ---- EOF - GMER 1.0.15 ----


    Attach Log

    ==== Hosts File Hijack ======================

    Hosts: 74.125.45.100 safebrowsing-cache.google.com
    Hosts: 74.125.45.100 urs.microsoft.com
    Hosts: 74.125.45.100 www.securesoftwarebill.com
    Hosts: 74.125.45.100 secure-plus-payments.com
    Hosts: 74.125.45.100 www.secure-plus-payments.com
    Hosts: 74.125.45.100 secure.paysecuresystem.com
    Hosts: 74.125.45.100 paysoftbillsolution.com
    Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    Hosts: 98.142.243.60 www.google.com
    Hosts: 98.142.243.60 google.com
    Hosts: 98.142.243.60 google.com.au
    Hosts: 98.142.243.60 www.google.com.au
    Hosts: 98.142.243.60 google.be
    Hosts: 98.142.243.60 www.google.be
    Hosts: 98.142.243.60 google.com.br
    Hosts: 98.142.243.60 www.google.com.br
    Hosts: 98.142.243.60 google.ca
    Hosts: 98.142.243.60 www.google.ca
    Hosts: 98.142.243.60 google.ch
    Hosts: 98.142.243.60 www.google.ch
    Hosts: 98.142.243.60 google.de
    Hosts: 98.142.243.60 www.google.de
    Hosts: 98.142.243.60 google.dk
    Hosts: 98.142.243.60 www.google.dk
    Hosts: 98.142.243.60 google.fr
    Hosts: 98.142.243.60 www.google.fr
    Hosts: 98.142.243.60 google.ie
    Hosts: 98.142.243.60 www.google.ie
    Hosts: 98.142.243.60 google.it
    Hosts: 98.142.243.60 www.google.it
    Hosts: 98.142.243.60 google.co.jp
    Hosts: 98.142.243.60 www.google.co.jp
    Hosts: 98.142.243.60 google.nl
    Hosts: 98.142.243.60 www.google.nl
    Hosts: 98.142.243.60 google.no
    Hosts: 98.142.243.60 www.google.no
    Hosts: 98.142.243.60 google.co.nz
    Hosts: 98.142.243.60 www.google.co.nz
    Hosts: 98.142.243.60 google.pl
    Hosts: 98.142.243.60 www.google.pl
    Hosts: 98.142.243.60 www.google.co.uk
    Hosts: 98.142.243.60 google.co.za
    Hosts: 98.142.243.60 www.google.co.za
    Hosts: 98.142.243.60 www.google-analytics.com
    Hosts: 98.142.243.60 www.bing.com
    Hosts: 98.142.243.60 search.yahoo.com
    Hosts: 98.142.243.60 www.search.yahoo.com
    Hosts: 98.142.243.60 uk.search.yahoo.com
    Hosts: 98.142.243.60 ca.search.yahoo.com
    Hosts: 98.142.243.60 de.search.yahoo.com
    Hosts: 98.142.243.60 fr.search.yahoo.com
    Hosts: 98.142.243.60 au.search.yahoo.com
    Hosts: 98.142.243.60 www.youtube.com

    ==== Installed Programs ======================

    3Connect
    Acer Crystal Eye webcam Ver:1.1.184.610
    Acer ePower Management
    Acer eRecovery Management
    Acer GameZone Console
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer VCM
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1 MUI
    Amazonia
    AndroidInstaller
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Bonjour
    Cake Mania
    CCleaner
    Chicken Invaders 2
    Dairy Dash
    Dream Day First Home
    eBay Worldwide
    ENE USB Card Reader Driver
    eSobi v2
    ETDWare PS/2-x86 7.0.6.3_WHQL
    Farm Frenzy 2
    Galapago
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Granny In Paradise
    Heroes of Hellas
    Identity Card
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    IObit Security 360
    Junk Mail filter update
    Launch Manager
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.13)
    MSVCRT
    MyWinLocker
    MyWinLocker Suite
    Norton Online Backup
    Panda Antivirus Pro 2011
    Panda Secure Vault 5
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for CAPICOM (KB931906)
    Shredder
    Spin & Win
    Welcome Center
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    ZTE_1.2059.0.8

    ==== End Of File ===========================


    DDS Log


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by zoe-carter at 19:24:13.14 on 21/02/2011
    Internet Explorer: 8.0.7600.16385

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PskSvc.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2011\TPSrv.exe
    C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2011\WebProxy.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files\Acer\Registration\GREGsvc.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsCtrls.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2011\pavsrvx86.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2011\AVENGINE.EXE
    C:\Program Files\Panda Security\Panda Antivirus Pro 2011\Firewall\PSHOST.EXE
    C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsImSvc.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\EgisTec IPS\PmmUpdate.exe
    C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Acer\Android Manager\iSync.exe
    C:\Program Files\Acer\Updater\iUpdate.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
    C:\Program Files\IObit\IObit Security 360\is360tray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\EgisTec IPS\EgisUpdate.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Launch Manager\LMworker.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\WerFault.exe
    C:\Users\zoe-carter\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k SDRSVC

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aod260&r=27b50910n155l04c4ww35w5682t979
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110220085328.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
    mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
    mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
    mRun: [mwlDaemon] c:\program files\egistec mywinlocker\x86\mwlDaemon.exe
    mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [iSyncData] c:\program files\acer\android manager\iSync.exe
    mRun: [AndroidManager] c:\program files\acer\android manager\AML.exe
    mRun: [iPatchData] c:\program files\acer\updater\iUpdate.exe
    mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
    mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus pro 2011\APVXDWIN.EXE" /s
    mRun: [SCANINICIO] "c:\program files\panda security\panda antivirus pro 2011\Inicio.exe"
    mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    uPolicies-explorer: DisallowRun = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
    Notify: avldr - avldr.dll
    Notify: igfxcui - igfxdev.dll
    IFEO: image file execution options - svchost.exe
    Hosts: 74.125.45.100 safebrowsing-cache.google.com
    Hosts: 74.125.45.100 urs.microsoft.com
    Hosts: 74.125.45.100 www.securesoftwarebill.com
    Hosts: 74.125.45.100 secure-plus-payments.com
    Hosts: 74.125.45.100 www.secure-plus-payments.com

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\zoe-ca~1\appdata\roaming\mozilla\firefox\profiles\b02ta4yw.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ============= SERVICES / DRIVERS ===============

    R? Avgfwfd;AVG network filter service
    R? avgwd;AVG WatchDog
    R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
    R? cfwids;McAfee Inc. cfwids
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? EUCR;EUCR
    R? gupdate;Google Update Service (gupdate)
    R? massfilter;ZTE Mass Storage Filter Driver
    R? McShield;McShield
    R? mfebopk;McAfee Inc. mfebopk
    R? mferkdet;McAfee Inc. mferkdet
    R? MWLService;MyWinLocker Service
    R? osppsvc;Office Software Protection Platform
    S? AmFSM;AmFSM
    S? APPFLT;App Filter Plugin
    S? AvFlt;Antivirus Filter Driver
    S? BecHelperService;BecHelperService
    S? cvhsvc;Client Virtualization Handler
    S? DSAFLT;DSA Filter Plugin
    S? DsiWMIService;Dritek WMI Service
    S? ePowerSvc;Acer ePower Service
    S? ETD;ELAN PS/2 Port Input Device
    S? FNETMON;NetMon Filter Plugin
    S? GREGService;GREGService
    S? IDSFLT;Ids Filter Plugin
    S? IS360service;IS360service
    S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
    S? mfeavfk;McAfee Inc. mfeavfk
    S? mfefire;McAfee Firewall Core Service
    S? mfefirek;McAfee Inc. mfefirek
    S? mfehidk;McAfee Inc. mfehidk
    S? mfenlfk;McAfee NDIS Light Filter
    S? mfevtp;McAfee Validation Trust Protection Service
    S? mfewfpk;McAfee Inc. mfewfpk
    S? mwlPSDFilter;mwlPSDFilter
    S? mwlPSDNServ;mwlPSDNServ
    S? mwlPSDVDisk;mwlPSDVDisk
    S? NETFLTDI;Panda Net Driver [TDI Layer]
    S? NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42
    S? NOBU;Norton Online Backup
    S? Panda Software Controller;Panda Software Controller
    S? pavboot;Panda boot driver
    S? PAVFNSVR;Panda Function Service
    S? PavProc;Panda Process Protection Driver
    S? PavPrSrv;Panda Process Protection Service
    S? PavSRK.sys;PavSRK.sys
    S? PAVSRV;Panda On-Access Anti-Malware Service
    S? PavTPK.sys;PavTPK.sys
    S? PskSvcRetail;Panda PSK service
    S? RS_Service;Raw Socket Service
    S? Sftfs;Sftfs
    S? sftlist;Application Virtualization Client
    S? Sftplay;Sftplay
    S? Sftredir;Sftredir
    S? Sftvol;Sftvol
    S? sftvsa;Application Virtualization Service Agent
    S? ShldDrv;Panda File Shield Driver
    S? Updater Service;Updater Service
    S? vwififlt;Virtual WiFi Filter Driver
    S? WNMFLT;Wifi Monitor Filter Plugin

    =============== Created Last 30 ================

    2011-02-21 18:23:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-21 18:22:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-21 18:22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-21 17:26:11 -------- d-----w- c:\progra~2\Panda Software
    2011-02-20 20:11:17 -------- d-----w- c:\users\zoe-ca~1\appdata\roaming\IObit
    2011-02-20 20:11:08 -------- d-----w- c:\progra~2\IObit
    2011-02-20 20:10:54 -------- d-----w- c:\program files\IObit
    2011-02-20 16:45:56 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-02-20 16:44:57 -------- d-----w- c:\progra~2\Hitman Pro
    2011-02-20 13:14:28 197408 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
    2011-02-20 13:14:18 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
    2011-02-20 13:14:17 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
    2011-02-20 13:14:17 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
    2011-02-20 13:13:49 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
    2011-02-20 13:13:48 76296 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
    2011-02-20 13:13:48 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
    2011-02-20 12:50:23 -------- d-----w- c:\users\zoe-ca~1\appdata\local\Panda Security
    2011-02-20 12:49:16 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2011-02-20 12:47:27 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
    2011-02-20 12:47:27 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys
    2011-02-20 12:47:27 -------- d-----w- c:\program files\common files\Panda Security
    2011-02-20 12:21:06 -------- d-----w- c:\program files\CCleaner
    2011-02-20 12:01:10 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{74eaeb16-fb6e-4eeb-aaf2-15f3d9a61bee}\mpengine.dll
    2011-02-20 12:01:09 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-02-20 11:36:47 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
    2011-02-20 08:53:28 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    2011-02-20 06:53:41 -------- d-----w- c:\users\zoe-ca~1\appdata\roaming\Panda Security
    2011-02-20 06:50:55 -------- d-----w- c:\program files\Panda Security
    2011-02-20 06:50:55 -------- d-----w- c:\progra~2\Panda Security
    2011-02-19 21:37:49 -------- d-----w- c:\users\zoe-ca~1\appdata\roaming\Pointstone
    2011-02-19 21:34:40 -------- d-----w- c:\program files\Pointstone
    2011-02-19 21:34:40 -------- d-----w- c:\program files\common files\Pointstone
    2011-02-19 21:03:37 -------- d-----w- c:\users\zoe-ca~1\appdata\roaming\Malwarebytes
    2011-02-19 21:03:10 -------- d-----w- c:\progra~2\Malwarebytes
    2011-02-19 20:53:05 2329088 ----a-w- c:\windows\system32\win32k.sys
    2011-02-19 20:51:59 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2011-02-19 18:53:41 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-02-19 18:52:28 -------- d-----w- c:\program files\Norton Internet Security
    2011-02-19 18:52:26 -------- d-----w- c:\progra~2\Norton
    2011-02-19 18:49:02 -------- d-----w- c:\program files\NortonInstaller
    2011-02-19 18:49:02 -------- d-----w- c:\progra~2\NortonInstaller
    2011-02-11 02:47:02 541184 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-11 02:46:24 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2011-01-27 00:09:44 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc6BBF.tmp

    ==================== Find3M ====================

    2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
    2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
    2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
    2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

    ============= FINISH: 19:25:28.76 ==============
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run the following: Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading
      (If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer. )
    • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===========================================
    After you post the log here, go right on to this: Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    DDS::
    IFEO: image file execution options - svchost.exe
    Hosts: 74.125.45.100 safebrowsing-cache.google.com
    Hosts: 74.125.45.100 urs.microsoft.com
    Hosts: 74.125.45.100 www.securesoftwarebill.com
    Hosts: 74.125.45.100 secure-plus-payments.com
    Hosts: 74.125.45.100 www.secure-plus-payments.com
    Hosts: 74.125.45.100 secure.paysecuresystem.com
    Hosts: 74.125.45.100 paysoftbillsolution.com
    Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    Hosts: 98.142.243.60 www.google.com
    Hosts: 98.142.243.60 google.com
    Hosts: 98.142.243.60 google.com.au
    Hosts: 98.142.243.60 www.google.com.au
    Hosts: 98.142.243.60 google.be
    Hosts: 98.142.243.60 www.google.be
    Hosts: 98.142.243.60 google.com.br
    Hosts: 98.142.243.60 www.google.com.br
    Hosts: 98.142.243.60 google.ca
    Hosts: 98.142.243.60 www.google.ca
    Hosts: 98.142.243.60 google.ch
    Hosts: 98.142.243.60 www.google.ch
    Hosts: 98.142.243.60 google.de
    Hosts: 98.142.243.60 www.google.de
    Hosts: 98.142.243.60 google.dk
    Hosts: 98.142.243.60 www.google.dk
    Hosts: 98.142.243.60 google.fr
    Hosts: 98.142.243.60 www.google.fr
    Hosts: 98.142.243.60 google.ie
    Hosts: 98.142.243.60 www.google.ie
    Hosts: 98.142.243.60 google.it
    Hosts: 98.142.243.60 www.google.it
    Hosts: 98.142.243.60 google.co.jp
    Hosts: 98.142.243.60 www.google.co.jp
    Hosts: 98.142.243.60 google.nl
    Hosts: 98.142.243.60 www.google.nl
    Hosts: 98.142.243.60 google.no
    Hosts: 98.142.243.60 www.google.no
    Hosts: 98.142.243.60 google.co.nz
    Hosts: 98.142.243.60 www.google.co.nz
    Hosts: 98.142.243.60 google.pl
    Hosts: 98.142.243.60 www.google.pl
    Hosts: 98.142.243.60 www.google.co.uk
    Hosts: 98.142.243.60 google.co.za
    Hosts: 98.142.243.60 www.google.co.za
    Hosts: 98.142.243.60 www.google-analytics.com
    Hosts: 98.142.243.60 www.bing.com
    Hosts: 98.142.243.60 search.yahoo.com
    Hosts: 98.142.243.60 www.search.yahoo.com
    Hosts: 98.142.243.60 uk.search.yahoo.com
    Hosts: 98.142.243.60 ca.search.yahoo.com
    Hosts: 98.142.243.60 de.search.yahoo.com
    Hosts: 98.142.243.60 fr.search.yahoo.com
    Hosts: 98.142.243.60 au.search.yahoo.com
    Hosts: 98.142.243.60 www.youtube.com
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
     
  5. skysummers

    skysummers TS Rookie Topic Starter

    ComboFix Log

    ComboFix 11-02-16.01 - zoe-carter 22/02/2011 10:21:19.1.2 - x86
    Running from: c:\users\zoe-carter\Desktop\ComboFix.exe
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Desktop

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-04-17 05:55 120176 ----a-w- c:\program files\EgisTecMyWinLocker\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-22 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-05-25 9218592]
    "SuiteTray"="c:\program files\EgisTecMyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
    "EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
    "EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
    "mwlDaemon"="c:\program files\EgisTecMyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
    "NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2010-05-25 960080]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-26 206208]
    "iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
    "AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
    "iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-07-21 492096]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 715296]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-08 968536]
    "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2011\APVXDWIN.EXE" [2010-08-26 988480]
    "SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2011\Inicio.exe" [2010-06-11 68928]
    "IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 2 (0x2)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
    2010-03-24 12:55 55552 ----a-w- c:\windows\System32\avldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheckautochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
    @="Service"

    R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
    R2 avgwd;AVGWatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 135664]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
    R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-03-02 82384]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
    R3 MWLService;MyWinLockerService;c:\program files\EgisTecMyWinLocker\x86\MWLService.exe [2010-04-17 305520]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
    S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-22 26696]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 18992]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 16432]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60976]
    S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2009-10-27 37896]
    S1 vwififlt;VirtualWiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344]
    S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2010-02-18 76296]
    S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2009-09-25 53256]
    S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-05-25 325200]
    S2 ePowerSvc;AcerePowerService;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 735776]
    S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2009-09-25 22024]
    S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2009-09-25 193800]
    S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
    S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-09-25 14:54 159112]
    S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-09-14 163336]
    S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2011\PskSvc.exe [2010-08-16 28992]
    S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 Updater Service;UpdaterService;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2009-09-25 46856]
    S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-01-14 107912]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
    S3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\DRIVERS\neti1642.sys [2010-02-18 199688]
    S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]
    S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphostSCardSvr TBS FontCachefdrespubAppIDSvc QWAVE wcncsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6206ce1a-c230-11df-9814-88ae1d1b9fa8}]
    \shell\AutoRun\command - E:\AutoRun.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 19:58]

    2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 19:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com
    uInternetSettings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\zoe-carter\AppData\Roaming\Mozilla\Firefox\Profiles\b02ta4yw.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    HKLM-Run-ETDWare - %ProgramFiles%\Elantech\ETDCtrl.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(6716)
    c:\program files\EgisTecMyWinLocker\x86\psdprotect.dll
    c:\program files\EgisTecMyWinLocker\x86\sysenv.dll
    c:\program files\Acer\Acer ePower Management\SysHook.dll
    .
    Completion time: 2011-02-22 12:02:21
    ComboFix-quarantined-files.txt 2011-02-22 12:01

    Pre-Run: 54,588,125,184 bytes free
    Post-Run: 54,536,704,000 bytes free

    - - End Of File - - 613CCFE562E6834B12938070930B0A4F
     
  6. skysummers

    skysummers TS Rookie Topic Starter

    ComboFix Log 2

    ComboFix 11-02-16.01 - zoe-carter 22/02/2011 10:21:19.1.2 - x86
    Running from: c:\users\zoe-carter\Desktop\ComboFix.exe
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Desktop

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-04-17 05:55 120176 ----a-w- c:\program files\EgisTecMyWinLocker\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-22 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-05-25 9218592]
    "SuiteTray"="c:\program files\EgisTecMyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
    "EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
    "EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
    "mwlDaemon"="c:\program files\EgisTecMyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
    "NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2010-05-25 960080]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-26 206208]
    "iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
    "AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
    "iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-07-21 492096]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 715296]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-08 968536]
    "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2011\APVXDWIN.EXE" [2010-08-26 988480]
    "SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2011\Inicio.exe" [2010-06-11 68928]
    "IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 2 (0x2)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
    2010-03-24 12:55 55552 ----a-w- c:\windows\System32\avldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheckautochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
    @="Service"

    R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
    R2 avgwd;AVGWatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 135664]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
    R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-03-02 82384]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
    R3 MWLService;MyWinLockerService;c:\program files\EgisTecMyWinLocker\x86\MWLService.exe [2010-04-17 305520]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
    S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-22 26696]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 18992]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 16432]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60976]
    S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2009-10-27 37896]
    S1 vwififlt;VirtualWiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344]
    S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2010-02-18 76296]
    S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2009-09-25 53256]
    S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-05-25 325200]
    S2 ePowerSvc;AcerePowerService;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 735776]
    S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2009-09-25 22024]
    S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2009-09-25 193800]
    S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
    S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-09-25 14:54 159112]
    S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-09-14 163336]
    S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2011\PskSvc.exe [2010-08-16 28992]
    S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 Updater Service;UpdaterService;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2009-09-25 46856]
    S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-01-14 107912]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
    S3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\DRIVERS\neti1642.sys [2010-02-18 199688]
    S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]
    S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphostSCardSvr TBS FontCachefdrespubAppIDSvc QWAVE wcncsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6206ce1a-c230-11df-9814-88ae1d1b9fa8}]
    \shell\AutoRun\command - E:\AutoRun.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 19:58]

    2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 19:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com
    uInternetSettings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\zoe-carter\AppData\Roaming\Mozilla\Firefox\Profiles\b02ta4yw.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    HKLM-Run-ETDWare - %ProgramFiles%\Elantech\ETDCtrl.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(6716)
    c:\program files\EgisTecMyWinLocker\x86\psdprotect.dll
    c:\program files\EgisTecMyWinLocker\x86\sysenv.dll
    c:\program files\Acer\Acer ePower Management\SysHook.dll
    .
    Completion time: 2011-02-22 12:02:21
    ComboFix-quarantined-files.txt 2011-02-22 12:01

    Pre-Run: 54,588,125,184 bytes free
    Post-Run: 54,536,704,000 bytes free

    - - End Of File - - 613CCFE562E6834B12938070930B0A4F
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Combofix is being run in Reduced Functionality Mode. This is most likely caused by the following:

    You are running Windows 7 Release Candidate You will need to reinstall your previous operating system or purchase a full version copy of Windows 7 in order to continue using your PC.
    =======================================
    The following are descriptions of this mode in Vista> some may also apply to your system:
    Source: Microsoft
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.