Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS Google redirect


  • This topic is locked This topic is locked
13 replies to this topic

#1 Fatcharlie

Fatcharlie

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 26 May 2013 - 11:15 AM

Not detected by tdsskiller.exe, which says the system is clean.

 

Google randomly redirects to advertising sites, whether with Internet Explorer or with Mozilla Firefox.

 

Before coming to your site I treid ComboFix - sounds as if I might have boobed there, sorry! - any help you can give will be greatly appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 17:02:29 on 2013-05-26
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3071.2161 [GMT 1:00]
.
AV: Panda Antivirus Pro 2012 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
.
============== Running Processes ================
.
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avatron\Air Display\AirDisplay.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - c:\program files\ant.com\ie add-on\Download.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.10.0\bh\delta.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.10.0\deltaTlbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Thoosje Sidebar] c:\program files\thoosje\thoosje sidebar\Thoosje Sidebar.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Air Display Support] "c:\program files\avatron\air display\AirDisplay.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349903963375
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://83.67.122.45/DvrOcx.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://192.168.1.2/WebClient.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {FF3BA0DA-79B5-4110-8FAC-C402D85AAEDA} - hxxp://83.67.122.38/view.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{03A5F132-56C2-420C-A624-E1055E2424C8} : NameServer = 192.168.1.1
TCP: Interfaces\{B8991907-17BF-4D38-8B0D-E8526D7FF4A4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E58EC8CE-057F-49D3-81B7-5F22C73DB2C0} : DHCPNameServer = 192.168.1.254 192.168.1.254
Notify: avldr - avldr.dll
Notify: IfxWlxEN - IfxWlxEN.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
LSA: Notification Packages =  scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\bzybcskl.default\
FF - prefs.js: browser.search.selectedEngine - GMäB O[:Œ¬d)cé£ð®*‚>¼Óñ%'í”cZÆJµ¼¯&òD™
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 6528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-3-11 242240]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2012-10-11 35488]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2011-6-29 520216]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R3 AirDisplay;Air Display Support;c:\windows\system32\drivers\AVVideoCard.sys [2012-9-24 10624]
R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\drivers\AVVideoCardMirror.sys [2012-9-24 10624]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2012-10-11 35968]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-10-13 6609920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 DIRECTIO;DIRECTIO;c:\program files\performancetest\DirectIo32.sys [2013-3-11 22120]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-10-10 27064]
S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\sr9usb.sys [2011-9-10 12544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.vbe: <filetype is not registered>
FileExt: .vbs: vbsfile - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]
FileExt: .js: jsfile - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]
.jse: <filetype is not registered>
.wsf: <filetype is not registered>
.
=============== Created Last 30 ================
.
2013-05-25 15:08:25    1679360    ----a-w-    c:\windows\system32\ac3filter.acm
2013-05-25 15:08:24    --------    d-----w-    c:\program files\AC3Filter
2013-05-24 12:45:53    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2013-05-24 12:45:53    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-05-24 12:44:43    --------    d-----w-    c:\documents and settings\owner\application data\Obsidium
2013-05-24 12:44:25    --------    d-----w-    c:\program files\Delta
2013-05-24 12:44:25    --------    d-----w-    c:\documents and settings\owner\application data\Delta
2013-05-24 12:42:58    --------    d-----w-    c:\documents and settings\owner\application data\BabSolution
2013-05-24 12:40:30    --------    d-----w-    c:\program files\Mozilla Firefox(2)
2013-05-24 12:31:38    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Google
2013-05-24 08:44:11    --------    d-----w-    C:\cmdcons
2013-05-12 16:12:18    93696    ----a-w-    c:\windows\system32\sevCmd3.oca
2013-05-12 16:11:41    --------    d-----w-    c:\program files\Aerosoft
2013-05-11 15:00:31    --------    d-----w-    c:\documents and settings\owner\application data\Obsidium(3)
2013-05-11 11:48:46    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Sun
2013-05-10 14:07:03    --------    d-----w-    c:\program files\Windows Media Connect 2
2013-05-09 13:25:24    163840    --sha-r-    c:\windows\system32\ipxmontrl.dll
2013-05-09 10:29:54    --------    d-----w-    c:\windows\ShellNew
2013-05-09 10:29:54    --------    d-----w-    c:\program files\AutoHotkey
2013-05-04 16:25:30    --------    d-----w-    c:\documents and settings\owner\application data\EZCA
2013-05-04 16:15:22    --------    d-----w-    c:\program files\EZCA
2013-05-03 12:05:06    --------    d-----w-    c:\program files\MSECache
2013-05-02 12:44:03    --------    d-----w-    c:\documents and settings\all users\application data\DivX
2013-04-30 08:59:30    --------    d-----w-    c:\documents and settings\owner\logs
2013-04-28 21:05:13    139321    ----a-w-    c:\program files\microsoft games\microsoft flight simulator x\sound\pss\dash 8\loadedit_dash8.exe
2013-04-28 21:05:12    241664    ----a-w-    c:\program files\microsoft games\microsoft flight simulator x\sound\pss\dash 8\Dash8PanelConfig.exe
2013-04-28 19:51:21    241664    ----a-w-    c:\program files\microsoft games\microsoft flight simulator x\simobjects\pss\dash 8\Dash8PanelConfig.exe
2013-04-28 19:51:21    139321    ----a-w-    c:\program files\microsoft games\microsoft flight simulator x\simobjects\pss\dash 8\loadedit_dash8.exe
2013-04-28 19:48:48    241664    ----a-w-    c:\program files\microsoft games\microsoft flight simulator x\simobjects\airplanes\pss\dash 8\Dash8PanelConfig.exe
2013-04-28 19:48:48    139321    ----a-w-    c:\program files\microsoft games\microsoft flight simulator x\simobjects\airplanes\pss\dash 8\loadedit_dash8.exe
2013-04-28 19:42:05    241664    ----a-w-    c:\program files\microsoft games\microsoft flight simulator x\simobjects\airplanes\pss dash8\pss\dash 8\Dash8PanelConfig.exe
2013-04-28 19:42:05    139321    ----a-w-    c:\program files\microsoft games\microsoft flight simulator x\simobjects\airplanes\pss dash8\pss\dash 8\loadedit_dash8.exe
2013-04-28 19:19:20    241664    ----a-w-    c:\program files\microsoft games\microsoft flight simulator x\pss\dash 8\Dash8PanelConfig.exe
2013-04-28 19:19:20    139321    ----a-w-    c:\program files\microsoft games\microsoft flight simulator x\pss\dash 8\loadedit_dash8.exe
2013-04-28 19:12:42    --------    d-----w-    c:\program files\PSS Dash 8 FS2004 + ALL LIVERIES
.
==================== Find3M  ====================
.
2013-04-24 20:40:55    737280    ----a-w-    c:\windows\iun6002.exe
2013-04-23 19:36:00    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-23 19:36:00    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:17:15    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-04-16 22:17:14    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55    385024    ------w-    c:\windows\system32\html.iec
2013-04-10 01:31:19    1876352    ----a-w-    c:\windows\system32\win32k.sys
2013-04-06 09:32:18    400235    ----a-w-    c:\windows\FsClient 7.0 Uninstaller.exe
2013-04-06 09:21:19    164090    ----a-w-    c:\windows\FsXPand 7.0 Uninstaller.exe
2013-03-23 01:09:28    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-11 21:50:53    242240    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-11 20:54:33    119    --sh--w-    c:\windows\cnerolf.bin
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32:25    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31    916480    ----a-w-    c:\windows\system32\wininet(4).dll
2013-03-02 02:06:31    1212928    ----a-w-    c:\windows\system32\urlmon(4).dll
2013-03-02 02:06:31    105984    ----a-w-    c:\windows\system32\url(4).dll
2013-02-27 07:56:51    2067456    ----a-w-    c:\windows\system32\mstscax.dll
1998-12-09 02:53:54    99840    ----a-w-    c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54    70144    ----a-w-    c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54    48640    ----a-w-    c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54    31744    ----a-w-    c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54    186368    ----a-w-    c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54    17920    ----a-w-    c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 17:04:02.75 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:51 AM

Posted 26 May 2013 - 02:50 PM

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Fatcharlie

Fatcharlie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 27 May 2013 - 12:53 AM

Thanks CatByte - on it.



#4 Fatcharlie

Fatcharlie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 27 May 2013 - 12:59 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-05-2013 04
Ran by Owner (administrator) on 27-05-2013 06:54:57
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Service Pack 3, v.6368 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================

(Infineon Technologies AG) C:\WINDOWS\system32\IFXTCS.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
() C:\WINDOWS\vsnpstd.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Avatron Software, Inc) C:\Program Files\Avatron\Air Display\AirDisplay.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Ant.com) C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infineon Technologies AG) C:\WINDOWS\system32\IFXSPMGT.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\SpTna.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [7340032 2006-07-25] (NVIDIA Corporation)
HKLM\...\Run: [snpstd] C:\WINDOWS\vsnpstd.exe [286720 2004-06-10] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2013-01-17] (Apple Inc.)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM Group Policy restriction on software: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* <====== ATTENTION
HKLM\...\Winlogon: [System]
Winlogon\Notify\avldr: avldr.dll [X]
Winlogon\Notify\IfxWlxEN: IfxWlxEN.dll (Infineon Technologies AG)
Winlogon\Notify\psfus: psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [Thoosje Sidebar] C:\Program Files\Thoosje\Thoosje Sidebar\Thoosje Sidebar.exe [x]
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [Air Display Support] "C:\Program Files\Avatron\Air Display\AirDisplay.exe" [2579904 2012-09-24] (Avatron Software, Inc)
MountPoints2: {9cceaea7-8a7b-11e2-b230-0019d28efd5d} - F:\setup.exe
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]
HKU\Main\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [ 2008-06-24] (Nero AG)
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=609B0015B7032F61
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=609B0015B7032F61
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\download.dll (Ant.com)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
Toolbar: HKLM - Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
PDF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
PDF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
PDF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
PDF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
PDF: {9B479D7B-916A-45B0-B042-D42865A60E21} http://83.67.122.45/DvrOcx.cab
PDF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://192.168.1.2/WebClient.cab
PDF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
PDF: {FF3BA0DA-79B5-4110-8FAC-C402D85AAEDA} http://83.67.122.38/view.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [245248] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{03A5F132-56C2-420C-A624-E1055E2424C8}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bzybcskl.default
FF SearchEngine: GMäB O[:Œ¬d)cé£ð®*‚>¼Óñ%'í”cZÆJµ¼¯&òD™
FF Homepage: hxxp://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

R2 AntUpdaterService; C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe [520216 2011-06-29] (Ant.com)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-28] (Flexera Software, Inc.)
R2 IFXSpMgtSrv; C:\WINDOWS\system32\IFXSPMGT.exe [458752 2012-10-11] (Infineon Technologies AG)
R2 IFXTCS; C:\WINDOWS\system32\IFXTCS.exe [647168 2012-10-11] (Infineon Technologies AG)
R2 PersonalSecureDriveService; C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE [173600 2012-10-11] (Infineon Technologies AG)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]

==================== Drivers (Whitelisted) ====================

R3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [10624 2012-09-24] (Windows ® Win 7 DDK provider)
R3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [10624 2012-09-24] (Windows ® Win 7 DDK provider)
S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [224808 2011-10-13] (Broadcom Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-02-12] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo32.sys [22120 2012-08-13] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-11] (DT Soft Ltd)
R2 FdRedir; C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [13568 2006-05-05] (UPEK Inc.)
R2 FileDisk2; C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [33024 2006-05-05] (UPEK Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [137728 2004-08-12] (Windows ® Server 2003 DDK provider)
R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [35968 2012-10-11] (Infineon Technologies AG)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-02-12] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-02-12] (Microsoft Corporation)
S3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [3632384 2008-08-29] (Intel Corporation)
R3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6609920 2011-10-13] (Intel Corporation)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [35488 2012-10-11] (Infineon Technologies AG)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-02-12] (Microsoft Corporation)
R2 smihlp; C:\Program Files\Protector Suite QL\smihlp.sys [3456 2006-05-05] (UPEK Inc.)
S3 snpstd; C:\Windows\System32\DRIVERS\snpstd.sys [390784 2005-08-23] ()
S3 SR9USB; C:\Windows\System32\DRIVERS\sr9usb.sys [12544 2009-02-08] (SUPERAL Semiconductor, Inc.)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1106888 2012-10-11] (SigmaTel, Inc.)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-02-12] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-02-12] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
U2 CertPropSvc;
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-27 06:54 - 2013-05-27 06:54 - 01355217 ____A (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2013-05-27 06:54 - 2013-05-27 06:54 - 00000000 ____D C:\FRST
2013-05-26 17:04 - 2013-05-26 17:05 - 00014183 ____A C:\Documents and Settings\Owner\Desktop\dds.txt
2013-05-26 17:04 - 2013-05-26 17:04 - 00010526 ____A C:\Documents and Settings\Owner\Desktop\attach.txt
2013-05-26 17:01 - 2013-05-26 17:00 - 00688992 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.com
2013-05-25 16:08 - 2013-05-25 16:08 - 00000000 ____D C:\Program Files\AC3Filter
2013-05-25 16:08 - 2013-04-05 21:26 - 01679360 ____A C:\Windows\System32\ac3filter.acm
2013-05-25 16:04 - 2013-05-25 16:04 - 00000000 ____A C:\END
2013-05-25 14:49 - 2013-05-25 14:49 - 01812950 ____A C:\Documents and Settings\Owner\Desktop\CirceFace.bmp
2013-05-25 14:03 - 2013-05-25 14:51 - 00443174 ____A C:\Documents and Settings\Owner\Desktop\CirceLogo.bmp
2013-05-25 10:47 - 2013-05-25 11:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-24 16:06 - 2013-05-24 16:06 - 00001935 ____A C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-05-24 16:05 - 2013-05-25 09:58 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-05-24 14:20 - 2013-05-24 14:19 - 00106496 ____A C:\Windows\Minidump\Mini052413-07.dmp
2013-05-24 14:06 - 2013-05-24 14:05 - 00106496 ____A C:\Windows\Minidump\Mini052413-06.dmp
2013-05-24 14:01 - 2013-05-24 14:01 - 00106496 ____A C:\Windows\Minidump\Mini052413-05.dmp
2013-05-24 13:57 - 2013-05-24 13:56 - 00106496 ____A C:\Windows\Minidump\Mini052413-04.dmp
2013-05-24 13:52 - 2013-05-24 13:52 - 00106496 ____A C:\Windows\Minidump\Mini052413-03.dmp
2013-05-24 13:44 - 2013-05-24 13:44 - 00000000 ____D C:\Program Files\Delta
2013-05-24 13:44 - 2013-05-24 13:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Obsidium
2013-05-24 13:44 - 2013-05-24 13:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Delta
2013-05-24 13:42 - 2013-05-24 13:42 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\BabSolution
2013-05-24 13:40 - 2013-05-24 13:44 - 00000000 ____D C:\Program Files\Mozilla Firefox(2)
2013-05-24 13:36 - 2013-05-24 13:36 - 00106496 ____A C:\Windows\Minidump\Mini052413-02.dmp
2013-05-24 13:34 - 2013-05-24 13:34 - 00106496 ____A C:\Windows\Minidump\Mini052413-01.dmp
2013-05-24 13:31 - 2013-05-27 06:53 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-24 13:31 - 2013-05-27 06:51 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-24 13:31 - 2013-05-24 13:48 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Google
2013-05-24 12:27 - 2013-05-24 12:27 - 00021551 ____A C:\ComboFix.txt
2013-05-24 09:52 - 2013-05-24 09:52 - 00016384 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-05-24 09:52 - 2013-05-24 09:52 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-05-24 09:52 - 2013-05-24 09:52 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-05-24 09:52 - 2013-05-24 09:52 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-05-24 09:52 - 2013-05-24 09:52 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-05-24 09:44 - 2013-05-24 13:40 - 00000000 ____D C:\cmdcons
2013-05-24 09:44 - 2013-03-11 15:48 - 00000211 ____A C:\Boot.bak
2013-05-24 09:44 - 2004-08-03 23:00 - 00260272 _RASH C:\cmldr
2013-05-24 09:34 - 2013-05-24 13:40 - 00000000 ____D C:\Qoobox
2013-05-24 09:34 - 2013-05-24 13:39 - 00000000 ____D C:\Windows\erdnt
2013-05-24 08:14 - 2013-05-24 15:02 - 00004341 ____A C:\Documents and Settings\Owner\Desktop\TonyLetter.txt
2013-05-23 19:46 - 2013-05-24 15:36 - 00022382 ____A C:\Windows\KB2829530-IE8.log
2013-05-23 19:39 - 2013-05-24 15:30 - 00013221 ____A C:\Windows\KB2820197.log
2013-05-23 19:39 - 2013-05-24 15:30 - 00011121 ____A C:\Windows\KB2847204-IE8.log
2013-05-23 19:39 - 2013-05-24 15:30 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-23 19:39 - 2013-05-24 13:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-20 22:19 - 2013-05-24 15:30 - 00019686 ____A C:\Windows\KB2829361.log
2013-05-12 17:12 - 2010-03-28 11:58 - 00093696 ____A C:\Windows\System32\sevCmd3.oca
2013-05-12 17:11 - 2013-05-12 17:11 - 00000000 ____D C:\Program Files\Aerosoft
2013-05-11 16:00 - 2013-05-11 16:00 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Obsidium(3)
2013-05-11 12:48 - 2013-05-11 12:48 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
2013-05-11 11:23 - 2013-05-24 13:44 - 00000000 ___DC C:\Windows\$NtUninstallKB939683$
2013-05-11 11:23 - 2013-05-24 13:44 - 00000000 ___DC C:\Windows\$NtUninstallKB929399$
2013-05-11 11:23 - 2013-05-11 11:23 - 00013762 ____A C:\Windows\KB929399.log
2013-05-11 11:22 - 2013-05-24 13:44 - 00000000 ___DC C:\Windows\$NtUninstallKB954154_WM11$
2013-05-11 11:22 - 2013-05-11 11:23 - 00013482 ____A C:\Windows\KB939683.log
2013-05-11 11:22 - 2013-05-11 11:22 - 00004163 ____A C:\Windows\KB954154.log
2013-05-11 11:18 - 2013-05-11 11:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sun
2013-05-11 11:15 - 2013-05-11 11:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2013-05-11 11:14 - 2013-05-11 11:14 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Sun
2013-05-11 03:13 - 2013-05-11 03:13 - 00005747 ____A C:\Windows\KB954155.log
2013-05-11 03:13 - 2013-05-11 03:13 - 00005654 ____A C:\Windows\KB975558.log
2013-05-11 03:13 - 2013-05-11 03:13 - 00005359 ____A C:\Windows\KB2378111.log
2013-05-11 03:12 - 2013-05-11 11:23 - 00000634 ____A C:\Windows\spupdsvc.log.1.log
2013-05-11 03:12 - 2013-05-11 03:13 - 00014873 ____A C:\Windows\KB941569.log
2013-05-11 03:12 - 2013-05-11 03:12 - 00010718 ____A C:\Windows\KB952069.log
2013-05-11 03:12 - 2013-05-11 03:12 - 00005717 ____A C:\Windows\KB978695.log
2013-05-10 15:07 - 2013-05-24 13:45 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2013-05-10 15:07 - 2013-05-10 15:07 - 00006365 ____A C:\Windows\MSCompPackV1.log
2013-05-10 15:07 - 2013-05-10 15:07 - 00000000 ___DC C:\Windows\$NtUninstallMSCompPackV1$
2013-05-10 15:07 - 2009-01-07 18:20 - 00016928 ____A (Microsoft Corporation) C:\Windows\System32\spmsg.dll
2013-05-10 15:06 - 2013-05-24 13:45 - 00000000 ___DC C:\Windows\$NtUninstallwmp11$
2013-05-10 15:06 - 2013-05-10 15:07 - 00023218 ____A C:\Windows\wmp11.log
2013-05-10 15:05 - 2013-05-24 13:45 - 00000000 ___DC C:\Windows\$NtUninstallWMFDist11$
2013-05-10 15:05 - 2013-05-10 15:06 - 00030576 ____A C:\Windows\WMFDist11.log
2013-05-10 15:05 - 2013-05-10 15:05 - 00000000 ___DC C:\Windows\$NtUninstallWudf01000$
2013-05-10 15:04 - 2013-05-10 15:05 - 00016021 ____A C:\Windows\Wudf01000Inst.log
2013-05-09 14:25 - 2013-05-27 06:51 - 00000318 ____A C:\Windows\Tasks\Vcklfyfoq.job
2013-05-09 14:25 - 2013-05-09 14:25 - 00163840 _RASH C:\Windows\System32\ipxmontrl.dll
2013-05-09 11:34 - 2013-05-09 11:36 - 00001377 ____A C:\Documents and Settings\Owner\My Documents\AutoHotkey.ahk
2013-05-09 11:29 - 2013-05-09 11:29 - 00000000 ____D C:\Windows\ShellNew
2013-05-09 11:29 - 2013-05-09 11:29 - 00000000 ____D C:\Program Files\AutoHotkey
2013-05-04 17:25 - 2013-05-04 17:25 - 00000700 ____A C:\Documents and Settings\All Users\Desktop\English Manual.pdf.lnk
2013-05-04 17:25 - 2013-05-04 17:25 - 00000658 ____A C:\Documents and Settings\All Users\Desktop\EZCA Config.exe.lnk
2013-05-04 17:25 - 2013-05-04 17:25 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\EZCA
2013-05-04 17:15 - 2013-05-04 17:25 - 00000000 ____D C:\Program Files\EZCA
2013-05-03 13:05 - 2013-05-03 13:05 - 00000000 ____D C:\Program Files\MSECache
2013-05-02 13:50 - 2013-05-02 13:50 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\DivX
2013-05-02 13:47 - 2013-05-02 13:47 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\DivX Movies
2013-05-02 13:44 - 2013-05-02 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
2013-04-30 19:50 - 2013-04-30 19:50 - 00003311 ____A C:\Documents and Settings\Owner\Desktop\NickSocialMedia.txt
2013-04-28 22:02 - 2013-04-30 15:39 - 00001020 ____A C:\Documents and Settings\Owner\Desktop\Dash 8 Q-300  PAX loader.lnk
2013-04-28 20:12 - 2013-04-28 20:13 - 00000000 ____D C:\Program Files\PSS Dash 8 FS2004 + ALL LIVERIES

==================== One Month Modified Files and Folders ========

2013-05-27 06:54 - 2013-05-27 06:54 - 01355217 ____A (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2013-05-27 06:54 - 2013-05-27 06:54 - 00000000 ____D C:\FRST
2013-05-27 06:53 - 2013-05-24 13:31 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-27 06:53 - 2011-07-26 10:55 - 01479422 ____A C:\Windows\WindowsUpdate.log
2013-05-27 06:52 - 2011-12-31 21:51 - 00000159 ___AC C:\Windows\wiadebug.log
2013-05-27 06:52 - 2011-12-31 21:51 - 00000049 ___AC C:\Windows\wiaservc.log
2013-05-27 06:52 - 2004-08-04 13:00 - 00012598 ____A C:\Windows\System32\wpa.dbl
2013-05-27 06:51 - 2013-05-24 13:31 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-27 06:51 - 2013-05-09 14:25 - 00000318 ____A C:\Windows\Tasks\Vcklfyfoq.job
2013-05-27 06:51 - 2012-10-10 22:50 - 00000000 ____A C:\Windows\System32\NvwsApps.xml
2013-05-27 06:51 - 2011-07-26 11:05 - 00000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini
2013-05-27 06:51 - 2011-07-26 11:04 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-05-27 06:51 - 2011-07-26 11:04 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-27 06:51 - 2011-07-26 11:01 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-05-26 21:46 - 2011-07-26 11:05 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2013-05-26 21:46 - 2011-07-26 11:04 - 00032494 ____A C:\Windows\SchedLgU.Txt
2013-05-26 20:43 - 2011-07-26 11:44 - 00653498 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-26 17:05 - 2013-05-26 17:04 - 00014183 ____A C:\Documents and Settings\Owner\Desktop\dds.txt
2013-05-26 17:04 - 2013-05-26 17:04 - 00010526 ____A C:\Documents and Settings\Owner\Desktop\attach.txt
2013-05-26 17:00 - 2013-05-26 17:01 - 00688992 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.com
2013-05-26 16:51 - 2011-10-07 21:46 - 00370177 ____A C:\Windows\setupapi.log
2013-05-25 16:08 - 2013-05-25 16:08 - 00000000 ____D C:\Program Files\AC3Filter
2013-05-25 16:04 - 2013-05-25 16:04 - 00000000 ____A C:\END
2013-05-25 16:02 - 2011-10-09 22:03 - 00000069 ____A C:\Windows\NeroDigital.ini
2013-05-25 16:02 - 2011-09-09 22:12 - 00011776 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-25 14:51 - 2013-05-25 14:03 - 00443174 ____A C:\Documents and Settings\Owner\Desktop\CirceLogo.bmp
2013-05-25 14:49 - 2013-05-25 14:49 - 01812950 ____A C:\Documents and Settings\Owner\Desktop\CirceFace.bmp
2013-05-25 11:15 - 2013-05-25 10:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-25 09:58 - 2013-05-24 16:05 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-05-25 09:58 - 2013-03-12 16:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-24 20:15 - 2013-03-11 20:06 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-24 18:40 - 2011-10-07 21:46 - 00024790 ___AC C:\Windows\wmsetup.log
2013-05-24 16:06 - 2013-05-24 16:06 - 00001935 ____A C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-05-24 16:02 - 2011-10-03 20:20 - 03519056 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-24 15:36 - 2013-05-23 19:46 - 00022382 ____A C:\Windows\KB2829530-IE8.log
2013-05-24 15:36 - 2011-10-12 14:11 - 00041023 ____A C:\Windows\updspapi.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00669983 ____A C:\Windows\iis6.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00560072 ____A C:\Windows\FaxSetup.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00282368 ____A C:\Windows\ocgen.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00262576 ____A C:\Windows\tsoc.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00187932 ____A C:\Windows\comsetup.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00184546 ____A C:\Windows\msmqinst.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00115941 ____A C:\Windows\ntdtcsetup.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00098543 ____A C:\Windows\netfxocm.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00039389 ____A C:\Windows\MedCtrOC.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00031524 ____A C:\Windows\ocmsn.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00028637 ____A C:\Windows\msgsocm.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00028391 ____A C:\Windows\tabletoc.log
2013-05-24 15:36 - 2011-10-07 22:31 - 00001374 ____A C:\Windows\imsins.log
2013-05-24 15:30 - 2013-05-23 19:39 - 00013221 ____A C:\Windows\KB2820197.log
2013-05-24 15:30 - 2013-05-23 19:39 - 00011121 ____A C:\Windows\KB2847204-IE8.log
2013-05-24 15:30 - 2013-05-23 19:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-24 15:30 - 2013-05-20 22:19 - 00019686 ____A C:\Windows\KB2829361.log
2013-05-24 15:30 - 2011-10-07 22:31 - 00001374 ____A C:\Windows\imsins.BAK
2013-05-24 15:30 - 2011-07-26 11:38 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-24 15:02 - 2013-05-24 08:14 - 00004341 ____A C:\Documents and Settings\Owner\Desktop\TonyLetter.txt
2013-05-24 14:30 - 2011-07-26 10:55 - 00000000 ____D C:\Windows\System32\DirectX
2013-05-24 14:29 - 2013-03-24 23:47 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-05-24 14:19 - 2013-05-24 14:20 - 00106496 ____A C:\Windows\Minidump\Mini052413-07.dmp
2013-05-24 14:05 - 2013-05-24 14:06 - 00106496 ____A C:\Windows\Minidump\Mini052413-06.dmp
2013-05-24 14:01 - 2013-05-24 14:01 - 00106496 ____A C:\Windows\Minidump\Mini052413-05.dmp
2013-05-24 13:56 - 2013-05-24 13:57 - 00106496 ____A C:\Windows\Minidump\Mini052413-04.dmp
2013-05-24 13:52 - 2013-05-24 13:52 - 00106496 ____A C:\Windows\Minidump\Mini052413-03.dmp
2013-05-24 13:48 - 2013-05-24 13:31 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Google
2013-05-24 13:45 - 2013-05-10 15:07 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2013-05-24 13:45 - 2013-05-10 15:06 - 00000000 ___DC C:\Windows\$NtUninstallwmp11$
2013-05-24 13:45 - 2013-05-10 15:05 - 00000000 ___DC C:\Windows\$NtUninstallWMFDist11$
2013-05-24 13:45 - 2013-03-15 21:56 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\uTorrent
2013-05-24 13:45 - 2011-09-11 23:53 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-24 13:45 - 2011-07-26 10:53 - 00000000 ____D C:\Windows\Registration
2013-05-24 13:44 - 2013-05-24 13:44 - 00000000 ____D C:\Program Files\Delta
2013-05-24 13:44 - 2013-05-24 13:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Obsidium
2013-05-24 13:44 - 2013-05-24 13:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Delta
2013-05-24 13:44 - 2013-05-24 13:40 - 00000000 ____D C:\Program Files\Mozilla Firefox(2)
2013-05-24 13:44 - 2013-05-11 11:23 - 00000000 ___DC C:\Windows\$NtUninstallKB939683$
2013-05-24 13:44 - 2013-05-11 11:23 - 00000000 ___DC C:\Windows\$NtUninstallKB929399$
2013-05-24 13:44 - 2013-05-11 11:22 - 00000000 ___DC C:\Windows\$NtUninstallKB954154_WM11$
2013-05-24 13:42 - 2013-05-24 13:42 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\BabSolution
2013-05-24 13:42 - 2013-05-23 19:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-24 13:40 - 2013-05-24 09:44 - 00000000 ____D C:\cmdcons
2013-05-24 13:40 - 2013-05-24 09:34 - 00000000 ____D C:\Qoobox
2013-05-24 13:39 - 2013-05-24 09:34 - 00000000 ____D C:\Windows\erdnt
2013-05-24 13:36 - 2013-05-24 13:36 - 00106496 ____A C:\Windows\Minidump\Mini052413-02.dmp
2013-05-24 13:34 - 2013-05-24 13:34 - 00106496 ____A C:\Windows\Minidump\Mini052413-01.dmp
2013-05-24 12:27 - 2013-05-24 12:27 - 00021551 ____A C:\ComboFix.txt
2013-05-24 12:23 - 2004-08-04 13:00 - 00000227 ____A C:\Windows\system.ini
2013-05-24 09:53 - 2011-07-26 11:43 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-05-24 09:53 - 2011-07-26 11:43 - 00028672 ____A C:\Windows\System32\config\SAM.bak
2013-05-24 09:53 - 2011-07-26 11:41 - 35389440 ____A C:\Windows\System32\config\software.bak
2013-05-24 09:53 - 2011-07-26 11:41 - 07864320 ____A C:\Windows\System32\config\system.bak
2013-05-24 09:53 - 2011-07-26 11:41 - 00786432 ____A C:\Windows\System32\config\default.bak
2013-05-24 09:52 - 2013-05-24 09:52 - 00016384 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-05-24 09:52 - 2013-05-24 09:52 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-05-24 09:52 - 2013-05-24 09:52 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-05-24 09:52 - 2013-05-24 09:52 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-05-24 09:52 - 2013-05-24 09:52 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-05-23 19:39 - 2012-09-07 23:47 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-12 22:42 - 2013-04-16 19:16 - 00000000 ____D C:\Program Files\FSBuild
2013-05-12 17:11 - 2013-05-12 17:11 - 00000000 ____D C:\Program Files\Aerosoft
2013-05-12 17:11 - 2011-07-26 14:02 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-05-11 16:00 - 2013-05-11 16:00 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Obsidium(3)
2013-05-11 16:00 - 2013-03-27 01:17 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Multi Crew Experience
2013-05-11 16:00 - 2004-08-04 13:00 - 00000161 ____A C:\Windows\win.ini
2013-05-11 15:48 - 2013-03-27 01:17 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\VoxKey
2013-05-11 13:39 - 2013-04-04 12:43 - 00000000 ____D C:\Program Files\vasfmc-2.0a9
2013-05-11 13:39 - 2013-03-11 21:34 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Flight Simulator X Files
2013-05-11 12:48 - 2013-05-11 12:48 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
2013-05-11 11:23 - 2013-05-11 11:23 - 00013762 ____A C:\Windows\KB929399.log
2013-05-11 11:23 - 2013-05-11 11:22 - 00013482 ____A C:\Windows\KB939683.log
2013-05-11 11:23 - 2013-05-11 03:12 - 00000634 ____A C:\Windows\spupdsvc.log.1.log
2013-05-11 11:22 - 2013-05-11 11:22 - 00004163 ____A C:\Windows\KB954154.log
2013-05-11 11:18 - 2013-05-11 11:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sun
2013-05-11 11:15 - 2013-05-11 11:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2013-05-11 11:14 - 2013-05-11 11:14 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Sun
2013-05-11 03:13 - 2013-05-11 03:13 - 00005747 ____A C:\Windows\KB954155.log
2013-05-11 03:13 - 2013-05-11 03:13 - 00005654 ____A C:\Windows\KB975558.log
2013-05-11 03:13 - 2013-05-11 03:13 - 00005359 ____A C:\Windows\KB2378111.log
2013-05-11 03:13 - 2013-05-11 03:12 - 00014873 ____A C:\Windows\KB941569.log
2013-05-11 03:12 - 2013-05-11 03:12 - 00010718 ____A C:\Windows\KB952069.log
2013-05-11 03:12 - 2013-05-11 03:12 - 00005717 ____A C:\Windows\KB978695.log
2013-05-10 15:07 - 2013-05-10 15:07 - 00006365 ____A C:\Windows\MSCompPackV1.log
2013-05-10 15:07 - 2013-05-10 15:07 - 00000000 ___DC C:\Windows\$NtUninstallMSCompPackV1$
2013-05-10 15:07 - 2013-05-10 15:06 - 00023218 ____A C:\Windows\wmp11.log
2013-05-10 15:07 - 2013-03-17 18:15 - 00351348 ____A C:\Windows\spupdsvc.log
2013-05-10 15:07 - 2011-07-26 11:34 - 00000000 ____D C:\Windows\Help
2013-05-10 15:06 - 2013-05-10 15:05 - 00030576 ____A C:\Windows\WMFDist11.log
2013-05-10 15:06 - 2011-07-26 10:56 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2013-05-10 15:05 - 2013-05-10 15:05 - 00000000 ___DC C:\Windows\$NtUninstallWudf01000$
2013-05-10 15:05 - 2013-05-10 15:04 - 00016021 ____A C:\Windows\Wudf01000Inst.log
2013-05-10 09:33 - 2011-07-26 10:54 - 00000000 ____D C:\Windows\System32\Restore
2013-05-09 16:51 - 2013-04-19 12:06 - 00011264 ____A C:\Documents and Settings\Owner\Desktop\RHGreekXPs.xls
2013-05-09 14:25 - 2013-05-09 14:25 - 00163840 _RASH C:\Windows\System32\ipxmontrl.dll
2013-05-09 11:36 - 2013-05-09 11:34 - 00001377 ____A C:\Documents and Settings\Owner\My Documents\AutoHotkey.ahk
2013-05-09 11:29 - 2013-05-09 11:29 - 00000000 ____D C:\Windows\ShellNew
2013-05-09 11:29 - 2013-05-09 11:29 - 00000000 ____D C:\Program Files\AutoHotkey
2013-05-08 09:00 - 2013-03-26 22:57 - 00000000 ____D C:\Program Files\rcv4x
2013-05-07 08:22 - 2013-03-13 13:25 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\JobStuff
2013-05-07 05:27 - 2008-02-12 14:59 - 06015488 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-07 05:27 - 2008-02-12 14:59 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-06 20:26 - 2013-03-12 17:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AirDisplay
2013-05-06 20:24 - 2011-11-11 03:18 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-05-06 18:37 - 2013-03-26 23:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
2013-05-04 21:18 - 2013-04-16 21:33 - 00000000 ____D C:\Program Files\PilotEdge
2013-05-04 17:25 - 2013-05-04 17:25 - 00000700 ____A C:\Documents and Settings\All Users\Desktop\English Manual.pdf.lnk
2013-05-04 17:25 - 2013-05-04 17:25 - 00000658 ____A C:\Documents and Settings\All Users\Desktop\EZCA Config.exe.lnk
2013-05-04 17:25 - 2013-05-04 17:25 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\EZCA
2013-05-04 17:25 - 2013-05-04 17:15 - 00000000 ____D C:\Program Files\EZCA
2013-05-04 16:49 - 2011-10-04 01:04 - 00046128 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-03 13:05 - 2013-05-03 13:05 - 00000000 ____D C:\Program Files\MSECache
2013-05-03 13:05 - 2011-07-26 11:44 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-03 12:57 - 2013-03-12 00:23 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\FS
2013-05-02 16:22 - 2013-04-09 10:49 - 00000000 ____D C:\Program Files\Xvid
2013-05-02 13:50 - 2013-05-02 13:50 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\DivX
2013-05-02 13:47 - 2013-05-02 13:47 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\DivX Movies
2013-05-02 13:47 - 2013-05-02 13:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
2013-05-02 13:47 - 2013-03-12 17:27 - 00000000 ____D C:\Program Files\DivX
2013-05-02 13:46 - 2013-03-12 17:25 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-04-30 19:50 - 2013-04-30 19:50 - 00003311 ____A C:\Documents and Settings\Owner\Desktop\NickSocialMedia.txt
2013-04-30 15:39 - 2013-04-28 22:02 - 00001020 ____A C:\Documents and Settings\Owner\Desktop\Dash 8 Q-300  PAX loader.lnk
2013-04-28 20:13 - 2013-04-28 20:12 - 00000000 ____D C:\Program Files\PSS Dash 8 FS2004 + ALL LIVERIES
2013-04-28 19:11 - 2011-10-07 22:31 - 00001240 ____A C:\Windows\setupact.log
2013-04-28 11:38 - 2013-03-22 17:36 - 00004096 ____A C:\Documents and Settings\Owner\Application Data\DirectShowCameraGraph_ERROR.grf

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-02-12 14:59] - [2008-02-12 14:59] - 1033728 ____A (Microsoft Corporation) cb7c9e2ba846da0afabd19de6b6f2006

C:\Windows\System32\winlogon.exe
[2008-02-12 15:00] - [2008-02-12 15:00] - 0507904 ____A (Microsoft Corporation) 57021a062c8e266c0a2a636450364b43

C:\Windows\System32\svchost.exe
[2008-02-12 14:59] - [2008-02-12 14:59] - 0014336 ____A (Microsoft Corporation) 0c54d685cfa1d5054f59f08adaf71248

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2008-02-12 14:59] - [2008-02-12 14:59] - 0578560 ____A (Microsoft Corporation) 7e02d28a2bdb710887815c41189014c1

C:\Windows\System32\userinit.exe
[2008-02-12 14:59] - [2008-02-12 14:59] - 0026112 ____A (Microsoft Corporation) e7fa45622ea5f16c9bc7379591262b25

C:\Windows\System32\Drivers\volsnap.sys
[2008-02-12 03:13] - [2008-02-12 03:13] - 0052352 ____A (Microsoft Corporation) 4b7a8d499374ede1fdc7cec22094e12e


==================== End Of Log ============================

 

Attached Files



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:51 AM

Posted 27 May 2013 - 07:36 AM

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).

Save it on the desktop as fixlist.txt
 
start
HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = [url=http://www.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=609B0015B7032F61]http://www.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=609B0015B7032F61[/url]
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = [url=http://www.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=609B0015B7032F61]http://www.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=609B0015B7032F61[/url]
SearchScopes: HKCU - ÛÆîZ§2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×(ä¼48иpatm6êo^Mp`Ëõ÷_i£w¾!Áûx¢8ÙjÀÿþ ´Ñ;áa´[¦8 º~RÙxòÜ8'£-)x­ä­ URL =
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF SearchEngine: GMäB O[:¬d)cé£ð®*>¼Óñ%'ícZÆJµ¼¯&òD
2013-05-24 13:44 - 2013-05-24 13:44 - 00000000 ____D C:\Program Files\Delta
2013-05-09 14:25 - 2013-05-27 06:51 - 00000318 ____A C:\Windows\Tasks\Vcklfyfoq.job
2013-05-09 14:25 - 2013-05-09 14:25 - 00163840 _RASH C:\Windows\System32\ipxmontrl.dll
end
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the FIX button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


NEXT

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 27 May 2013 - 07:36 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Fatcharlie

Fatcharlie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 28 May 2013 - 03:18 AM

Hi CatByte,

 

Thanks so much for helping me out, I really appreciate your time and commitment.

 

When I mistakenly ran ComboFix before, it told me my anti virus - Panda Antivirus Pro 2012

 - was running.

 

This was a surprise to me as I hadn't installed it - but not necessarily too worrying because this laptop is second-hand, bought from my local computer shop. Panda Antivirus Pro 2012 may have been installed by them. But I couldn't find anywhere to stop the AV - any suggestions?

 

Thanks :-)



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:51 AM

Posted 28 May 2013 - 10:21 AM

just continue on with it, it is seeing leftovers, I can remove it with a script

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Fatcharlie

Fatcharlie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 29 May 2013 - 02:11 AM

Ok here are the FRST and ComboFix logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-05-2013 04
Ran by Owner at 2013-05-28 21:55:02 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal

==============================================

\DefaultScope => Error setting value.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\SearchScopes: HKCU - ÛÆîZ§2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×(ä¼48иpatm6êo^Mp`Ëõ÷_i£w¾!Áûx¢8ÙjÀÿþ ´Ñ;áa´[¦8 º~RÙxòÜ8'£-)x­ä­ URL = => Key not found.
HKCR\CLSID\SearchScopes: HKCU - ÛÆîZ§2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×(ä¼48иpatm6êo^Mp`Ëõ÷_i£w¾!Áûx¢8ÙjÀÿþ ´Ñ;áa´[¦8 º~RÙxòÜ8'£-)x­ä­ URL = => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Value deleted successfully.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
C:\Program Files\Delta => Moved successfully.
C:\Windows\Tasks\Vcklfyfoq.job => Moved successfully.
Could not move C:\Windows\System32\ipxmontrl.dll. => Scheduled to move on reboot.

=========== Result of Scheduled Files to move ===========
C:\Windows\System32\ipxmontrl.dll => File moved successfully.

==== End of Fixlog ====

 

 

ComboFix 13-05-28.02 - Owner 28/05/2013  22:08:31.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3071.2473 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Panda Antivirus Pro 2012 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\vrlogon.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-28 to 2013-05-28  )))))))))))))))))))))))))))))))
.
.
2013-05-28 20:46 . 2013-05-28 20:46    --------    d-----w-    c:\documents and settings\All Users\Application Data\Adobe Systems
2013-05-28 20:46 . 2013-05-28 20:46    --------    d-----w-    c:\program files\Common Files\Adobe Systems Shared
2013-05-27 05:54 . 2013-05-28 20:56    --------    d-----w-    C:\FRST
2013-05-25 15:08 . 2013-04-05 20:26    1679360    ----a-w-    c:\windows\system32\ac3filter.acm
2013-05-25 15:08 . 2013-05-25 15:08    --------    d-----w-    c:\program files\AC3Filter
2013-05-24 15:05 . 2013-05-25 08:58    --------    d-----w-    c:\program files\Mozilla Thunderbird
2013-05-24 12:45 . 2013-05-24 12:45    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-05-11 10:15 . 2013-05-11 10:15    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee
2013-05-10 14:07 . 2013-05-24 12:45    --------    d-----w-    c:\program files\Windows Media Connect 2
2013-05-10 14:05 . 2013-05-24 12:45    --------    d-----w-    c:\windows\system32\drivers\UMDF
2013-05-09 10:29 . 2013-05-09 10:29    --------    d-----w-    c:\windows\ShellNew
2013-05-09 10:29 . 2013-05-09 10:29    --------    d-----w-    c:\program files\AutoHotkey
2013-05-04 16:25 . 2013-05-04 16:25    --------    d-----w-    c:\documents and settings\Owner\Application Data\EZCA
2013-05-04 16:15 . 2013-05-04 16:25    --------    d-----w-    c:\program files\EZCA
2013-05-03 12:05 . 2013-05-03 12:05    --------    d-----w-    c:\program files\MSECache
2013-05-02 12:50 . 2013-05-02 12:50    --------    d-----w-    c:\documents and settings\Owner\Application Data\DivX
2013-05-02 12:44 . 2013-05-02 12:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\DivX
2013-04-30 08:59 . 2013-05-03 11:57    --------    d-----w-    c:\documents and settings\Owner\logs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-23 19:36 . 2013-04-03 20:26    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-23 19:36 . 2011-08-20 21:11    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:17 . 2008-02-12 13:59    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2008-02-12 14:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-04-16 22:17 . 2008-02-12 13:58    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-04-12 23:28 . 2008-02-12 02:28    385024    ------w-    c:\windows\system32\html.iec
2013-04-10 01:31 . 2008-02-12 03:05    1876352    ----a-w-    c:\windows\system32\win32k.sys
2013-04-06 09:32 . 2013-04-06 09:32    400235    ----a-w-    c:\windows\FsClient 7.0 Uninstaller.exe
2013-04-06 09:21 . 2013-04-06 09:21    164090    ----a-w-    c:\windows\FsXPand 7.0 Uninstaller.exe
2013-03-23 01:09 . 2013-03-23 01:09    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-11 21:50 . 2013-03-11 21:50    242240    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-08 08:36 . 2008-02-12 13:59    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2008-02-12 03:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2008-02-12 03:05    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2008-02-12 13:59    916480    ----a-w-    c:\windows\system32\wininet(4).dll
2013-03-02 02:06 . 2008-02-12 13:59    1212928    ----a-w-    c:\windows\system32\urlmon(4).dll
2013-03-02 02:06 . 2008-02-12 13:59    105984    ----a-w-    c:\windows\system32\url(4).dll
1998-12-09 02:53 . 1998-12-09 02:53    99840    ----a-w-    c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53    70144    ----a-w-    c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53    48640    ----a-w-    c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53    31744    ----a-w-    c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53    186368    ----a-w-    c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53    17920    ----a-w-    c:\program files\Common Files\IRASRIAL.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thoosje Sidebar"="c:\program files\Thoosje\Thoosje Sidebar\Thoosje Sidebar.exe" [BU]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"Air Display Support"="c:\program files\Avatron\Air Display\AirDisplay.exe" [2012-09-24 2579904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-25 7340032]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-01-17 421888]
"nwiz"="nwiz.exe" [2006-07-25 1519616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2012-10-10 23:48    389120    ----a-w-    c:\windows\system32\IfxWlxEN.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 16:48    40448    ----a-w-    c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08    946352    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-30 07:46    499608    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2012-10-10 23:10    88203    ----a-w-    c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2011-10-13 21:27    292208    ----a-w-    c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-02-12 14:00    110592    ----a-w-    c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-02-12 13:59    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
c:\program files\Uniblue\DriverScanner\launcher.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-03-30 20:00    162584    ----a-w-    c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-03-30 19:00    138008    ----a-w-    c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06    1840424    ----a-w-    c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2011-04-01 16:42    80840    ----a-w-    c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-02-12 13:59    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 14:39    570664    ----a-w-    c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-07-25 06:32    7340032    ----a-w-    c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-25 06:32    1519616    ----a-w-    c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-03-30 19:59    138008    ----a-w-    c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2006-05-05 16:36    30208    ----a-w-    c:\program files\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-01-17 15:56    421888    ----a-w-    c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 10:22    405504    ------w-    c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\ControlCenter\\iptool.exe"=
"c:\\Program Files\\ControlCenter\\controlcenter.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\vasfmc-2.0a9\\vasfmc.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\FsXPand 7.0\\FsXPand.exe"=
"c:\\Program Files\\SquawkBox\\squawkbox_fsx.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\FS\\FSProgs\\AIBridge.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6000:UDP"= 6000:UDP:Air Display UDP1
"6002:UDP"= 6002:UDP:Air Display UDP2
"6001:TCP"= 6001:TCP:Air Display TCP
.
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [04/09/2007 01:14 6528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/03/2013 22:50 242240]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [11/10/2012 00:48 35488]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [29/06/2011 13:26 520216]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 18:00 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 17:59 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [05/05/2006 17:33 3456]
R3 AirDisplay;Air Display Support;c:\windows\system32\drivers\AVVideoCard.sys [24/09/2012 19:11 10624]
R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\drivers\AVVideoCardMirror.sys [24/09/2012 19:11 10624]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [11/10/2012 00:48 35968]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [13/10/2011 22:40 6609920]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 12:08 11336]
S3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo32.sys [11/03/2013 15:28 22120]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/10/2012 22:06 27064]
S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\sr9usb.sys [10/09/2011 00:36 12544]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-23 01:18]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-23 01:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{03A5F132-56C2-420C-A624-E1055E2424C8}: NameServer = 192.168.1.1
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://83.67.122.45/DvrOcx.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://192.168.1.2/WebClient.cab
DPF: {FF3BA0DA-79B5-4110-8FAC-C402D85AAEDA} - hxxp://83.67.122.38/view.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bzybcskl.default\
FF - prefs.js: browser.search.selectedEngine - GMäB O[:Œ¬d)cé£ð®*‚>¼Óñ%'í”cZÆJµ¼¯&òD™
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-delta - c:\program files\Delta\delta\1.8.10.0\GUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-28 22:17
Windows 5.1.2600 Service Pack 3, v.6368 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\windows\system32\IfxWlxEN.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
- - - - - - - > 'explorer.exe'(1964)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\IFXTCS.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Infineon\Security Platform Software\PSDsrvc.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2013-05-28  22:22:52 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-28 21:22
ComboFix2.txt  2013-05-24 11:27
.
Pre-Run: 119,817,523,200 bytes free
Post-Run: 120,046,702,592 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9643043CC2E8EFB424D7B1FFE6955CE9
 

Thanks :-)



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:51 AM

Posted 29 May 2013 - 09:18 AM

Please run the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

SecCenter::
AV: Panda Antivirus Pro 2012 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Fatcharlie

Fatcharlie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 02 June 2013 - 12:44 PM

Wow! That should keep me busy for a bit!

 

I am very grateful for the obvious effort and time you're putting into my problem - thanks :-)



#11 Fatcharlie

Fatcharlie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 04 June 2013 - 02:14 PM

OK I managed to do the ComboFix, the Junkware, the ADW Cleaner and the MalwareBytes AntiMalware scans.

 

When i did the online ESET scan, it hung at 10%. I treid to restart it, but it transpired you only get one free go!

 

Anyway here are the lod texts for the scans i did:

 

ComboFix 13-06-02.02 - Owner 02/06/2013  18:49:23.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3071.2567 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-02 to 2013-06-02  )))))))))))))))))))))))))))))))
.
.
2013-05-28 20:46 . 2013-05-28 20:46    --------    d-----w-    c:\documents and settings\All Users\Application Data\Adobe Systems
2013-05-28 20:46 . 2013-05-28 20:46    --------    d-----w-    c:\program files\Common Files\Adobe Systems Shared
2013-05-27 05:54 . 2013-05-28 20:56    --------    d-----w-    C:\FRST
2013-05-25 15:08 . 2013-04-05 20:26    1679360    ----a-w-    c:\windows\system32\ac3filter.acm
2013-05-25 15:08 . 2013-05-25 15:08    --------    d-----w-   %2



#12 Fatcharlie

Fatcharlie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 04 June 2013 - 02:15 PM

OK I managed to do the ComboFix, the Junkware, the ADW Cleaner and the MalwareBytes AntiMalware scans.

 

When i did the online ESET scan, it hung at 10%. I treid to restart it, but it transpired you only get one free go!

 

Anyway here are the log texts for the scans i did:

 

ComboFix 13-06-02.02 - Owner 02/06/2013  18:49:23.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3071.2567 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-02 to 2013-06-02  )))))))))))))))))))))))))))))))
.
.
2013-05-28 20:46 . 2013-05-28 20:46    --------    d-----w-    c:\documents and settings\All Users\Application Data\Adobe Systems
2013-05-28 20:46 . 2013-05-28 20:46    --------    d-----w-    c:\program files\Common Files\Adobe Systems Shared
2013-05-27 05:54 . 2013-05-28 20:56    --------    d-----w-    C:\FRST
2013-05-25 15:08 . 2013-04-05 20:26    1679360    ----a-w-    c:\windows\system32\ac3filter.acm
2013-05-25 15:08 . 2013-05-25 15:08    --------    d-----w-    c:\program files\AC3Filter
2013-05-24 15:05 . 2013-05-25 08:58    --------    d-----w-    c:\program files\Mozilla Thunderbird
2013-05-24 12:45 . 2013-05-24 12:45    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-05-11 10:15 . 2013-05-11 10:15    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee
2013-05-10 14:07 . 2013-05-24 12:45    --------    d-----w-    c:\program files\Windows Media Connect 2
2013-05-10 14:05 . 2013-05-24 12:45    --------    d-----w-    c:\windows\system32\drivers\UMDF
2013-05-09 10:29 . 2013-05-09 10:29    --------    d-----w-    c:\windows\ShellNew
2013-05-09 10:29 . 2013-05-09 10:29    --------    d-----w-    c:\program files\AutoHotkey
2013-05-04 16:25 . 2013-05-04 16:25    --------    d-----w-    c:\documents and settings\Owner\Application Data\EZCA
2013-05-04 16:15 . 2013-05-04 16:25    --------    d-----w-    c:\program files\EZCA
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-23 19:36 . 2013-04-03 20:26    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-23 19:36 . 2011-08-20 21:11    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:17 . 2008-02-12 13:59    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2008-02-12 14:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-04-16 22:17 . 2008-02-12 13:58    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-04-12 23:28 . 2008-02-12 02:28    385024    ------w-    c:\windows\system32\html.iec
2013-04-10 01:31 . 2008-02-12 03:05    1876352    ----a-w-    c:\windows\system32\win32k.sys
2013-04-06 09:32 . 2013-04-06 09:32    400235    ----a-w-    c:\windows\FsClient 7.0 Uninstaller.exe
2013-04-06 09:21 . 2013-04-06 09:21    164090    ----a-w-    c:\windows\FsXPand 7.0 Uninstaller.exe
2013-03-23 01:09 . 2013-03-23 01:09    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-11 21:50 . 2013-03-11 21:50    242240    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-08 08:36 . 2008-02-12 13:59    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2008-02-12 03:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2008-02-12 03:05    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
1998-12-09 02:53 . 1998-12-09 02:53    99840    ----a-w-    c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53    70144    ----a-w-    c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53    48640    ----a-w-    c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53    31744    ----a-w-    c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53    186368    ----a-w-    c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53    17920    ----a-w-    c:\program files\Common Files\IRASRIAL.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thoosje Sidebar"="c:\program files\Thoosje\Thoosje Sidebar\Thoosje Sidebar.exe" [BU]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"Air Display Support"="c:\program files\Avatron\Air Display\AirDisplay.exe" [2012-09-24 2579904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-25 7340032]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-01-17 421888]
"nwiz"="nwiz.exe" [2006-07-25 1519616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2012-10-10 23:48    389120    ----a-w-    c:\windows\system32\IfxWlxEN.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 16:48    40448    ----a-w-    c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08    946352    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-30 07:46    499608    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2012-10-10 23:10    88203    ----a-w-    c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2011-10-13 21:27    292208    ----a-w-    c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-02-12 14:00    110592    ----a-w-    c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-02-12 13:59    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
c:\program files\Uniblue\DriverScanner\launcher.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-03-30 20:00    162584    ----a-w-    c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-03-30 19:00    138008    ----a-w-    c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06    1840424    ----a-w-    c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2011-04-01 16:42    80840    ----a-w-    c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-02-12 13:59    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 14:39    570664    ----a-w-    c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-07-25 06:32    7340032    ----a-w-    c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-25 06:32    1519616    ----a-w-    c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-03-30 19:59    138008    ----a-w-    c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2006-05-05 16:36    30208    ----a-w-    c:\program files\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-01-17 15:56    421888    ----a-w-    c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 10:22    405504    ------w-    c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\ControlCenter\\iptool.exe"=
"c:\\Program Files\\ControlCenter\\controlcenter.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\vasfmc-2.0a9\\vasfmc.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\FsXPand 7.0\\FsXPand.exe"=
"c:\\Program Files\\SquawkBox\\squawkbox_fsx.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\FS\\FSProgs\\AIBridge.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6000:UDP"= 6000:UDP:Air Display UDP1
"6002:UDP"= 6002:UDP:Air Display UDP2
"6001:TCP"= 6001:TCP:Air Display TCP
.
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [04/09/2007 01:14 6528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/03/2013 22:50 242240]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [11/10/2012 00:48 35488]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [29/06/2011 13:26 520216]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 18:00 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 17:59 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [05/05/2006 17:33 3456]
R3 AirDisplay;Air Display Support;c:\windows\system32\drivers\AVVideoCard.sys [24/09/2012 19:11 10624]
R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\drivers\AVVideoCardMirror.sys [24/09/2012 19:11 10624]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [11/10/2012 00:48 35968]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [13/10/2011 22:40 6609920]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 12:08 11336]
S3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo32.sys [11/03/2013 15:28 22120]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/10/2012 22:06 27064]
S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\sr9usb.sys [10/09/2011 00:36 12544]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-23 01:18]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-23 01:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03A5F132-56C2-420C-A624-E1055E2424C8}: NameServer = 192.168.1.1
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://83.67.122.45/DvrOcx.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://192.168.1.2/WebClient.cab
DPF: {FF3BA0DA-79B5-4110-8FAC-C402D85AAEDA} - hxxp://83.67.122.38/view.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bzybcskl.default\
FF - prefs.js: browser.search.selectedEngine - GMäB O[:Œ¬d)cé£ð®*‚>¼Óñ%'í”cZÆJµ¼¯&òD™
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-02 18:59
Windows 5.1.2600 Service Pack 3, v.6368 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\IfxWlxEN.dll
c:\program files\Protector Suite QL\crypto.dll
.
- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
- - - - - - - > 'explorer.exe'(2668)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-06-02  19:01:57
ComboFix-quarantined-files.txt  2013-06-02 18:01
ComboFix2.txt  2013-05-28 21:22
ComboFix3.txt  2013-05-24 11:27
.
Pre-Run: 119,260,037,120 bytes free
Post-Run: 119,215,120,384 bytes free
.
- - End Of File - - 40215A6F969EAADF951F971EE2DEBB1C



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on 02/06/2013 at 19:09:57.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltadskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltadskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\babsolution"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\delta"
Successfully deleted: [Folder] "C:\Program Files\ask.com"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\bzybcskl.default\invalidprefs.js





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/06/2013 at 19:12:03.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v2.301 - Logfile created 06/02/2013 at 19:13:37
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3, v.6368 (32 bits)
# User : Owner - LD820
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\5d6d78bb13dea14
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKLM\SOFTWARE\5d6d78bb13dea14
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bzybcskl.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rcq6qgdi.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3953 octets] - [02/06/2013 19:13:37]

########## EOF - C:\AdwCleaner[S1].txt - [4013 octets] ##########

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.02.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: LD820 [administrator]

02/06/2013 19:27:04
mbam-log-2013-06-02 (19-27-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238163
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Owner\My Documents\Downloads\movie__run.zip (Trojan.Vundo) -> Quarantined and deleted successfully.

(end)


 

That'll keep _you_ busy i think ;-)

 

Thanks again.

 

Just to reiterate, I was unsuccessful in running the ESEt online scan.

 

Thanks,

 

Roger.



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:51 AM

Posted 04 June 2013 - 02:51 PM

Please delete your browser history and cookies and give ESET another try

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:51 AM

Posted 09 June 2013 - 07:34 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users