Trojan removal - Thx for your help

[cian31]

Hi !
My PC runs on Windows Vista.

My computer has been infected with a trojan detected by Avira Antivir Personnal : Crypt.XPACK.Gen2.
I try to put the detected files in "quarantaine" but it seems that it was no good idea...


I am currently in bad situation :
- my PC start but the desk is black with no shortcuts,
- the following error appears many times : "Failed to save all the components for the file \\System32\<number>. The file is corrupted or unreadable. This error may be caused by a PC hardware problem"
- when I look in folders (personnal folder for example), it seems empty.
- I try to download ComboFix.exe but I have the same error : "Installer integrity check has failed"


I look at the post "Read this before posting ..." and :
- I have only one antivirus running (Avira)
- I don't know if there is a default firewall running within Vista
- I can't access the control panel so to unistall suspecious programs : the dedicated menu does not appear in the Start menu and I have no icon on the desk...

- CCCleaner downloaded : same error as ComboFix
-SuperAntiSpyware is currently scanning my PC.

Thanks for your help.

[cian31]

See after the SuperAntiSpyware log.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/13/2011 at 01:16 PM

Application Version : 5.0.1136

Core Rules Database Version : 7937
Trace Rules Database Version: 5749

Scan type       : Complete Scan
Total Scan Time : 02:20:32

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned      : 695
Memory threats detected   : 0
Registry items scanned    : 36335
Registry threats detected : 1
File items scanned        : 186690
File threats detected     : 111

Disabled.TaskManager
   HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR

Adware.Tracking Cookie
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\cecile@statcounter[2].txt [ /statcounter ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\DUTYN5X6.txt [ /cofidis2.solution.weborama.fr ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\TC8Q1PN1.txt [ /doubleclick.net ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\QUDV5SZ9.txt [ /media6degrees.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\3YCVQJ1U.txt [ /xiti.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\Y3NM7KZW.txt [ /kontera.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\3Y2PTJKI.txt [ /ad6media.fr ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\94QC8L60.txt [ /smartadserver.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\UXELZNPC.txt [ /pro-market.net ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\IZP1EK7Z.txt [ /specificclick.net ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\EL8TR22L.txt [ /ad3.adfarm1.adition.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\N6PB0PFL.txt [ /mediaplex.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\ZIXMF3R4.txt [ /atdmt.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\HI7ZYA78.txt [ /boursoramabanque.solution.weborama.fr ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\R3PXAF93.txt [ /adfarm1.adition.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\69LHBNCI.txt [ /www.googleadservices.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\8WQ8ZNE7.txt [ /tribalfusion.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\8FR70M4G.txt [ /bouyguestelecom.solution.weborama.fr ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\DQC45ABA.txt [ /weborama.fr ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\E13S7U03.txt [ /serving-sys.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\HVMF2GTK.txt [ /c.atdmt.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\9E8P4HUF.txt [ /bs.serving-sys.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\U39XFNFV.txt [ /zanox.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\T7R7XPL5.txt [ /ads.bleepingcomputer.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\2A7UNBRG.txt [ /adviva.net ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\7HTN4BR2.txt [ /apmebf.com ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@tradedoubler[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@doubleclick[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@xiti[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@advertstream[1].txt [ Cookie:[email protected]/a ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@2o7[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@tacoda[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@mediaplex[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@247realmedia[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@atwola[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@advertising[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@adtech[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\DUTYN5X6.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\TC8Q1PN1.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\QUDV5SZ9.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\3YCVQJ1U.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\UXELZNPC.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\EL8TR22L.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\N6PB0PFL.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\HI7ZYA78.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\R3PXAF93.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\69LHBNCI.txt [ Cookie:[email protected]/pagead/conversion/995025306/ ]
   C:\USERS\CECILE\Cookies\8WQ8ZNE7.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\8FR70M4G.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\DQC45ABA.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\HVMF2GTK.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\9E8P4HUF.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\U39XFNFV.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\2A7UNBRG.txt [ Cookie:[email protected]/ ]
   akamai.smartadserver.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   banners.direction-x.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   bc.piximedia.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   bc.youporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   blog.sexe-*censored*-video.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   broadcast.piximedia.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   cdn4.specificclick.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   cdn5.specificclick.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   ds.serving-sys.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   files.youporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   flvtools.spacash.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   ia.media-imdb.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   macromedia.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   mb.sexetube.cc [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media.disneyinternational.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media.eurolive.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media.fdj.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media.mtvnservices.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media.thewb.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media1.break.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   pornsexe.org [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   pubhdstats2.msvp.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   s0.2mdn.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   secure-it.imrworldwide.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   secure-uk.imrworldwide.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   tracking.publicidees.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   vidii.hardsextube.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   vitamine.networldmedia.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.alltheporn.tv [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.amateur2sexe.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.bestof-sexe.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.fastforcedfuck.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.mypornmotion.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.naiadsystems.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.pornego.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.pornhub.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.porntubeamateur.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.recherche-*censored*.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.sexe-libre.org [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.sexe911.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.sexeenstreaming.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.sexetube.cc [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.trackgcm.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.ziporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   wwwstatic.megaporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AD.YIELDMANAGER ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.SORPRESOR ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CECILE@ATDMT[2].TXT [ /ATDMT ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CECILE@BLUESTREAK[1].TXT [ /BLUESTREAK ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CECILE@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WW57.SMARTADSERVER ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW3.SMARTADSERVER ]

[cian31]

An error occured :
"
Files indexation process failed.
Indexation process failure may cause :
ï File may became unreadable
ï Files and documents can be lost
ï Operation System may slow down dramatically

To prevent possible damage to this PC follow the recommendations.
Recommendations : it's highly recommended to run file integrity checker now and resolve this issue."

[cian31]

i try to install java as suggested in the post "read this before requesting ... " but it failed...
message "install failed"

[redd]

A simple and good program called Tune up Utilities will help you keep your pc running well. I think you can download it for 30 days to try. Simple and easy to use. I use it and never had any problems with my pc. And a good side kick to run alongside your antivirus is called Malwarebytes anti malware.  Just google it.  There is a free version and it works great. Highly recommend it. It helped me out with a Trojan that my antivirus could not get and it found it and got rid of it. Try it and see for your self. 

[cian31]

Thanks for your answer Redd!
As said, I started the analysis of my PC with Malwarebytes and the report seems ok. I can't post the log file : the program associated to a file .txt is now... VLC!!

I still have no more programs displayed in the start menu, no more control panel menu...
When I look at C:\ content in the explorer, there is a never ending filetree with C:\LocalDisk\C:\LocalDisk ... and so on


 

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please run this in Safe Mode with Networking. Reboot in Normal mode and see if you can run it again and post the log.

Here's how to get into Safe Mode.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[cian31]

Thanks for your answer SuperDave.
I have already done the Malwarebytes procedure but can't post the log since VLC is now attached to open the txt file. And I don't know how to change it since I have not access to the control panel (all items of strat menu has vanished).
Also, I have a new problem : PC is restarting when I try to launch Firefox... A blue screen appears with error message I have no time to read and the the PC restart.

I will try to re-do the Malwarebytes procedure in a few hours when I get back to my house...

[SuperDave]

• Please download Unhide by Grinler from here and save it to your desktop.
  
• Double click unhide.exe to run the tool.
  
• It will take some time to go through all your files, so please be patient.
• If this tool doesn´t fix the problem, please let me know.

[cian31]

Hi!
Yesterday night, while I try to install the unhide program you propose, windows proposes to restaure a system point and this time it works.
I try now to install CCcleaner to analyse cookies and suppr them.

[SuperDave]

Please try to run MBAM and post the log along with these other logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

[cian31]

SuperAntiSpyware log file :
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/17/2011 at 11:05 PM

Application Version : 5.0.1136

Core Rules Database Version : 7957
Trace Rules Database Version: 5769

Scan type       : Complete Scan
Total Scan Time : 01:49:40

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned      : 735
Memory threats detected   : 0
Registry items scanned    : 36298
Registry threats detected : 0
File items scanned        : 184686
File threats detected     : 1

Trojan.Agent/Gen-Nullo[Short]
   C:\USERS\CECILE\DOWNLOADS\VLC-PLUGIN-MULTI.EXE


Now will install DDS has you suggest.

[cian31]

See here after Attach. txt file log 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 15/12/2008 01:34:50
System Uptime: 18/11/2011 22:26:06 (0 hours ago)
.
Motherboard: HP |  | 3600
Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket M2/S1G1 | 1100/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 55,31 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1,781 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP508: 18/11/2011 01:54:55 - Windows Update
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.2 - Français
Adobe Shockwave Player
Adobe Shockwave Player 11.5
AMD USB Audio Driver Filter
Apple Application Support
Apple Software Update
Atelier Photo FNAC
Atheros Driver Installation Program
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
BadCopy Pro
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Crawler Toolbar with Web Security Guard
CyberLink DVD Suite
EasyRecovery Professional Essai
EasyRecovery Professional Trial
ESU for Microsoft Vista
FileZilla Client 3.4.0
GetDataBack for NTFS
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Doc Viewer
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP Quick Launch Buttons 6.40 J1
HP Support Assistant
HP Total Care Advisor
HP Update
HP User Guides 0128
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPTCSSetup
IDT Audio
Java Auto Updater
Java(TM) 6 Update 20
JMicron JMB38X Flash Media Controller Driver
K-Lite Codec Pack 6.8.0 (Full)
LabelPrint
LightScribe System Software  1.14.17.1
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Office Excel MUI (French) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Package de pilotes Windows - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
Picasa 3
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Skins
Skype Toolbars
Skype™ 4.2
Spyware Terminator
SUPERAntiSpyware
Synaptics Pointing Device Driver
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Office 2007 (KB934528)
VLC media player 1.1.5
Windows Media Player Firefox Plugin
.
==== End Of File ===========================

[cian31]

Please fin hereafter DDS.txt log file :

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6002.18005  BrowserJavaVersion: 1.6.0_20
Run by Cecile at 22:30:35 on 2011-11-18
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6002.2.1252.33.1036.18.3069.1922 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WerFault.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmpshare.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Barre d'outils &Crawler: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\cecile\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe"
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{56FE33FF-CF38-4567-A62A-208CAC0FE17F} : DhcpNameServer = 212.27.40.240 212.27.40.241
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cecile\appdata\roaming\mozilla\firefox\profiles\wa878qin.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\googlepicasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\cecile\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\cecile\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\cecile\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\cecile\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: iGraal: {e411bb40-b04c-11d8-92e7-00d09e0179f2} - %profile%\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}
FF - Ext: SUPERAntiSpyware Toolbar Powered by Ask.com: [email protected] - %profile%\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-7 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_805f33de\AEstSrv.exe [2008-12-15 77824]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-12-7 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-7 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-7 56816]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-11-7 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-9-24 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-9-24 116096]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-7 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-22 107360]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-12-15 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-18 07:19:03   56200   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{ced87eeb-0344-4986-b9b9-4f50290600db}\offreg.dll
2011-11-18 00:55:37   6668624   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{ced87eeb-0344-4986-b9b9-4f50290600db}\mpengine.dll
2011-11-17 08:01:34   --------   d-----w-   c:\program files\CCleaner
2011-11-13 13:17:07   --------   d-----w-   c:\users\cecile\appdata\roaming\Malwarebytes
2011-11-13 13:16:56   --------   d-----w-   c:\programdata\Malwarebytes
2011-11-13 13:16:52   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-11-13 09:55:36   --------   d--h--w-   c:\program files\Ask.com
2011-11-13 09:53:22   --------   d--h--w-   c:\users\cecile\appdata\roaming\SUPERAntiSpyware.com
2011-11-13 09:52:29   --------   d--h--w-   c:\programdata\SUPERAntiSpyware.com
2011-11-13 09:52:29   --------   d--h--w-   c:\program files\SUPERAntiSpyware
2011-11-09 17:45:36   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
2011-11-09 17:45:29   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 17:45:24   707584   ----a-w-   c:\program files\common files\system\wab32.dll
2011-11-05 10:05:35   653576   ----a-w-   c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
.
==================== Find3M  ====================
.
2011-09-06 13:30:12   2043392   ----a-w-   c:\windows\system32\win32k.sys
2011-09-02 13:39:07   1383424   ----a-w-   c:\windows\system32\mshtml.tlb
2011-08-25 16:15:04   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01   563712   ----a-w-   c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01   238080   ----a-w-   c:\windows\system32\oleacc.dll
2011-08-25 13:31:01   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
.
============= FINISH: 22:33:15,91 ===============

[SuperDave]

Can you update and run MBAM?

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************************

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
**********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.