found PUM.Hijack.StartMenu in pc

so its not for me right,i installed java7u25,i think its not need for this version?where is javadb, i didnt found,even i installed java 7

I think you are OK.

Run the SecurityCheck tool and I will review what you have.
===

Are you referring to this?
uStart Page = hxxp://www.epicsearch.in/

i didnt found javadb why?is it javadb come from java6 or netbeans?
 

Are you referring to this?
uStart Page = hxxp://www.epicsearch.in/

i cannot understand ,what refers to?
 
checkup.txt logs
Results of screen317's Security Check version 0.99.72  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
ESET Smart Security 6.0   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 AVG PC Tuneup   
 CCleaner     
 Java 7 Update 25  
 Java SE Development Kit 7 Update 25
 Adobe Flash Player     11.8.800.94  
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````
malwarebytes logs scaned today

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home :: admin [administrator]

Protection: Disabled

8/25/2013 9:18:14 AM
MBAM-log-2013-08-25 (09-57-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281500
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
 

Edited by nasdaq, 25 August 2013 - 08:23 AM.

From your previous post.

so whats the next step to clear pum.hijack start menu

What do you mean?
===

i didnt found javadb why?is it javadb come from java6 or netbeans?

Could be. Not familiar with netbeans.
===

Your logs are clean.

Any remaining issues with this computer?

From your previous post.

so whats the next step to clear pum.hijack start menu

What do you mean?
===

i didnt found javadb why?is it javadb come from java6 or netbeans?

Could be. Not familiar with netbeans.
===

Your logs are clean.

Any remaining issues with this computer?

 

uStart Page = hxxp://www.epicsearch.in/

1)where it is located?

 

2)i scanned with malwarbytes still i found pum.hijack start menu ,so still it present in my system

 

3)when run combofix it shows ur system had avira and antivirdeskop is shown,but i didnt installed those antivirus then how did they shown

 

4)when i done scaning combofix,adware,junkware after that when i open my browser like firefox,chrome,all opened as a fresh window with default options?why it was changed

 

5)iam using esetantivirus 6 ,which option i have to select enable or disable windows firewall

Edited by anonymouss, 25 August 2013 - 12:29 PM.

Remove it with this script.

Open notepad and copy/paste the text in the quote box below into it:
 

DDS::
uStart Page = hxxp://www.epicsearch.in/

ClearJavaCache::

Save this as CFScript.txt on your desktop.



Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

combofix logs:(note:when scaned using combofix it shows a message ie current date is 2013-08-26.combofix has expired.click yes to run in reduced functionality mode click no to exit,i clicked yes option)

ComboFix 13-08-19.02 - home 08/26/2013   9:45.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.446.5 [GMT 5.5:30]
Running from: c:\documents and settings\home\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\home\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 * Resident AV is active
.
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\home\Application Data\inst.exe
c:\windows\EventSystem.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-26 to 2013-08-26  )))))))))))))))))))))))))))))))
.
.
2013-08-25 12:42 . 2013-08-25 12:42    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Sun
2013-08-25 12:05 . 2008-04-14 12:00    176128    ----a-w-    c:\windows\system32\dfxmm32.dll
2013-08-17 08:21 . 2013-08-17 08:21    --------    d-----w-    c:\windows\ERUNT
2013-08-17 08:07 . 2013-08-17 08:07    --------    d-----w-    c:\program files\ERUNT
2013-08-15 14:05 . 2013-08-26 03:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\TorchCrashHandler
2013-08-11 04:34 . 2013-08-11 04:34    --------    d-----w-    c:\documents and settings\home\Application Data\Malwarebytes
2013-08-11 04:34 . 2013-08-11 04:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-11 04:33 . 2013-08-11 04:34    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-11 04:33 . 2013-04-04 09:20    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Epic
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\documents and settings\home\Application Data\Epic
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\program files\Epic
2013-08-07 13:38 . 2013-08-07 13:38    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Opera Software
2013-08-07 13:38 . 2013-08-07 13:38    --------    d-----w-    c:\documents and settings\home\Application Data\Opera Software
2013-08-05 10:24 . 2013-08-05 10:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\VS Revo Group
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-24 10:22 . 2012-07-05 17:55    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-08-24 10:22 . 2012-07-05 17:55    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-20 17:48 . 2012-07-05 16:32    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-20 17:48 . 2012-07-05 16:32    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 09:57 . 2013-01-15 02:10    118344    ----a-w-    c:\windows\system32\drivers\idmtdi.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    21904    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-08-18 3665488]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]
"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2013-07-19 4341904]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\home\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^Launchy.lnk]
path=c:\documents and settings\home\Start Menu\Programs\Startup\Launchy.lnk
backup=c:\windows\pss\Launchy.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\home\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2012-01-05 15:42    75624    ----a-w-    c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 11:34    278016    ----a-w-    c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DFX]
2013-08-20 17:03    1274840    ----a-w-    c:\program files\DFX\DFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epic]
2013-02-05 18:33    73216    ----a-w-    c:\program files\Epic\epic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-21 19:48    6276408    ----a-w-    c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MouseAround]
2001-12-11 18:04    151552    ----a-w-    c:\program files\MouseAround\MouseAround.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 09:42    1414144    ----a-w-    c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2012-09-11 13:34    136336    ----atw-    c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-04-10 10:17    452880    ----a-w-    c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-03-27 19:37    593920    ----a-r-    c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordWeb]
2009-11-08 17:48    65216    ------w-    c:\program files\WordWeb\wweb32.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"d:\\Arun pendrive\\eclipse\\eclipse-jee-galileo-SR1-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Documents and Settings\\home\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [12/21/2011 2:47 PM 20744]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [7/5/2012 11:43 PM 41912]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [1/10/2013 3:08 PM 122240]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1/15/2013 7:40 AM 118344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [3/21/2013 3:19 PM 1341664]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [7/5/2012 11:43 PM 68832]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/11/2013 10:04 AM 418376]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [7/5/2012 11:41 PM 578264]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/21/2011 2:47 PM 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [4/6/2010 6:32 PM 26248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/11/2013 10:03 AM 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/4/2013 3:25 PM 47360]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [1/5/2012 9:12 PM 75624]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2/27/2009 4:40 PM 143467]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/11/2013 10:04 AM 701512]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [11/22/2012 10:29 AM 3290304]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\home\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [7/20/2013 11:53 PM 1206624]
S2 UDisk Monitor;UDisk Monitor;c:\program files\Reliance Netconnect\bin\MonServiceUDisk.exe [7/5/2012 10:17 PM 512000]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [4/19/2011 6:05 PM 176128]
S3 BTCOM;Bluetooth Serial port driver; [x]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service; [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [9/20/2012 10:05 AM 83168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/18/2012 12:33 PM 13224]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/5/2012 10:10 PM 27064]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [9/20/2012 10:05 AM 181344]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [9/20/2012 10:05 AM 181344]
S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/20/2007 7:50 AM 57344]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [7/10/2012 1:47 PM 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [7/10/2012 1:47 PM 85696]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [7/5/2012 10:17 PM 105472]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 OracleServiceORCL;OracleServiceORCL; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-25 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2025429265-484763869-515967899-1003Core.job
- c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-09-11 13:34]
.
2013-08-26 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2025429265-484763869-515967899-1003UA.job
- c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-09-11 13:34]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-07-08 16:12; {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF - ExtSQL: 2013-07-19 16:39; {9AA46F4F-4DC7-4c06-97AF-6665170634FE}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
FF - ExtSQL: 2013-07-21 08:45; draggablestar@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\draggablestar@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:46; cam@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\cam@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:47; better_url@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\better_url@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 12:31; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - ExtSQL: 2013-07-21 12:31; thumbnailZoom@dadler.github.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\thumbnailZoom@dadler.github.com.xpi
FF - ExtSQL: 2013-07-21 12:31; snaplinks@snaplinks.mozdev.org; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\snaplinks@snaplinks.mozdev.org.xpi
FF - ExtSQL: 2013-07-21 12:31; client@anonymox.net; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\client@anonymox.net.xpi
FF - ExtSQL: 2013-07-23 18:59; reloadplus@blackwind; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\reloadplus@blackwind.xpi
FF - ExtSQL: 2013-07-23 19:03; {6BB5760D-F97E-421B-AF5B-8457A90C3CED}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
FF - ExtSQL: 2013-07-23 19:05; {ada4b710-8346-4b82-8199-5de2b400a6ae}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - ExtSQL: 2013-07-23 19:05; {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
FF - ExtSQL: 2013-07-23 19:16; superstart@enjoyfreeware.org; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\superstart@enjoyfreeware.org
FF - ExtSQL: 2013-07-23 19:19; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - ExtSQL: 2013-08-15 22:51; jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
FF - ExtSQL: 2013-08-15 23:08; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-08-15 23:08; {1a5dabbd-0e74-41da-b532-a364bb552cab}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi
FF - ExtSQL: 2013-08-15 23:11; privateTab@infocatcher; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\privateTab@infocatcher.xpi
FF - ExtSQL: 2013-08-25 22:17; places-maintenance@bonardo.net; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\places-maintenance@bonardo.net.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 09:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-484763869-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B620650-0354-F69B-E7BD-75AAE2E4C99F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2025429265-484763869-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32B23C69-15C1-2347-9C03-2560519B1340}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b9,58,55,c5,88,9c,1e,09,51,e0,cc,8f,60,66,a7,22,f4,3d,e9,7f,01,
   0d,d1,e7,c4,75,e0,1b,f1,d1,91,01,87,60,86,c1,a4,ce,d1,4f,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c3a95711-ed4a-4fd3-b676-0c36cb4806c0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000133
"Therad"=dword:0000001d
"SpecVersion"=dword:00000147
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,88,79,0d,22,8e,33,17,75,f1,ba,a7,8a,bd,54,2a,a9,3e,32,3f,e3,fc,c7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-08-26  09:51:17
ComboFix-quarantined-files.txt  2013-08-26 04:21
ComboFix2.txt  2013-08-22 04:35
ComboFix3.txt  2013-08-20 10:25
.
Pre-Run: 6,023,692,288 bytes free
Post-Run: 5,996,396,544 bytes free
.
- - End Of File - - F9A1C3884D4385747643B5163C467281
8F558EB6672622401DA993E1E865C861
 

 

pls clarify my doubts:

uStart Page = hxxp://www.epicsearch.in/

1)where it is located?

 

2)i scanned with malwarbytes still i found pum.hijack start menu ,so still it present in my system

 

3)when run combofix it shows ur system had avira and antivirdeskop is shown,but i didnt installed those antivirus then how did they shown

 

4)when i done scaning combofix,adware,junkware after that when i open my browser like firefox,chrome,all opened as a fresh window with default options?why it was changed

 

5)iam using esetantivirus 6 ,in controlpanel windows firewall option is there ,which option i have to select enable or disable windows firewall

pls clarify my doubts:
uStart Page = hxxp://www.epicsearch.in/
1)where it is located?.

I do not know. It's gone. We did what we had to do.
===
 

2)i scanned with malwarbytes still i found pum.hijack start menu ,so still it present in my system

Please post the log for my review.
===
 

3)when run combofix it shows ur system had avira and antivirdeskop is shown,but i didnt installed those antivirus then how did they shown

I do not see any reference to avira and antivirdeskop in your logs so I cannot comment.
 

4)when i done scaning combofix,adware,junkware after that when i open my browser like firefox,chrome,all opened as a fresh window with default options?why it was changed

This his the price you pay to get rid of the malware.
===
 

5)iam using esetantivirus 6 ,in controlpanel windows firewall option is there ,which option i have to select enable or disable windows firewall

Check the help file or in their forum. I never used that program.
===

 

pls clarify my doubts:
uStart Page = hxxp://www.epicsearch.in/
1)where it is located?.

I do not know. It's gone. We did what we had to do.
===

then how did u know ustartpage=hxxp://www.epicsearch.in
 

2)i scanned with malwarbytes still i found pum.hijack start menu ,so still it present in my system

Please post the log for my review.
===

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home :: admin [administrator]

Protection: Disabled

8/25/2013 9:18:14 AM
MBAM-log-2013-08-25 (09-57-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281500
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

3)when run combofix it shows ur system had avira and antivirdeskop is shown,but i didnt installed those antivirus then how did they shown

I do not see any reference to avira and antivirdeskop in your logs so I cannot comment.
 

in first page i posted combo logs,see that there u find avira and antivir enabled

4)when i done scaning combofix,adware,junkware after that when i open my browser like firefox,chrome,all opened as a fresh window with default options?why it was changed

This his the price you pay to get rid of the malware.
===

no its not a malware problem,after  i done scans combofix,adware,junkware,i had the problem,did they do any changes in registry for firefox,chrome
 

5)iam using esetantivirus 6 ,in controlpanel windows firewall option is there ,which option i have to select enable or disable windows firewall

Check the help file or in their forum. I never used that program.
===

 

generally in windows controlpanel ,we had windows firewall icon,in that we had on ,off options are there,did i select the option on or off,because i had eset antivirus it had firewall,so if i click yes means two firewall will be enabled,did u understand what am  i trying to say

 

did u check the combofix logs above

Edited by anonymouss, 26 August 2013 - 10:44 AM.

Run Combofix normally in Normal Mode.

You should be asked to update, please do.

Post a fresh log for my review.

Let me know of the lines in the ComboFix log you You'r concerned about.

 

pls clarify my doubts:
uStart Page = hxxp://www.epicsearch.in/
1)where it is located?.

I do not know. It's gone. We did what we had to do.

i think i installed epic browser ,so thats why it changed homepage to www.epicsearch.in,now it was cleared
 

 

3)when run combofix it shows ur system had avira and antivirdeskop is shown,but i didnt installed those antivirus then how did they shown

I do not see any reference to avira and antivirdeskop in your logs so I cannot comment.

 
did u check my previous logs in first page?did u found?
 

 

4)when i done scaning combofix,adware,junkware after that when i open my browser like firefox,chrome,all opened as a fresh window with default options?why it was changed

This his the price you pay to get rid of the malware.
===

actually before starting scan ie combofix,adware,junkware etc everything in fine,after scaning,changes occured in firefox,chrome ie it opens as a freshwindow and option are changed as default,here my question is,is there any changes in registry while scaning the above process(because all browser are goes to default as a fresh install copy window)
 

 

5)iam using esetantivirus 6 ,in controlpanel windows firewall option is there ,which option i have to select enable or disable windows firewall

Check the help file or in their forum. I never used that program.
===

iam not asking about eset,generally in windowsxp control panel had windowsfirewall icon is there,in that icon 2 radio buttons are there ie on and off,what i have to select windows firewall on or off(note:because i had eset it has enable firewall)
 
combofix updates and new logs.txt

ComboFix 13-08-25.01 - home 08/27/2013  10:18:00.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.446.19 [GMT 5.5:30]
Running from: c:\documents and settings\home\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-27 to 2013-08-27  )))))))))))))))))))))))))))))))
.
.
2013-08-25 12:42 . 2013-08-25 12:42    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Sun
2013-08-25 12:05 . 2008-04-14 12:00    176128    ----a-w-    c:\windows\system32\dfxmm32.dll
2013-08-17 08:21 . 2013-08-17 08:21    --------    d-----w-    c:\windows\ERUNT
2013-08-17 08:07 . 2013-08-17 08:07    --------    d-----w-    c:\program files\ERUNT
2013-08-15 14:05 . 2013-08-27 03:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\TorchCrashHandler
2013-08-11 04:34 . 2013-08-11 04:34    --------    d-----w-    c:\documents and settings\home\Application Data\Malwarebytes
2013-08-11 04:34 . 2013-08-11 04:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-11 04:33 . 2013-08-11 04:34    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-11 04:33 . 2013-04-04 09:20    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Epic
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\documents and settings\home\Application Data\Epic
2013-08-11 03:02 . 2013-08-11 03:02    --------    d-----w-    c:\program files\Epic
2013-08-07 13:38 . 2013-08-07 13:38    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Opera Software
2013-08-07 13:38 . 2013-08-07 13:38    --------    d-----w-    c:\documents and settings\home\Application Data\Opera Software
2013-08-05 10:24 . 2013-08-05 10:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\VS Revo Group
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-24 10:22 . 2012-07-05 17:55    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-08-24 10:22 . 2012-07-05 17:55    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-20 17:48 . 2012-07-05 16:32    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-20 17:48 . 2012-07-05 16:32    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 09:57 . 2013-01-15 02:10    118344    ----a-w-    c:\windows\system32\drivers\idmtdi.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    21904    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-08-18 3665488]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]
"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2013-07-19 4341904]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\home\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^Launchy.lnk]
path=c:\documents and settings\home\Start Menu\Programs\Startup\Launchy.lnk
backup=c:\windows\pss\Launchy.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^home^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\home\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2012-01-05 15:42    75624    ----a-w-    c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 11:34    278016    ----a-w-    c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DFX]
2013-08-20 17:03    1274840    ----a-w-    c:\program files\DFX\DFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epic]
2013-02-05 18:33    73216    ----a-w-    c:\program files\Epic\epic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-21 19:48    6276408    ----a-w-    c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MouseAround]
2001-12-11 18:04    151552    ----a-w-    c:\program files\MouseAround\MouseAround.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 09:42    1414144    ----a-w-    c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2012-09-11 13:34    136336    ----atw-    c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-04-10 10:17    452880    ----a-w-    c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-03-27 19:37    593920    ----a-r-    c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordWeb]
2009-11-08 17:48    65216    ------w-    c:\program files\WordWeb\wweb32.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"d:\\Arun pendrive\\eclipse\\eclipse-jee-galileo-SR1-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Documents and Settings\\home\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [12/21/2011 2:47 PM 20744]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [7/5/2012 11:43 PM 41912]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [1/10/2013 3:08 PM 122240]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1/15/2013 7:40 AM 118344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [3/21/2013 3:19 PM 1341664]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [7/5/2012 11:43 PM 68832]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/11/2013 10:04 AM 418376]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [7/5/2012 11:41 PM 578264]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/21/2011 2:47 PM 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [4/6/2010 6:32 PM 26248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/11/2013 10:03 AM 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/4/2013 3:25 PM 47360]
R3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [7/10/2012 1:47 PM 87824]
R3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [7/10/2012 1:47 PM 85696]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [1/5/2012 9:12 PM 75624]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2/27/2009 4:40 PM 143467]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/11/2013 10:04 AM 701512]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [11/22/2012 10:29 AM 3290304]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\home\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [7/20/2013 11:53 PM 1206624]
S2 UDisk Monitor;UDisk Monitor;c:\program files\Reliance Netconnect\bin\MonServiceUDisk.exe [7/5/2012 10:17 PM 512000]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [4/19/2011 6:05 PM 176128]
S3 BTCOM;Bluetooth Serial port driver; [x]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service; [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [9/20/2012 10:05 AM 83168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/18/2012 12:33 PM 13224]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/5/2012 10:10 PM 27064]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [9/20/2012 10:05 AM 181344]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [9/20/2012 10:05 AM 181344]
S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/20/2007 7:50 AM 57344]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [7/5/2012 10:17 PM 105472]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 OracleServiceORCL;OracleServiceORCL; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-26 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2025429265-484763869-515967899-1003Core.job
- c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-09-11 13:34]
.
2013-08-27 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2025429265-484763869-515967899-1003UA.job
- c:\documents and settings\home\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-09-11 13:34]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-07-08 16:12; {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF - ExtSQL: 2013-07-19 16:39; {9AA46F4F-4DC7-4c06-97AF-6665170634FE}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
FF - ExtSQL: 2013-07-21 08:45; draggablestar@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\draggablestar@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:46; cam@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\cam@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:47; better_url@sdrocking.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\better_url@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 12:31; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - ExtSQL: 2013-07-21 12:31; thumbnailZoom@dadler.github.com; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\thumbnailZoom@dadler.github.com.xpi
FF - ExtSQL: 2013-07-21 12:31; snaplinks@snaplinks.mozdev.org; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\snaplinks@snaplinks.mozdev.org.xpi
FF - ExtSQL: 2013-07-21 12:31; client@anonymox.net; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\client@anonymox.net.xpi
FF - ExtSQL: 2013-07-23 18:59; reloadplus@blackwind; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\reloadplus@blackwind.xpi
FF - ExtSQL: 2013-07-23 19:03; {6BB5760D-F97E-421B-AF5B-8457A90C3CED}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
FF - ExtSQL: 2013-07-23 19:05; {ada4b710-8346-4b82-8199-5de2b400a6ae}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - ExtSQL: 2013-07-23 19:05; {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
FF - ExtSQL: 2013-07-23 19:16; superstart@enjoyfreeware.org; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\superstart@enjoyfreeware.org
FF - ExtSQL: 2013-07-23 19:19; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - ExtSQL: 2013-08-15 22:51; jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
FF - ExtSQL: 2013-08-15 23:08; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-08-15 23:08; {1a5dabbd-0e74-41da-b532-a364bb552cab}; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi
FF - ExtSQL: 2013-08-15 23:11; privateTab@infocatcher; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\privateTab@infocatcher.xpi
FF - ExtSQL: 2013-08-25 22:17; places-maintenance@bonardo.net; c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\nam2i820.default\extensions\places-maintenance@bonardo.net.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-27 10:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-484763869-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B620650-0354-F69B-E7BD-75AAE2E4C99F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2025429265-484763869-515967899-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32B23C69-15C1-2347-9C03-2560519B1340}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b9,58,55,c5,88,9c,1e,09,51,e0,cc,8f,60,66,a7,22,f4,3d,e9,7f,01,
   0d,d1,e7,c4,75,e0,1b,f1,d1,91,01,87,60,86,c1,a4,ce,d1,4f,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c3a95711-ed4a-4fd3-b676-0c36cb4806c0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000133
"Therad"=dword:0000001d
"SpecVersion"=dword:00000147
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,88,79,0d,22,8e,33,17,75,f1,ba,a7,8a,bd,54,2a,a9,3e,32,3f,e3,fc,c7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2908)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-27  10:36:18
ComboFix-quarantined-files.txt  2013-08-27 05:06
ComboFix2.txt  2013-08-26 04:21
ComboFix3.txt  2013-08-22 04:35
ComboFix4.txt  2013-08-20 10:25
.
Pre-Run: 5,809,242,112 bytes free
Post-Run: 5,777,379,328 bytes free
.
- - End Of File - - 49CC6720A249783849F3B06FE643DC7E
8F558EB6672622401DA993E1E865C861
 

Edited by anonymouss, 27 August 2013 - 12:45 AM.

I do not see any reference to avira and antivirdeskop in your logs so I cannot comment.

We remove these entries with ComboFix. They are gone.
How they got on your computer I do not know.

===
 

actually before starting scan ie combofix,adware,junkware etc everything in fine,after scaning,changes occured in firefox,chrome ie it opens as a freshwindow and option are changed as default,here my question is,is there any changes in registry while scaning the above process(because all browser are goes to default as a fresh install copy window)

In order to work correctly the browsers are set to default by ComboFix.
We must all accept this.
===

Windows Firewall.

This can be accessed via Start -> Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security, or by running wf.msc from the Start Run Box.

Keep in mind that you cannot run both firewalls at the same time.
When running Eset will disable the Windows Firewall.
===

I do not see any reference to avira and antivirdeskop in your logs so I cannot comment.

We remove these entries with ComboFix. They are gone.
How they got on your computer I do not know.

===

oh ok

actually before starting scan ie combofix,adware,junkware etc everything in fine,after scaning,changes occured in firefox,chrome ie it opens as a freshwindow and option are changed as default,here my question is,is there any changes in registry while scaning the above process(because all browser are goes to default as a fresh install copy window)

In order to work correctly the browsers are set to default by ComboFix.
We must all accept this.
===

oh ok,so i think it changes the default registry values
 

Windows Firewall.

This can be accessed via Start -> Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security, or by running wf.msc from the Start Run Box.

Keep in mind that you cannot run both firewalls at the same time.
When running Eset will disable the Windows Firewall.
===

in run command ,i entere wf.msc its not working it says windows cannot find,now my eset firewall is enabled ,so i have to disable windows firewall correct?
 
did u check the above cobofix logs?

Edited by anonymouss, 27 August 2013 - 11:08 PM.

in run command ,i entere wf.msc its not working it says windows cannot find,now my eset firewall is enabled ,so i have to disable windows firewall correct?

As I have said before, you cannot run two firewall at the same time.
If eset firewall is enable the the Microsoft firewall should be disable.
===

Yes I have check the ComboFix log.
What is your concern?

 

in run command ,i entere wf.msc its not working it says windows cannot find,now my eset firewall is enabled ,so i have to disable windows firewall correct?

As I have said before, you cannot run two firewall at the same time.
If eset firewall is enable the the Microsoft firewall should be disable.
===

Yes I have check the ComboFix log.
What is your concern?

 

 

ok

scaned with malwarbytes still found infection,from first post to till now ,same infection not cleared

 

logs

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home :: admin [administrator]

Protection: Disabled

8/28/2013 8:17:40 PM
MBAM-log-2013-08-28 (20-50-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281868
Time elapsed: 14 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
 

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Did you remove this item with Malwarebytes?

If it returns try this

Open Internter Explorer > Tools menu > Advanced tab.
In the bottom Reset the Settings by clicking the Reset button.

Click the Apply button.

Close Internet Explorer and restart the computer normally.

How is it now?