Results 1 to 2 of 2

Thread: bannersdontwork help

  1. #1
    Junior Member
    Join Date
    Aug 2013
    Posts
    3

    Default bannersdontwork help

    Have issue with "bannersdontwork.com" trojan malware with Google Chrome browser on WXP SP3. Have disabled all extensions in Google Chrome but still get pop up. Norton AV 2013 reports event in silent mode. Have tried removing all temp files, cookies, history, etc and have "clean cookies on exit" enabled. But it still keeps coming back. IE 8 is not affected.

    Have run Sbot twice and no malware detected with latest definitions and with Immunization set to on.

    How can I get rid of this pesky pop-up trojan?

    Thanks guys......
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
    Run by Owner at 8:12:04 on 2013-08-16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.747 [GMT -7:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton AntiVirus *Enabled*
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
    C:\WINDOWS\system32\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
    c:\Program Files\Zune\ZuneBusEnum.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
    C:\WINDOWS\system32\TpScrLk.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Common Files\Apricorn\Schedule2\schedhlp.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\WINDOWS\system32\1XConfig.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    C:\WINDOWS\system32\DrvMon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k bthsvcs
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/
    mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=20.3.1.22
    uProxyServer = 127.0.0.1:81
    uProxyOverride = local;192.168.*.*;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - c:\program files\vshare\vshare_toolbar.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\20.4.0.40\ips\ipsbho.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: CutePDF Form Filler Helper: {D41289F2-69C6-417B-897E-C653D677CBAF} - c:\program files\acro software\cutepdf pro\CPFillerCo.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: TenchisTV Toolbar: {ece24dcf-8548-4655-b392-47a388721482} - c:\program files\tenchistv\prxtbTen2.dll
    TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - c:\program files\vshare\vshare_toolbar.dll
    TB: TenchisTV Toolbar: {ECE24DCF-8548-4655-B392-47A388721482} - c:\program files\tenchistv\prxtbTen2.dll
    TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - c:\program files\vshare\vshare_toolbar.dll
    TB: TenchisTV Toolbar: {ece24dcf-8548-4655-b392-47a388721482} - c:\program files\tenchistv\prxtbTen2.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [WeatherBugAlert] "c:\program files\aws\weatherbug alert\WeatherBugAlert.exe" /st
    mRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
    mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
    mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
    mRun: [TP4EX] tp4ex.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Synchronization Manager] c:\windows\system32\mobsync.exe /logon
    mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
    mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
    mRun: [S3TRAY2] S3Tray2.exe
    mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
    mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
    mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
    mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
    mRun: [Apricorn Scheduler Service] "c:\program files\common files\apricorn\schedule2\schedhlp.exe"
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [DpTsClnt] Regsvr32.exe /s "c:\program files\digitalpersona\bin\DpTsClnt.dll"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi"
    dRunOnce: [supportdir] cmd /c "rmdir /q /s "c:\windows\temp\{DC78AACC-D3E4-4D92-95E8-42AFD802B8DB}""
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
    uPolicies-Explorer: NoDrives = dword:0
    uPolicies-Explorer: NoViewOnDrive = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:8
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\linksys\bluetooth utility\btsendto_ie.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: PUFLITE - hxxp://donaldweis.point2agent.com/ColpaControls/Photo/Control/PUFLITE.CAB
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&6&04.00.07.02&unknown&unknown&http://product.samsung.com/viewpoint/dlp/popup.html
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {1663ED61-23EB-11D2-B92F-008048FDD814} - hxxps://www.superiorcourt.maricopa.gov/ezcourtforms/includes/smsx.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356101641965
    DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
    DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://lercabo01/Remote/msrdp.cab
    DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} - hxxp://jolleycabo.linksys-cam.com:1024/img/LinksysViewer.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} - hxxp://192.168.1.104/img/LinksysMLViewer.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - hxxp://moneycentral.msn.com/cabs/pmupdate2.exe
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {BA00165E-C903-11D3-BD27-0050048A82BF} - hxxp://chat.caleris.com/netagent/objects/CustAppX.CAB
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab
    DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} - hxxp://www.planseguro.com.mx/planseguro2/cabs/vsflex7.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{AE853C6F-068C-41AA-9F7C-4235CA0B55F5} : DHCPNameServer = 192.168.1.254
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
    Notify: ACNotify - ACNotify.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: tpfnf2 - notifyf2.dll
    Notify: tphotkey - tphklock.dll
    AppInit_DLLs=
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli ACGina
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    Hosts: 192.168.15.102 HP000D9D1A6773
    Hosts: 192.168.0.51 HP000D9D28B235
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-7-25 97008]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1404000.028\symds.sys [2013-6-17 367704]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1404000.028\symefa.sys [2013-6-17 934488]
    R0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [2008-7-4 12800]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.3.1.22\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
    R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1404000.028\ccsetx86.sys [2013-6-17 134744]
    R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_56758.sys [2013-8-14 330960]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-7-25 148688]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-7-25 222192]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1404000.028\ironx86.sys [2013-6-17 175264]
    R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2003-10-9 16384]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2012-5-3 35088]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-7-25 1435928]
    R2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [2008-7-4 345984]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2013-6-27 770432]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
    R2 Z-SANService;Z-SAN Service;c:\program files\netgear\netgear storage central manager utility\Z-SANService.exe [2008-7-4 376891]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-5-9 106656]
    R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.3.1.22\definitions\ipsdefs\20130813.001\IDSXpx86.sys [2013-8-13 373728]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.3.1.22\definitions\virusdefs\20130815.022\NAVENG.SYS [2013-8-16 93272]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.3.1.22\definitions\virusdefs\20130815.022\NAVEX15.SYS [2013-8-16 1611992]
    R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2007-10-9 12032]
    R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2007-10-9 39424]
    R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [2008-7-4 15488]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
    S2 Visual DataFlex 16.1 Web Application Server;Visual DataFlex 16.1 Web Application Server;c:\progra~1\visual~1.1\bin\WebAppServer.exe [2011-12-18 412768]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
    S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
    S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; [x]
    S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys --> c:\windows\system32\drivers\motoandroid.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys --> c:\windows\system32\drivers\motport.sys [?]
    S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]
    S3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-8-7 21520]
    S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys --> c:\windows\system32\drivers\rcblan.sys [?]
    S3 SUNPLUS;Micro Webcam Mobile;c:\windows\system32\drivers\SP508hp.SYS [2011-7-25 93544]
    S3 TEUSBMU;Panasonic Analog PBX USB Main Unit driver;c:\windows\system32\drivers\TEUSBMU.sys [2005-12-21 20992]
    S3 TVAUSBMU;Panasonic Voice Processing System USB Main Unit driver;c:\windows\system32\drivers\TVAUSBMU.sys [2007-6-19 20992]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
    S3 XET1001Sp50;XET1001Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\XET1001Sp50.sys [2009-8-24 35256]
    S3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [2008-7-4 5120]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: DWGTrueViewScriptFile="c:\windows\system32\notepad.exe" "%1"
    FileExt: .reg: Regedit.Document - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]
    FileExt: .ini: inifile=c:\windows\system32\NOTEPAD.EXE %1"
    .
    =============== Created Last 30 ================
    .
    2013-08-16 01:31:24 110080 ----a-r- c:\documents and settings\steve jolley\application data\microsoft\installer\{471d8b37-c5b3-4457-9fa1-b3c693334f4f}\IconF7A21AF7.exe
    2013-08-16 01:31:24 110080 ----a-r- c:\documents and settings\steve jolley\application data\microsoft\installer\{471d8b37-c5b3-4457-9fa1-b3c693334f4f}\IconD7F16134.exe
    2013-08-16 01:31:24 110080 ----a-r- c:\documents and settings\steve jolley\application data\microsoft\installer\{471d8b37-c5b3-4457-9fa1-b3c693334f4f}\IconCF33A0CE.exe
    2013-08-16 01:30:41 -------- dc----w- C:\sh4ldr
    2013-08-16 01:30:41 -------- d-----w- c:\program files\Enigma Software Group
    2013-08-16 01:28:45 -------- d-----w- c:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
    2013-08-16 00:18:15 -------- d-----w- c:\program files\CCleaner
    2013-08-01 02:08:14 -------- d-----w- c:\program files\common files\Lenovo
    2013-07-25 16:46:24 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    ==================== Find3M ====================
    .
    2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
    2013-07-13 23:27:02 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-07-13 23:27:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-04 02:59:11 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 02:08:30 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-06-22 22:15:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-22 22:15:01 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-06-22 22:15:01 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-06-22 22:15:01 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-06-17 23:09:55 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
    2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
    2013-06-02 19:30:25 646 ----a-w- c:\documents and settings\steve jolley\advanced_ip_scanner_MAC.bin
    2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
    2013-05-23 05:25:28 934488 ----a-w- c:\windows\system32\drivers\nav\1404000.028\symefa.sys
    2013-05-21 05:02:00 367704 ----a-w- c:\windows\system32\drivers\nav\1404000.028\symds.sys
    2002-08-29 13:00:00 94784 --sh--w- c:\windows\twain.dll
    2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
    2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
    2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
    2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
    2013-01-26 03:55:44 552448 --sh--w- c:\windows\system32\oleaut32.dll
    2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll
    .
    ============= FINISH: 8:16:18.36 ===============
    Attached Files Attached Files
    Last edited by tashi; 2013-08-16 at 19:25. Reason: Copy pasted DDS log into topic

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi CaboSteve,

    You can try Malwarebytes but Iam guessing it wont help the current problem. In any case though you can keep and use it as another malware app.
    Download, update and do a full scan and we will move on from there:

    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •