Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

found PUM.Hijack.StartMenu in pc


  • Please log in to reply
79 replies to this topic

#1 anonymouss

anonymouss

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 12 August 2013 - 09:54 PM

recently i installed malwarebytes and scaned and it shows PUM.Hijack.StartMenu is infected,when trying to remove it done,but after it again same infected file is found ,what kind of infected file and how to remove it ?what kind of settings will change?

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.11.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home:: xp[administrator]

Protection: Disabled

8/11/2013 7:04:28 PM
mbam-log-2013-08-11 (19-04-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279024
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Note:i dont have avast antivirus but below logs showing it,iam using eset

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_22
Run by Home at 8:10:08 on 2013-08-13
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.446.42 [GMT 5.5:30]
.
AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
AV: avast! antivirus 4.8.1335 [VPS 090510-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 6.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fsproflt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Reliance Netconnect\bin\MonServiceUDisk.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.epicsearch.in/
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Hard Disk Sentinel] "c:\program files\hard disk sentinel\HDSentinel.exe" /AUTORUN
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: En&queue current page with BID - c:\program files\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - c:\program files\bulk image downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - c:\program files\bulk image downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: Interfaces\{014B0BBC-01F9-4E7A-90FB-408F484BD27C} : NameServer = 4.2.2.2 121.242.190.210
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WgaLogon - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 66.98.148.65 auto.search.msn.com
Hosts: 66.98.148.65 auto.search.msn.es
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\home\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\winamp detect\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-07-08 16:12; {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF - ExtSQL: 2013-07-12 13:23; multirevenue@googlemail.com; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\multirevenue@googlemail.com.xpi
FF - ExtSQL: 2013-07-19 16:39; {9AA46F4F-4DC7-4c06-97AF-6665170634FE}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
FF - ExtSQL: 2013-07-21 08:45; draggablestar@sdrocking.com; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\draggablestar@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:46; cam@sdrocking.com; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\cam@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:47; better_url@sdrocking.com; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\better_url@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 12:31; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - ExtSQL: 2013-07-21 12:31; thumbnailZoom@dadler.github.com; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\thumbnailZoom@dadler.github.com.xpi
FF - ExtSQL: 2013-07-21 12:31; snaplinks@snaplinks.mozdev.org; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\snaplinks@snaplinks.mozdev.org.xpi
FF - ExtSQL: 2013-07-21 12:31; client@anonymox.net; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\client@anonymox.net.xpi
FF - ExtSQL: 2013-07-23 18:59; reloadplus@blackwind; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\reloadplus@blackwind.xpi
FF - ExtSQL: 2013-07-23 19:03; {6BB5760D-F97E-421B-AF5B-8457A90C3CED}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
FF - ExtSQL: 2013-07-23 19:05; {ada4b710-8346-4b82-8199-5de2b400a6ae}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - ExtSQL: 2013-07-23 19:05; {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
FF - ExtSQL: 2013-07-23 19:16; superstart@enjoyfreeware.org; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\superstart@enjoyfreeware.org
FF - ExtSQL: 2013-07-23 19:19; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2011-12-21 20744]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2012-7-5 41912]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-1-10 122240]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2013-1-15 118344]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2013-3-21 1341664]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2012-7-5 68832]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-11 418376]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-7-5 578264]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
R2 UDisk Monitor;UDisk Monitor;c:\program files\reliance netconnect\bin\MonServiceUDisk.exe [2012-7-5 512000]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2011-12-21 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 26248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-11 22856]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-4-10 135440]
R3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2012-7-10 87824]
R3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2012-7-10 85696]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-11 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\bcl technologies\easyconverter sdk 3\common\becldr.exe [2011-4-19 176128]
S3 BTCOM;Bluetooth Serial port driver; [x]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service; [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-20 83168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-10-18 13224]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-7-5 27064]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-9-20 181344]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2012-9-20 181344]
S3 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2007-7-20 57344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2012-7-5 105472]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
S4 OracleServiceORCL;OracleServiceORCL; [x]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-08-11 04:34:24    --------    d-----w-    c:\documents and settings\home\application data\Malwarebytes
2013-08-11 04:34:04    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-08-11 04:33:59    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-11 04:33:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-11 03:02:47    --------    d-----w-    c:\documents and settings\home\local settings\application data\Epic
2013-08-11 03:02:47    --------    d-----w-    c:\documents and settings\home\application data\Epic
2013-08-11 03:02:23    --------    d-----w-    c:\program files\Epic
2013-08-07 13:38:29    --------    d-----w-    c:\documents and settings\home\local settings\application data\Opera Software
2013-08-07 13:38:23    --------    d-----w-    c:\documents and settings\home\application data\Opera Software
2013-08-07 11:19:55    262552    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-08-05 10:24:49    --------    d-----w-    c:\documents and settings\all users\application data\VS Revo Group
2013-07-24 02:49:36    --------    d-----w-    c:\program files\RF ToolBox
2013-07-18 09:40:40    13312    ----a-w-    c:\windows\system32\borlndmm.dll
2013-07-18 09:40:12    --------    d-----w-    c:\program files\LifeSignMini
2013-07-18 09:40:12    --------    d-----w-    c:\documents and settings\home\application data\LifeSignMini
.
==================== Find3M  ====================
.
2013-07-20 17:48:52    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-20 17:48:51    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 09:57:42    118344    ----a-w-    c:\windows\system32\drivers\idmtdi.sys
2013-05-21 08:49:42    98304    ----a-w-    c:\windows\DUMP5311.tmp
2013-05-20 15:37:52    98304    ----a-w-    c:\windows\DUMP46ad.tmp
.
============= FINISH:  8:10:56.39 ===============
 
 

 

 


Edited by Orange Blossom, 13 August 2013 - 04:39 PM.


BC AdBot (Login to Remove)

 


#2 anonymouss

anonymouss
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 14 August 2013 - 09:18 PM

any one here to solve my problem



#3 anonymouss

anonymouss
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 15 August 2013 - 10:47 PM

waiting for long time,solve my problem



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 16 August 2013 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check..

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#5 anonymouss

anonymouss
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 17 August 2013 - 10:47 PM

combofix logs

ComboFix 13-08-14.02 - home 08/16/2013  14:43:01.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.446.116 [GMT 5.5:30]
Running from: c:\documents and settings\home\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
AV: avast! antivirus 4.8.1335 [VPS 090510-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\home\WINDOWS
c:\program files\DFX\DFX.exe
c:\windows\system32\SET92.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET9E.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-16 to 2013-08-16  )))))))))))))))))))))))))))))))
.
.
2013-08-15 14:05 . 2013-08-16 08:32    --------    d-----w-    c:\documents and settings\All Users\Application Data\TorchCrashHandler
2013-08-15 14:00 . 2013-08-15 14:06    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Torch
2013-08-11 04:34 . 2013-08-11 04:34    --------    d-----w-    c:\documents and settings\home\Application Data\Malwarebytes
2013-08-11 04:34 . 2013-08-11 04:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-11 04:33 . 2013-08-11 04:34    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-11 04:33 . 2013-04-04 09:20    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Epic
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\documents and settings\home\Application Data\Epic
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\program files\Epic
2013-08-07 13:38 . 2013-08-07 13:38    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Opera Software
2013-08-07 13:38 . 2013-08-07 13:38    --------    d-----w-    c:\documents and settings\home\Application Data\Opera Software
2013-08-07 11:19 . 2013-07-30 22:48    262552    ----a-w-    c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-05 10:24 . 2013-08-05 10:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\VS Revo Group
2013-07-24 02:49 . 2013-07-24 02:49    --------    d-----w-    c:\program files\RF ToolBox
2013-07-18 09:40 . 2000-01-23 23:31    13312    ----a-w-    c:\windows\system32\borlndmm.dll
2013-07-18 09:40 . 2013-07-18 09:49    --------    d-----w-    c:\documents and settings\home\Application Data\LifeSignMini
2013-07-18 09:40 . 2013-07-18 09:40    --------    d-----w-    c:\program files\LifeSignMini
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-20 17:48 . 2012-07-05 16:32    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-20 17:48 . 2012-07-05 16:32    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 09:57 . 2013-01-15 02:10    118344    ----a-w-    c:\windows\system32\drivers\idmtdi.sys
2013-05-21 08:49 . 2012-12-17 17:18    98304    ----a-w-    c:\windows\DUMP5311.tmp
2013-05-20 15:37 . 2012-12-17 17:18    98304    ----a-w-    c:\windows\DUMP46ad.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    21904    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-08-07 3665488]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]
"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2013-07-19 4341904]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^Launchy.lnk]
path=c:\documents and settings\home\Start Menu\Programs\Startup\Launchy.lnk
backup=c:\windows\pss\Launchy.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\home\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2012-01-05 15:42    75624    ----a-w-    c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 11:34    278016    ----a-w-    c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-07-12 08:33    1581056    ----a-w-    c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epic]
2013-02-05 18:33    73216    ----a-w-    c:\program files\Epic\epic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2013-04-04 09:20    532040    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-21 19:48    6276408    ----a-w-    c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MouseAround]
2001-12-11 18:04    151552    ----a-w-    c:\program files\MouseAround\MouseAround.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 09:42    1414144    ----a-w-    c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2012-09-11 13:34    136336    ----atw-    c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-04-10 10:17    452880    ----a-w-    c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-03-27 19:37    593920    ----a-r-    c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 06:14    248552    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordWeb]
2009-11-08 17:48    65216    ------w-    c:\program files\WordWeb\wweb32.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"d:\\Arun pendrive\\eclipse\\eclipse-jee-galileo-SR1-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Documents and Settings\\home\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [12/21/2011 2:47 PM 20744]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [7/5/2012 11:43 PM 41912]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [1/10/2013 3:08 PM 122240]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1/15/2013 7:40 AM 118344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [3/21/2013 3:19 PM 1341664]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [7/5/2012 11:43 PM 68832]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/11/2013 10:04 AM 418376]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [7/5/2012 11:41 PM 578264]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/21/2011 2:47 PM 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [4/6/2010 6:32 PM 26248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/11/2013 10:03 AM 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/4/2013 3:25 PM 47360]
R3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [7/10/2012 1:47 PM 87824]
R3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [7/10/2012 1:47 PM 85696]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [1/5/2012 9:12 PM 75624]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2/27/2009 4:40 PM 143467]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/11/2013 10:04 AM 701512]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [11/22/2012 10:29 AM 3290304]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\home\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [7/20/2013 11:53 PM 1206624]
S2 UDisk Monitor;UDisk Monitor;c:\program files\Reliance Netconnect\bin\MonServiceUDisk.exe [7/5/2012 10:17 PM 512000]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [4/19/2011 6:05 PM 176128]
S3 BTCOM;Bluetooth Serial port driver; [x]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service; [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [9/20/2012 10:05 AM 83168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/18/2012 12:33 PM 13224]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/5/2012 10:10 PM 27064]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [9/20/2012 10:05 AM 181344]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [9/20/2012 10:05 AM 181344]
S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/20/2007 7:50 AM 57344]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [7/5/2012 10:17 PM 105472]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 OracleServiceORCL;OracleServiceORCL; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-16 c:\windows\Tasks\AVG PC Tuneup Integrator Scan and Repair.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-12-10 11:50]
.
2013-08-15 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2025429265-484763869-515967899-1003Core.job
- c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-09-11 13:34]
.
2013-08-16 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2025429265-484763869-515967899-1003UA.job
- c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-09-11 13:34]
.
.
------- Supplementary Scan -------
.

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000





IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-07-08 16:12; {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF - ExtSQL: 2013-07-12 13:23; multirevenue@googlemail.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\multirevenue@googlemail.com.xpi
FF - ExtSQL: 2013-07-19 16:39; {9AA46F4F-4DC7-4c06-97AF-6665170634FE}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
FF - ExtSQL: 2013-07-21 08:45; draggablestar@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\draggablestar@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:46; cam@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\cam@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:47; better_url@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\better_url@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 12:31; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - ExtSQL: 2013-07-21 12:31; thumbnailZoom@dadler.github.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\thumbnailZoom@dadler.github.com.xpi
FF - ExtSQL: 2013-07-21 12:31; snaplinks@snaplinks.mozdev.org; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\snaplinks@snaplinks.mozdev.org.xpi
FF - ExtSQL: 2013-07-21 12:31; client@anonymox.net; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\client@anonymox.net.xpi
FF - ExtSQL: 2013-07-23 18:59; reloadplus@blackwind; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\reloadplus@blackwind.xpi
FF - ExtSQL: 2013-07-23 19:03; {6BB5760D-F97E-421B-AF5B-8457A90C3CED}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
FF - ExtSQL: 2013-07-23 19:05; {ada4b710-8346-4b82-8199-5de2b400a6ae}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - ExtSQL: 2013-07-23 19:05; {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
FF - ExtSQL: 2013-07-23 19:16; superstart@enjoyfreeware.org; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\superstart@enjoyfreeware.org
FF - ExtSQL: 2013-07-23 19:19; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - ExtSQL: 2013-08-15 22:51; jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
FF - ExtSQL: 2013-08-15 23:08; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-08-15 23:08; {1a5dabbd-0e74-41da-b532-a364bb552cab}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi
FF - ExtSQL: 2013-08-15 23:11; privateTab@infocatcher; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\privateTab@infocatcher.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-CmPCIaudio - CMICNFG3.CPL
Notify-WgaLogon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-DFX - c:\program files\DFX\DFX.exe
MSConfigStartUp-NokiaSuite - c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-16 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-484763869-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B620650-0354-F69B-E7BD-75AAE2E4C99F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2025429265-484763869-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32B23C69-15C1-2347-9C03-2560519B1340}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b9,58,55,c5,88,9c,1e,09,51,e0,cc,8f,60,66,a7,22,f4,3d,e9,7f,01,
   0d,d1,e7,c4,75,e0,1b,f1,d1,91,01,87,60,86,c1,a4,ce,d1,4f,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c3a95711-ed4a-4fd3-b676-0c36cb4806c0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000133
"Therad"=dword:0000001d
"SpecVersion"=dword:00000147
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,88,79,0d,22,8e,33,17,75,f1,ba,a7,8a,bd,54,2a,a9,3e,32,3f,e3,fc,c7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-08-16  14:58:09
ComboFix-quarantined-files.txt  2013-08-16 09:28
.
Pre-Run: 6,778,318,848 bytes free
Post-Run: 6,721,966,080 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 08675A566D5063B0284FBF2BA046A078
8F558EB6672622401DA993E1E865C861
 

adwcleaner and junkware logs

adwcleaner logs
 
# AdwCleaner v2.306 - Logfile created 08/17/2013 at 13:44:01
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Honey - SSRK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Honey\My Documents\Downloads\Programs\AdwCleaner_2.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Honey\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\jetpack
Folder Deleted : C:\Documents and Settings\Honey\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Documents and Settings\Honey\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Documents and Settings\Honey\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.11.1661.0

File : C:\Documents and Settings\Honey\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************


AdwCleaner[S2].txt - [3060 octets] - [17/08/2013 13:44:01]

########## EOF - C:\AdwCleaner[S2].txt - [3120 octets] ##########
 
junkware logs
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Honey on Sat 08/17/2013 at 13:51:51.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Honey\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Program Files\driver-soft"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Honey\Application Data\mozilla\firefox\profiles\nam2i820.default\prefs.js





~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/17/2013 at 14:03:30.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

Edited by anonymouss, 17 August 2013 - 10:50 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 18 August 2013 - 09:31 AM

Please reset your Hosts file back to the default values.
How To:
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
===


FF - ExtSQL: 2013-07-21 12:31; client@anonymox.net; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\client@anonymox.net.xpi
Decide if you want to keep this Firefox Extention.
http://www.systemlookup.com/FF_Extensions/2685-client_anonymox_net_xpi.html
===

This ComboFix will remove these old items from the registry.
AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
AV: avast! antivirus 4.8.1335 [VPS 090510-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


Open notepad and copy/paste the text in the quote box below into it:

SecCenter::
{C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
{7591DB91-41F0-48A3-B128-1A293FD8233D}

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know what problem persists.

#7 anonymouss

anonymouss
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 20 August 2013 - 06:26 AM

i reset the host file by using the above link,why it was changed,i didnt changed it,is there anyproblem with firefox extension?


Edited by anonymouss, 20 August 2013 - 08:19 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 20 August 2013 - 09:22 AM


Your Hosts file was directing these w msn sites to The Planet. com
Hosts: 66.98.148.65 auto.search.msn.com
Hosts: 66.98.148.65 auto.search.msn.es


Why?
===

Remove this one.

FF - ExtSQL: 2013-07-12 13:23; multirevenue@googlemail.com; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\multirevenue@googlemail.com.xpi
Source:
http://www.systemlookup.com/FF_Extensions/2957-multirevenue_googlemail_com_xpi.html
===

Your call if you want to remove this one.

FF - ExtSQL: 2013-07-21 12:31; client@anonymox.net; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\client@anonymox.net.xpi
Source:
http://www.systemlookup.com/FF_Extensions/2685-client_anonymox_net_xpi.html
===

HellBoy Firewall
FF - ExtSQL: 2013-07-23 19:03; {6BB5760D-F97E-421B-AF5B-8457A90C3CED}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
You should disable this as you already have FW: ESET Personal firewall *Enabled*. Never run two Firewall in real live.
===

Any other issue?

#9 anonymouss

anonymouss
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 20 August 2013 - 09:23 PM

i didnt set host file redirecting to msn sites

 

http://www.systemlookup.com/FF_Extensions/2957-multirevenue_googlemail_com_xpi.html

what addon it was,i didnt install this addon,i didnt have any name of multirevenu in addon extension

 

i opened ff when clicking history it shows only 1 month history ,but i had last 6 months history ,what happened ,how to get back that history?any help


Edited by anonymouss, 21 August 2013 - 04:30 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 21 August 2013 - 08:54 AM

http://www.systemlookup.com/FF_Extensions/2957-multirevenue_googlemail_com_xpi.html
what addon it was,i didnt install this addon,i didnt have any name of multirevenu in addon extension

Were you able to remove this extension?
===

This link may be outdated but have a look at it.
http://kb.mozillazine.org/Viewing_the_browsing_history_-_Firefox
Can you see see the extra folders for the last 6 months?

#11 anonymouss

anonymouss
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 21 August 2013 - 09:04 PM

http://www.systemlookup.com/FF_Extensions/2957-multirevenue_googlemail_com_xpi.html
what addon it was,i didnt install this addon,i didnt have any name of multirevenu in addon extension

Were you able to remove this extension?
===

This link may be outdated but have a look at it.
http://kb.mozillazine.org/Viewing_the_browsing_history_-_Firefox
Can you see see the extra folders for the last 6 months?

yeah i remvoed the adddon ,it is betterfox addon
 
in history window i found today,yesterday and this month only,how can i get back the previous histories
 
HellBoy Firewall i think it is not a firewall ,it is adblocker found in addons.mozilla.org
 
combofix logs
 
[code=auto:0]ComboFix 13-08-19.02 - home 08/22/2013   9:44.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.446.7 [GMT 5.5:30]
Running from: c:\documents and settings\home\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\home\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-22 to 2013-08-22  )))))))))))))))))))))))))))))))
.
.
2013-08-17 08:21 . 2013-08-17 08:21    --------    d-----w-    c:\windows\ERUNT
2013-08-17 08:07 . 2013-08-17 08:07    --------    d-----w-    c:\program files\ERUNT
2013-08-15 14:05 . 2013-08-17 08:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\TorchCrashHandler
2013-08-11 04:34 . 2013-08-11 04:34    --------    d-----w-    c:\documents and settings\home\Application Data\Malwarebytes
2013-08-11 04:34 . 2013-08-11 04:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-11 04:33 . 2013-08-11 04:34    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-11 04:33 . 2013-04-04 09:20    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Epic
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\documents and settings\home\Application Data\Epic
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\program files\Epic
2013-08-07 13:38 . 2013-08-07 13:38    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Opera Software
2013-08-07 13:38 . 2013-08-07 13:38    --------    d-----w-    c:\documents and settings\home\Application Data\Opera Software
2013-08-05 10:24 . 2013-08-05 10:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\VS Revo Group
2013-07-24 02:49 . 2013-07-24 02:49    --------    d-----w-    c:\program files\RF ToolBox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-20 17:48 . 2012-07-05 16:32    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-20 17:48 . 2012-07-05 16:32    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 09:57 . 2013-01-15 02:10    118344    ----a-w-    c:\windows\system32\drivers\idmtdi.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    21904    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-08-18 3665488]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]
"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2013-07-19 4341904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\home\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^Launchy.lnk]
path=c:\documents and settings\home\Start Menu\Programs\Startup\Launchy.lnk
backup=c:\windows\pss\Launchy.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\home\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2012-01-05 15:42    75624    ----a-w-    c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 11:34    278016    ----a-w-    c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epic]
2013-02-05 18:33    73216    ----a-w-    c:\program files\Epic\epic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-21 19:48    6276408    ----a-w-    c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MouseAround]
2001-12-11 18:04    151552    ----a-w-    c:\program files\MouseAround\MouseAround.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 09:42    1414144    ----a-w-    c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2012-09-11 13:34    136336    ----atw-    c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-04-10 10:17    452880    ----a-w-    c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-03-27 19:37    593920    ----a-r-    c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordWeb]
2009-11-08 17:48    65216    ------w-    c:\program files\WordWeb\wweb32.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"d:\\Arun pendrive\\eclipse\\eclipse-jee-galileo-SR1-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [12/21/2011 2:47 PM 20744]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [7/5/2012 11:43 PM 41912]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [1/10/2013 3:08 PM 122240]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1/15/2013 7:40 AM 118344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [3/21/2013 3:19 PM 1341664]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [7/5/2012 11:43 PM 68832]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/11/2013 10:04 AM 418376]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [7/5/2012 11:41 PM 578264]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/21/2011 2:47 PM 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [4/6/2010 6:32 PM 26248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/11/2013 10:03 AM 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/4/2013 3:25 PM 47360]
R3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [7/10/2012 1:47 PM 87824]
R3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [7/10/2012 1:47 PM 85696]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [1/5/2012 9:12 PM 75624]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2/27/2009 4:40 PM 143467]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/11/2013 10:04 AM 701512]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [11/22/2012 10:29 AM 3290304]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\home\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe --> c:\documents and settings\home\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [?]
S2 UDisk Monitor;UDisk Monitor;c:\program files\Reliance Netconnect\bin\MonServiceUDisk.exe [7/5/2012 10:17 PM 512000]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [4/19/2011 6:05 PM 176128]
S3 BTCOM;Bluetooth Serial port driver; [x]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service; [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [9/20/2012 10:05 AM 83168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/18/2012 12:33 PM 13224]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/5/2012 10:10 PM 27064]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [9/20/2012 10:05 AM 181344]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [9/20/2012 10:05 AM 181344]
S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/20/2007 7:50 AM 57344]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [7/5/2012 10:17 PM 105472]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 OracleServiceORCL;OracleServiceORCL; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-21 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2025429265-484763869-515967899-1003Core.job
- c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-09-11 13:34]
.
2013-08-22 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2025429265-484763869-515967899-1003UA.job
- c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-09-11 13:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.epicsearch.in/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-07-08 16:12; {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF - ExtSQL: 2013-07-19 16:39; {9AA46F4F-4DC7-4c06-97AF-6665170634FE}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
FF - ExtSQL: 2013-07-21 08:45; draggablestar@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\draggablestar@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:46; cam@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\cam@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:47; better_url@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\better_url@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 12:31; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - ExtSQL: 2013-07-21 12:31; thumbnailZoom@dadler.github.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\thumbnailZoom@dadler.github.com.xpi
FF - ExtSQL: 2013-07-21 12:31; snaplinks@snaplinks.mozdev.org; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\snaplinks@snaplinks.mozdev.org.xpi
FF - ExtSQL: 2013-07-21 12:31; client@anonymox.net; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\client@anonymox.net.xpi
FF - ExtSQL: 2013-07-23 18:59; reloadplus@blackwind; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\reloadplus@blackwind.xpi
FF - ExtSQL: 2013-07-23 19:03; {6BB5760D-F97E-421B-AF5B-8457A90C3CED}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
FF - ExtSQL: 2013-07-23 19:05; {ada4b710-8346-4b82-8199-5de2b400a6ae}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - ExtSQL: 2013-07-23 19:05; {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
FF - ExtSQL: 2013-07-23 19:16; superstart@enjoyfreeware.org; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\superstart@enjoyfreeware.org
FF - ExtSQL: 2013-07-23 19:19; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - ExtSQL: 2013-08-15 22:51; jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
FF - ExtSQL: 2013-08-15 23:08; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-08-15 23:08; {1a5dabbd-0e74-41da-b532-a364bb552cab}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi
FF - ExtSQL: 2013-08-15 23:11; privateTab@infocatcher; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\privateTab@infocatcher.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-22 10:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-484763869-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B620650-0354-F69B-E7BD-75AAE2E4C99F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2025429265-484763869-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32B23C69-15C1-2347-9C03-2560519B1340}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b9,58,55,c5,88,9c,1e,09,51,e0,cc,8f,60,66,a7,22,f4,3d,e9,7f,01,
   0d,d1,e7,c4,75,e0,1b,f1,d1,91,01,87,60,86,c1,a4,ce,d1,4f,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c3a95711-ed4a-4fd3-b676-0c36cb4806c0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000133
"Therad"=dword:0000001d
"SpecVersion"=dword:00000147
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,88,79,0d,22,8e,33,17,75,f1,ba,a7,8a,bd,54,2a,a9,3e,32,3f,e3,fc,c7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(812)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-22  10:04:57
ComboFix-quarantined-files.txt  2013-08-22 04:34
ComboFix2.txt  2013-08-20 10:25
.
Pre-Run: 6,222,114,816 bytes free
Post-Run: 6,209,470,464 bytes free
.
- - End Of File - - 01C80795FEF307ED30E07C224222314F
8F558EB6672622401DA993E1E865C861
 
 
securitycheck logs
 
[code=auto:0] Results of screen317's Security Check version 0.99.72  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
ESET Smart Security 6.0   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 AVG PC Tuneup   
 CCleaner     
 Java DB 10.5.3.0   
 Java™ 6 Update 22  
 Java™ SE Development Kit 6 Update 22
 Java version out of Date!
 Adobe Flash Player     11.8.800.94  
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

Edited by nasdaq, 22 August 2013 - 07:54 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 22 August 2013 - 08:09 AM


Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java DB 10.5.3.0
Java™ 6 Update 22
Java™ SE Development Kit 6 Update 22


Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

in history window i found today,yesterday and this month only,how can i get back the previous histories

I do not think you can restore history.
What caused them to be removed is unknow to me.
The Firefox forum may be able to help you if there is a way to restore them.

Any remaining issues?

#13 anonymouss

anonymouss
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 24 August 2013 - 06:01 AM

i uninstalled Java DB 10.5.3.0
Java™ 6 Update 22
Java™ SE Development Kit 6 Update 22

 

i installed

jdk-7u25-windows-i586.exe,after installing java 7 , i found java 7 updated 25 and java se development kit7 update 25 but i didnt found java db?

what is java 0 day fix?did i want to install



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 24 August 2013 - 08:56 AM

what is java 0 day fix?


It was an update from Oracle.

http://www.pcworld.com/article/2030056/oracle-releases-emergency-fix-for-java-zeroday-exploit.html

Why do you ask?

Any remaining issues with this computer?

#15 anonymouss

anonymouss
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 24 August 2013 - 10:49 AM

 

what is java 0 day fix?


It was an update from Oracle.

http://www.pcworld.com/article/2030056/oracle-releases-emergency-fix-for-java-zeroday-exploit.html

Why do you ask?

Any remaining issues with this computer?

 

so its not for me right,i installed java7u25,i think its not need for this version?where is javadb, i didnt found,even i installed java 7

 

so whats the next step to clear pum.hijack start menu






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users