aravindrp112 Posted March 6, 2013 ID:653944 Share Posted March 6, 2013 I have laptop running Windows 7 32-bit on which I recently opened up a flash drive.The folders in it was changed to shortcuts.I tried scanning the flash drive with many antivirus scanners and anti-malware scanners. All returned results with no infections.Yesterday I noticed that multiple icons for Windows Update center keep popping up in the notification tray. However when I hover the cursor over to it , it automatically disappears.I also noticed when I open up the install shields for Malwarebytes and Avast antivirus, it automatically closes .I have observed the same when opening msconfig. I have read the instructions provided in the sub forum and downloaded dds files.When I tried to run them and generate reports the window automatically disappears like the ones I mentioned above. Please provide assistance as immediately as possible.Thanks. Link to post Share on other sites More sharing options...
aravindrp112 Posted March 6, 2013 Author ID:653947 Share Posted March 6, 2013 This is my earlier post in the forum. http://forums.malwarebytes.org/index.php?showtopic=123477 Link to post Share on other sites More sharing options...
Maniac Posted March 6, 2013 ID:653957 Share Posted March 6, 2013 Hello aravindrp112! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and post the log files:http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
aravindrp112 Posted March 6, 2013 Author ID:653963 Share Posted March 6, 2013 I tried to run the dds file..but it closes automatically like I have mentioned earler. What should I do now?? Link to post Share on other sites More sharing options...
Maniac Posted March 6, 2013 ID:654142 Share Posted March 6, 2013 For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Link to post Share on other sites More sharing options...
aravindrp112 Posted March 7, 2013 Author ID:654386 Share Posted March 7, 2013 ManiacAs per yours instructions I have generated the log file using FRST. Here are its contents.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2013 01Ran by SYSTEM at 07-03-2013 16:22:22Running from J:\Windows 7 Ultimate (X86) OS Language: English(US) The current controlset is ControlSet001==================== Registry (Whitelisted) ===================HKLM\...\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2004-12-13] (Adobe Systems Inc.)HKLM\...\Run: [] [x]HKLM\...\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [1138783 2011-05-26] (IDT, Inc.)HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3405168 2011-03-24] (Dell Inc.)HKLM\...\Run: [Chicony_OSD] "C:\Program Files\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [53248 2011-01-12] ()HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [148888 2012-06-16] (Sun Microsystems, Inc.)HKLM\...\Run: [instaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1485208 2010-07-28] (Affinegy, Inc.)HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.)HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)HKLM\...\Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1614856 2013-02-19] (Bitdefender)HKLM\...\Run: [spywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-02-11] (Crawler.com)HKLM\...\Run: [spywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3674248 2013-02-11] (Crawler.com)HKU\Common\...\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3565432 2013-02-12] (Tonec Inc.)HKU\Common\...\Run: [Google Update] "C:\Users\Common\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-31] (Google Inc.)HKU\User\...\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-14] (Facebook Inc.)HKU\User\...\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3565432 2013-02-12] (Tonec Inc.)HKU\User\...\Run: [googletalk] C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)HKU\User\...\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-16] (Google Inc.)HKU\User\...\Run: [644] C:\Users\User\AppData\Roaming\725f\644.js [48831 2013-03-07] ()HKU\user_2\...\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3565432 2013-02-12] (Tonec Inc.)HKU\user_2\...\Run: [Google Update] "C:\Users\user_2\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-18] (Google Inc.)HKU\user_2\...\Run: [Facebook Update] "C:\Users\user_2\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-06-18] (Facebook Inc.)Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnkShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnkShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\37.js ()==================== Services (Whitelisted) ===================3 Adobe LM Service; "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2012-06-15] ()2 AffinegyService; "C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe" [569752 2010-07-28] (Affinegy, Inc.)4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [62688 2013-02-10] (Bitdefender)2 KMService; C:\Windows\system32\srvany.exe [8192 2012-10-17] ()3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-06-14] (Mozilla Foundation)2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [503080 2010-05-03] (Nero AG)2 OSDSvc; C:\Program Files\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony)2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3290896 2012-12-13] (Skype Technologies S.A.)2 ST2012_Svc; "C:\Program Files\Spyware Terminator\st_rsser.exe" [587912 2013-02-11] (Crawler.com)2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-26] (IDT, Inc.)2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe" /service [55544 2012-11-13] (Bitdefender)2 vsserv; "C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe" /service [1343472 2013-02-07] (Bitdefender)==================== Drivers (Whitelisted) ====================0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [625128 2013-01-11] (BitDefender)3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-01] (BitDefender)3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [482928 2013-01-11] (BitDefender)1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77192 2012-07-06] (BitDefender LLC)1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)3 BDSandBox; \??\C:\Windows\system32\drivers\bdsandbox.sys [66392 2012-11-12] (BitDefender SRL)1 bdselfpr; \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [134136 2012-10-01] (BitDefender LLC)0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [161312 2012-08-29] (BitDefender LLC)3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2012-06-16] (Duplex Secure Ltd.)1 sp_rsdrv2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-20] ()0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [343456 2012-10-30] (BitDefender S.R.L.)4 Msiscdeo; [x]0 sr; [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-03-07 16:22 - 2013-03-07 16:22 - 00000000 ____D C:\FRST2013-03-06 04:27 - 2013-03-06 04:27 - 00000387 ____A C:\Windows\System32\checkdnsid.xml2013-03-06 02:48 - 2013-03-06 02:05 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com2013-03-06 02:48 - 2013-03-06 02:05 - 00688992 ____A (Swearware) C:\Users\User\Desktop\dds.scr2013-03-06 02:32 - 2013-03-06 02:32 - 00002959 ____A C:\Users\User\Desktop\HiJackThis.lnk2013-03-06 02:32 - 2013-03-06 02:32 - 00000000 ____D C:\Program Files\Trend Micro2013-03-06 02:27 - 2013-03-06 00:10 - 01402880 ____A C:\Users\User\Desktop\HiJackThis.msi2013-03-06 02:21 - 2013-03-06 02:21 - 01376225 ____A C:\Users\User\Desktop\dds.rar2013-03-06 00:39 - 2013-03-06 02:28 - 00003016 ____A C:\Users\User\Desktop\Rkill.txt2013-03-06 00:39 - 2013-03-06 00:14 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.com2013-03-05 22:37 - 2013-03-05 21:48 - 110539200 ____A C:\Users\User\Desktop\avast_free_antivirus_setup.exe2013-03-03 17:46 - 2012-12-16 06:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll2013-03-03 17:46 - 2012-12-16 06:25 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll2013-03-03 17:45 - 2009-09-09 21:52 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll2013-03-03 17:37 - 2009-11-24 23:17 - 01130824 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll2013-03-03 17:37 - 2009-11-24 23:17 - 00297808 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll2013-03-03 17:37 - 2009-11-24 23:17 - 00295264 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe2013-03-03 17:37 - 2009-11-24 23:17 - 00099176 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll2013-03-03 17:37 - 2009-11-24 23:17 - 00049472 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll2013-03-03 17:16 - 2013-03-03 17:16 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help2013-03-03 17:16 - 2013-03-03 17:16 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help2013-03-03 09:54 - 2013-03-03 09:54 - 00000504 ____A C:\Users\User\AppData\Roaming\ICARE_ACTIVITY.LOG2013-03-03 09:50 - 2013-03-04 18:44 - 00000000 ____D C:\ProgramData\Spyware Terminator2013-03-03 09:50 - 2013-03-03 09:50 - 00001008 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk2013-03-03 09:50 - 2013-03-03 09:50 - 00000000 ____D C:\Users\User\AppData\Roaming\Spyware Terminator2013-03-03 09:50 - 2011-06-20 21:54 - 00032768 ____A C:\Windows\System32\Drivers\sp_rsdrv2.sys2013-03-03 09:49 - 2013-03-03 09:50 - 00000000 ____D C:\Program Files\Spyware Terminator2013-03-03 09:45 - 2013-01-03 19:00 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-03-03 09:45 - 2011-11-16 21:41 - 01288984 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll2013-03-03 09:45 - 2011-04-28 18:57 - 00311296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys2013-03-03 09:45 - 2011-04-28 18:57 - 00309760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys2013-03-03 09:45 - 2011-04-28 18:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys2013-03-03 09:45 - 2011-04-24 20:56 - 01286016 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-03-03 09:45 - 2011-04-24 18:35 - 00338944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys2013-03-03 09:45 - 2010-08-20 21:32 - 00316928 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe2013-03-03 09:45 - 2010-06-28 21:02 - 01413632 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll2013-03-03 09:44 - 2012-08-24 09:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll2013-03-03 09:43 - 2012-11-01 20:48 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll2013-03-03 09:42 - 2013-01-07 20:44 - 06031872 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-03-03 09:42 - 2012-12-20 04:59 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-03-03 09:42 - 2012-12-20 04:56 - 11019264 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-03-03 09:41 - 2013-01-07 19:12 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-03-03 09:41 - 2012-12-20 04:59 - 01230848 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-03-03 09:41 - 2012-12-20 04:59 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-03-03 09:41 - 2012-12-20 04:56 - 02077184 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-03-03 09:41 - 2012-12-20 04:56 - 00627200 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-03-03 09:41 - 2012-12-20 04:56 - 00606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll2013-03-03 09:41 - 2012-12-20 04:56 - 00185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-03-03 09:41 - 2012-12-20 04:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-03-03 09:41 - 2012-12-20 04:56 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-03-03 09:41 - 2012-12-20 04:56 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-03-03 09:41 - 2012-12-20 04:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-03-03 09:41 - 2012-12-20 04:55 - 00381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-03-03 09:41 - 2012-12-20 04:01 - 00386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-03-03 09:41 - 2012-12-20 03:28 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-03-03 09:41 - 2012-12-20 03:28 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-03-03 09:40 - 2012-11-08 20:49 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll2013-03-03 09:40 - 2011-02-17 21:36 - 00428032 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-03-03 09:40 - 2011-02-17 21:35 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-03-03 09:39 - 2013-03-03 09:34 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.65.1.1000.exe2013-03-03 09:39 - 2011-03-02 21:29 - 00269824 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll2013-03-03 09:39 - 2011-03-02 21:29 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll2013-03-03 09:39 - 2011-03-02 21:27 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe2013-03-03 09:39 - 2010-07-28 22:30 - 00197632 ____A (Intel® Corporation) C:\Windows\System32\ir32_32.dll2013-03-03 09:39 - 2010-07-28 22:30 - 00082944 ____A (Radius Inc.) C:\Windows\System32\iccvid.dll2013-03-03 09:39 - 2009-10-30 21:45 - 02614272 ____A (Microsoft Corporation) C:\Windows\explorer.exe2013-03-03 09:39 - 2009-10-27 22:17 - 00285696 ____A (Microsoft Corporation) C:\Windows\System32\winlogon.exe2013-03-03 09:38 - 2010-08-25 20:39 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll2013-03-03 09:35 - 2011-05-24 02:35 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll2013-03-03 09:25 - 2013-03-03 10:02 - 00144768 ____A C:\Users\User\AppData\Roaming\ICARE.LOG2013-03-03 09:24 - 2010-05-13 01:23 - 00047104 ____A (Inside Core) C:\Users\User\Desktop\AutoRunExterminator.exe2013-03-03 09:23 - 2012-11-01 20:50 - 01388544 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll2013-03-03 09:23 - 2011-04-26 18:33 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys2013-03-03 09:15 - 2010-08-30 20:32 - 00954752 ____A (Microsoft Corporation) C:\Windows\System32\mfc40.dll2013-03-03 09:15 - 2010-08-30 20:32 - 00954288 ____A (Microsoft Corporation) C:\Windows\System32\mfc40u.dll2013-03-03 09:12 - 2010-08-31 20:29 - 11406848 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll2013-03-03 09:12 - 2010-08-31 20:23 - 12625408 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL2013-03-03 09:08 - 2012-04-01 20:46 - 03958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe2013-03-03 09:08 - 2012-04-01 20:46 - 03902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-03-03 09:08 - 2011-02-11 21:30 - 00191488 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe2013-03-03 09:06 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll2013-03-03 09:06 - 2012-07-04 13:23 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll2013-03-03 09:06 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll2013-03-03 09:06 - 2011-10-25 20:25 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2013-03-03 09:06 - 2011-10-14 21:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll2013-03-03 09:06 - 2009-12-19 01:02 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\avifil32.dll2013-03-03 09:06 - 2009-12-19 01:02 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\mciavi32.dll2013-03-03 09:06 - 2009-12-19 01:02 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll2013-03-03 09:06 - 2009-12-19 01:02 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll2013-03-03 09:06 - 2009-12-19 01:02 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll2013-03-03 09:06 - 2009-12-19 01:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll2013-03-03 09:06 - 2009-12-19 01:02 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll2013-03-03 09:06 - 2009-12-08 03:32 - 00292864 ____A (Microsoft Corporation) C:\Windows\System32\apphelp.dll2013-03-03 09:06 - 2009-10-19 06:10 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll2013-03-03 09:03 - 2010-12-22 21:28 - 00850432 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll2013-03-03 09:03 - 2010-12-22 21:28 - 00642048 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll2013-03-03 09:03 - 2010-12-22 21:24 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax2013-03-03 09:01 - 2012-08-10 15:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll2013-03-03 09:01 - 2011-10-25 20:28 - 01328640 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll2013-03-03 09:01 - 2011-10-25 20:28 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll2013-03-03 08:41 - 2011-06-15 01:04 - 00319488 ____A (Microsoft Corporation) C:\Windows\System32\odbcjt32.dll2013-03-03 08:41 - 2011-06-15 01:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll2013-03-03 08:41 - 2011-06-15 01:04 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll2013-03-03 08:41 - 2011-06-15 01:04 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll2013-03-03 08:41 - 2011-06-15 01:04 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll2013-03-03 07:23 - 2013-03-03 07:23 - 00000385 ____A C:\Users\User\AppData\Roaminguser_gensett.xml2013-03-03 07:20 - 2013-03-03 07:20 - 00000385 ____A C:\Windows\System32\user_gensett.xml2013-03-03 07:18 - 2013-03-03 07:18 - 00072704 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys2013-03-03 06:48 - 2013-03-03 06:48 - 04569032 ____A C:\ProgramData\1362298163.bdinstall.bin2013-03-03 06:46 - 2013-03-05 23:51 - 00000307 ___AH C:\bdr-cf012013-03-03 06:46 - 2013-03-03 06:46 - 00002122 ____A C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk2013-03-03 06:46 - 2013-03-03 06:46 - 00002074 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk2013-03-03 06:46 - 2013-03-03 06:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf2013-03-03 06:46 - 2013-03-03 06:46 - 00000000 ____D C:\ProgramData\BDLogging2013-03-03 06:44 - 2013-01-11 06:59 - 00625128 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys2013-03-03 06:44 - 2013-01-11 06:59 - 00482928 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys2013-03-03 06:44 - 2012-11-12 03:41 - 00066392 ____A (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys2013-03-03 06:44 - 2012-11-01 23:47 - 00242504 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys2013-03-03 06:44 - 2012-07-06 00:43 - 00077192 ____A (BitDefender LLC) C:\Windows\System32\Drivers\BdfNdisf6.sys2013-03-03 06:44 - 2007-04-10 20:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\capicom.dll2013-03-03 00:49 - 2012-04-25 20:48 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll2013-03-03 00:49 - 2012-04-25 20:48 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll2013-03-03 00:49 - 2012-04-25 20:43 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe2013-03-03 00:49 - 2011-12-15 23:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll2013-03-03 00:44 - 2010-08-26 21:46 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll2013-03-03 00:41 - 2010-10-15 20:41 - 00101760 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe2013-03-03 00:36 - 2012-03-02 21:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll2013-03-03 00:36 - 2012-03-02 21:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll2013-03-03 00:36 - 2012-03-02 21:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll2013-03-03 00:36 - 2012-03-02 21:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll2013-03-03 00:36 - 2012-03-02 21:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll2013-03-03 00:34 - 2012-09-06 08:48 - 00245616 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys2013-03-03 00:32 - 2013-03-03 06:47 - 00000000 ____D C:\ProgramData\Bitdefender2013-03-03 00:32 - 2013-03-03 06:46 - 00253404 ___AH C:\bdr-ld012013-03-03 00:32 - 2013-03-03 06:46 - 00009216 ___AH C:\bdr-ld01.mbr2013-03-03 00:32 - 2013-03-03 00:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitdefender2013-03-03 00:32 - 2012-10-18 21:46 - 35184777 ___AH C:\bdr-im01.gz2013-03-03 00:32 - 2012-08-15 00:58 - 02294848 ___AH C:\bdr-bz012013-03-03 00:30 - 2013-03-03 00:30 - 00000000 ____D C:\Users\User\AppData\Roaming\QuickScan2013-03-03 00:25 - 2011-03-10 21:40 - 01164288 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll2013-03-03 00:25 - 2011-03-10 21:40 - 01137664 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll2013-03-03 00:24 - 2010-05-04 22:46 - 00363520 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll2013-03-03 00:13 - 2012-11-08 20:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll2013-03-03 00:10 - 2012-10-30 22:43 - 00343456 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys2013-03-03 00:10 - 2012-08-29 03:54 - 00161312 ____A (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys2013-03-03 00:09 - 2013-01-03 20:50 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll2013-03-03 00:09 - 2013-01-03 20:46 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll2013-03-03 00:09 - 2013-01-03 20:46 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 18:59 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe2013-03-03 00:09 - 2013-01-03 18:43 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 18:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 18:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2013-03-03 00:09 - 2013-01-03 18:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2013-03-03 00:04 - 2013-03-03 00:00 - 02436680 ____A C:\Users\User\Desktop\bitdefender_isecurity.exe2013-03-02 23:59 - 2013-03-02 23:59 - 00301136 ____A C:\ProgramData\1362297162.bdinstall.bin2013-03-02 23:59 - 2013-03-02 23:59 - 00000000 ____D C:\Program Files\Bitdefender2013-03-02 23:48 - 2013-03-02 09:26 - 02436672 ____A C:\Users\User\Desktop\bitdefender_antivirus_2.exe2013-03-02 23:36 - 2013-03-02 23:47 - 00000000 ____D C:\Program Files\Trojan Remover2013-03-02 23:06 - 2012-02-14 21:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll2013-03-02 23:06 - 2012-02-14 20:22 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys2013-03-02 23:06 - 2012-02-14 20:22 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys2013-03-02 23:06 - 2010-01-08 22:52 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll2013-03-02 20:31 - 2013-03-02 23:16 - 00001945 ____A C:\Windows\epplauncher.mif2013-03-02 20:30 - 2010-04-08 23:24 - 00240008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys2013-03-02 10:01 - 2013-03-02 10:01 - 00075272 ____A C:\ProgramData\1362246260.8016.bin2013-03-02 09:45 - 2013-03-02 10:01 - 00003005 ____A C:\ProgramData\1362246260.2752.bin2013-03-02 09:45 - 2013-03-02 10:01 - 00002167 ____A C:\ProgramData\1362246260.3016.bin2013-03-02 09:45 - 2013-03-02 09:59 - 00001090 ____A C:\ProgramData\1362246260.1004.bin2013-03-02 09:45 - 2013-03-02 09:45 - 00014769 ____A C:\ProgramData\1362246260.3220.bin2013-03-02 09:45 - 2013-03-02 09:45 - 00008721 ____A C:\ProgramData\1362246260.1152.bin2013-03-02 09:45 - 2013-03-02 09:45 - 00002266 ____A C:\ProgramData\1362246260.3308.bin2013-03-02 09:45 - 2013-03-02 09:45 - 00000738 ____A C:\ProgramData\1362246260.788.bin2013-03-02 09:44 - 2013-03-02 10:01 - 00300262 ____A C:\ProgramData\1362246260.6056.bin2013-03-02 09:44 - 2013-03-02 10:01 - 00161452 ____A C:\ProgramData\1362246260.6116.bin2013-03-02 09:44 - 2013-03-02 09:59 - 00008054 ____A C:\ProgramData\1362246260.6092.bin2013-03-02 09:37 - 2013-03-02 09:37 - 00057224 ____A C:\ProgramData\1362245812.bdinstall.bin2013-03-02 09:36 - 2013-03-02 09:36 - 00314376 ____A C:\ProgramData\1362245572.bdinstall.bin2013-03-02 09:29 - 2013-03-03 00:10 - 00000000 ____D C:\Program Files\Common Files\Bitdefender2013-03-02 09:28 - 2013-03-02 09:28 - 00000033 ____A C:\Users\Common\Desktop\Bitdefender.txt2013-03-02 09:28 - 2013-03-02 09:26 - 02436672 ____A C:\Users\Common\Desktop\bitdefender_antivirus_2.exe2013-03-02 09:20 - 2013-02-19 04:42 - 13529576 ____A (Microsoft Corporation) C:\Users\User\Desktop\mseinstall.exe2013-03-02 09:03 - 2013-03-02 09:03 - 00000000 __SHD C:\Users\User\AppData\Roaming\725f2013-03-02 09:03 - 2013-03-02 09:03 - 00000000 __SHD C:\737e2013-03-01 07:14 - 2013-03-01 07:14 - 00001196 ____A C:\Users\Public\Desktop\BCL easyConverter Desktop 3 (Word Version).lnk2013-03-01 07:14 - 2013-03-01 07:14 - 00000000 ____D C:\Program Files\BCL Technologies2013-02-24 03:32 - 2013-02-24 03:32 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia2013-02-18 09:09 - 2013-02-18 09:09 - 00001989 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk2013-02-12 05:59 - 2013-02-12 05:59 - 00000000 ____D C:\ProgramData\IDM2013-02-12 04:25 - 2013-03-06 10:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-02-12 04:25 - 2013-02-28 06:50 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe==================== One Month Modified Files and Folders ========2013-03-07 16:22 - 2013-03-07 16:22 - 00000000 ____D C:\FRST2013-03-07 15:53 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles2013-03-07 02:44 - 2012-06-16 08:15 - 00000000 ____D C:\Users\User\AppData\Roaming\DMCache2013-03-07 02:44 - 2009-07-13 20:34 - 00010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-03-07 02:44 - 2009-07-13 20:34 - 00010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-03-07 02:43 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-03-07 02:43 - 2009-07-13 20:39 - 00095556 ____A C:\Windows\setupact.log2013-03-06 18:16 - 2012-06-15 00:40 - 01133399 ____A C:\Windows\WindowsUpdate.log2013-03-06 18:03 - 2012-07-31 00:25 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1004UA.job2013-03-06 10:42 - 2013-02-12 04:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-03-06 10:39 - 2012-06-16 01:18 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000UA.job2013-03-06 10:30 - 2012-06-18 07:25 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003UA.job2013-03-06 10:30 - 2012-06-18 02:25 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003UA.job2013-03-06 09:44 - 2012-06-16 06:34 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000UA.job2013-03-06 07:30 - 2012-06-18 07:25 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003Core.job2013-03-06 06:44 - 2012-06-16 06:34 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000Core.job2013-03-06 04:27 - 2013-03-06 04:27 - 00000387 ____A C:\Windows\System32\checkdnsid.xml2013-03-06 02:33 - 2012-06-15 00:56 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe2013-03-06 02:33 - 2012-06-15 00:55 - 00000000 ____D C:\ProgramData\Adobe2013-03-06 02:32 - 2013-03-06 02:32 - 00002959 ____A C:\Users\User\Desktop\HiJackThis.lnk2013-03-06 02:32 - 2013-03-06 02:32 - 00000000 ____D C:\Program Files\Trend Micro2013-03-06 02:32 - 2012-06-15 00:38 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore2013-03-06 02:30 - 2012-06-18 02:25 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003Core.job2013-03-06 02:28 - 2013-03-06 00:39 - 00003016 ____A C:\Users\User\Desktop\Rkill.txt2013-03-06 02:21 - 2013-03-06 02:21 - 01376225 ____A C:\Users\User\Desktop\dds.rar2013-03-06 02:05 - 2013-03-06 02:48 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com2013-03-06 02:05 - 2013-03-06 02:48 - 00688992 ____A (Swearware) C:\Users\User\Desktop\dds.scr2013-03-06 00:14 - 2013-03-06 00:39 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.com2013-03-06 00:10 - 2013-03-06 02:27 - 01402880 ____A C:\Users\User\Desktop\HiJackThis.msi2013-03-06 00:03 - 2012-07-31 00:25 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1004Core.job2013-03-05 23:52 - 2012-06-15 00:43 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI2013-03-05 23:51 - 2013-03-03 06:46 - 00000307 ___AH C:\bdr-cf012013-03-05 21:48 - 2013-03-05 22:37 - 110539200 ____A C:\Users\User\Desktop\avast_free_antivirus_setup.exe2013-03-05 11:08 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET2013-03-04 18:44 - 2013-03-03 09:50 - 00000000 ____D C:\ProgramData\Spyware Terminator2013-03-03 18:05 - 2012-06-16 02:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-03-03 18:05 - 2009-07-13 20:33 - 00484320 ____A C:\Windows\System32\FNTCACHE.DAT2013-03-03 18:03 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal2013-03-03 18:03 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore2013-03-03 18:03 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System2013-03-03 17:47 - 2012-06-15 00:47 - 00000000 ____D C:\ProgramData\Microsoft Help2013-03-03 17:35 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini2013-03-03 17:16 - 2013-03-03 17:16 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help2013-03-03 17:16 - 2013-03-03 17:16 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help2013-03-03 10:02 - 2013-03-03 09:25 - 00144768 ____A C:\Users\User\AppData\Roaming\ICARE.LOG2013-03-03 09:54 - 2013-03-03 09:54 - 00000504 ____A C:\Users\User\AppData\Roaming\ICARE_ACTIVITY.LOG2013-03-03 09:50 - 2013-03-03 09:50 - 00001008 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk2013-03-03 09:50 - 2013-03-03 09:50 - 00000000 ____D C:\Users\User\AppData\Roaming\Spyware Terminator2013-03-03 09:50 - 2013-03-03 09:49 - 00000000 ____D C:\Program Files\Spyware Terminator2013-03-03 09:34 - 2013-03-03 09:39 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.65.1.1000.exe2013-03-03 09:24 - 2013-02-02 22:33 - 00000000 ____D C:\Users\User\Downloads\Compressed2013-03-03 08:02 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp2013-03-03 07:23 - 2013-03-03 07:23 - 00000385 ____A C:\Users\User\AppData\Roaminguser_gensett.xml2013-03-03 07:20 - 2013-03-03 07:20 - 00000385 ____A C:\Windows\System32\user_gensett.xml2013-03-03 07:18 - 2013-03-03 07:18 - 00072704 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys2013-03-03 06:48 - 2013-03-03 06:48 - 04569032 ____A C:\ProgramData\1362298163.bdinstall.bin2013-03-03 06:47 - 2013-03-03 00:32 - 00000000 ____D C:\ProgramData\Bitdefender2013-03-03 06:46 - 2013-03-03 06:46 - 00002122 ____A C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk2013-03-03 06:46 - 2013-03-03 06:46 - 00002074 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk2013-03-03 06:46 - 2013-03-03 06:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf2013-03-03 06:46 - 2013-03-03 06:46 - 00000000 ____D C:\ProgramData\BDLogging2013-03-03 06:46 - 2013-03-03 00:32 - 00253404 ___AH C:\bdr-ld012013-03-03 06:46 - 2013-03-03 00:32 - 00009216 ___AH C:\bdr-ld01.mbr2013-03-03 05:39 - 2012-06-16 01:18 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000Core.job2013-03-03 00:32 - 2013-03-03 00:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitdefender2013-03-03 00:30 - 2013-03-03 00:30 - 00000000 ____D C:\Users\User\AppData\Roaming\QuickScan2013-03-03 00:10 - 2013-03-02 09:29 - 00000000 ____D C:\Program Files\Common Files\Bitdefender2013-03-03 00:01 - 2012-06-15 18:57 - 00354434 ____A C:\Windows\PFRO.log2013-03-03 00:00 - 2013-03-03 00:04 - 02436680 ____A C:\Users\User\Desktop\bitdefender_isecurity.exe2013-03-03 00:00 - 2012-06-16 08:15 - 00000000 ____D C:\Users\User\AppData\Roaming\IDM2013-03-02 23:59 - 2013-03-02 23:59 - 00301136 ____A C:\ProgramData\1362297162.bdinstall.bin2013-03-02 23:59 - 2013-03-02 23:59 - 00000000 ____D C:\Program Files\Bitdefender2013-03-02 23:47 - 2013-03-02 23:36 - 00000000 ____D C:\Program Files\Trojan Remover2013-03-02 23:16 - 2013-03-02 20:31 - 00001945 ____A C:\Windows\epplauncher.mif2013-03-02 10:01 - 2013-03-02 10:01 - 00075272 ____A C:\ProgramData\1362246260.8016.bin2013-03-02 10:01 - 2013-03-02 09:45 - 00003005 ____A C:\ProgramData\1362246260.2752.bin2013-03-02 10:01 - 2013-03-02 09:45 - 00002167 ____A C:\ProgramData\1362246260.3016.bin2013-03-02 10:01 - 2013-03-02 09:44 - 00300262 ____A C:\ProgramData\1362246260.6056.bin2013-03-02 10:01 - 2013-03-02 09:44 - 00161452 ____A C:\ProgramData\1362246260.6116.bin2013-03-02 09:59 - 2013-03-02 09:45 - 00001090 ____A C:\ProgramData\1362246260.1004.bin2013-03-02 09:59 - 2013-03-02 09:44 - 00008054 ____A C:\ProgramData\1362246260.6092.bin2013-03-02 09:45 - 2013-03-02 09:45 - 00014769 ____A C:\ProgramData\1362246260.3220.bin2013-03-02 09:45 - 2013-03-02 09:45 - 00008721 ____A C:\ProgramData\1362246260.1152.bin2013-03-02 09:45 - 2013-03-02 09:45 - 00002266 ____A C:\ProgramData\1362246260.3308.bin2013-03-02 09:45 - 2013-03-02 09:45 - 00000738 ____A C:\ProgramData\1362246260.788.bin2013-03-02 09:37 - 2013-03-02 09:37 - 00057224 ____A C:\ProgramData\1362245812.bdinstall.bin2013-03-02 09:36 - 2013-03-02 09:36 - 00314376 ____A C:\ProgramData\1362245572.bdinstall.bin2013-03-02 09:28 - 2013-03-02 09:28 - 00000033 ____A C:\Users\Common\Desktop\Bitdefender.txt2013-03-02 09:26 - 2013-03-02 23:48 - 02436672 ____A C:\Users\User\Desktop\bitdefender_antivirus_2.exe2013-03-02 09:26 - 2013-03-02 09:28 - 02436672 ____A C:\Users\Common\Desktop\bitdefender_antivirus_2.exe2013-03-02 09:22 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public2013-03-02 09:03 - 2013-03-02 09:03 - 00000000 __SHD C:\Users\User\AppData\Roaming\725f2013-03-02 09:03 - 2013-03-02 09:03 - 00000000 __SHD C:\737e2013-03-01 07:14 - 2013-03-01 07:14 - 00001196 ____A C:\Users\Public\Desktop\BCL easyConverter Desktop 3 (Word Version).lnk2013-03-01 07:14 - 2013-03-01 07:14 - 00000000 ____D C:\Program Files\BCL Technologies2013-02-28 06:50 - 2013-02-12 04:25 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2013-02-28 06:50 - 2012-06-15 00:57 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2013-02-25 20:43 - 2012-06-29 01:23 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla2013-02-25 00:04 - 2012-07-30 23:59 - 00000000 ____D C:\Users\Common\AppData\Roaming\DMCache2013-02-25 00:04 - 2012-07-12 08:43 - 00000000 ____D C:\Users\Common\AppData\Roaming\vlc2013-02-24 11:41 - 2012-06-22 06:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype2013-02-24 03:32 - 2013-02-24 03:32 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia2013-02-19 04:42 - 2013-03-02 09:20 - 13529576 ____A (Microsoft Corporation) C:\Users\User\Desktop\mseinstall.exe2013-02-19 04:37 - 2012-06-15 00:55 - 00001989 ____A C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk2013-02-18 09:09 - 2013-02-18 09:09 - 00001989 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk2013-02-18 09:09 - 2012-06-15 00:52 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-02-18 09:09 - 2012-06-15 00:52 - 00000000 ____D C:\Program Files\Adobe2013-02-18 03:59 - 2009-07-13 20:53 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-02-12 07:38 - 2012-06-16 08:15 - 00000000 ____D C:\Program Files\Internet Download Manager2013-02-12 05:59 - 2013-02-12 05:59 - 00000000 ____D C:\ProgramData\IDM2013-02-11 01:04 - 2012-07-12 08:41 - 00000000 ____D C:\Users\Common\AppData\Roaming\Adobe==================== Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2013-03-03 00:34] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-03-01 07:13:58Restore point made on: 2013-03-02 20:30:45Restore point made on: 2013-03-03 16:37:29Restore point made on: 2013-03-06 02:31:59==================== Memory info =========================== Percentage of memory in use: 22%Total physical RAM: 1956.27 MBAvailable physical RAM: 1523.53 MBTotal Pagefile: 1956.27 MBAvailable Pagefile: 1531.29 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1944.48 MB==================== Partitions =============================1 Drive c: () (Fixed) (Total:73.14 GB) (Free:43.45 GB) NTFS2 Drive d: (New Volume) (Fixed) (Total:97.66 GB) (Free:86.18 GB) NTFS3 Drive e: (New Volume) (Fixed) (Total:97.66 GB) (Free:81.32 GB) NTFS4 Drive f: (New Volume) (Fixed) (Total:99.55 GB) (Free:84.67 GB) NTFS5 Drive h: () (Fixed) (Total:97.66 GB) (Free:42.47 GB) NTFS6 Drive i: (CD_ROM) (CDROM) (Total:3.48 GB) (Free:0 GB) CDFS7 Drive j: (SRI MURUGA) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT328 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 3072 KB Disk 1 Online 7633 MB 0 B Partitions of Disk 0:===============Disk ID: 1BAF0215 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 73 GB 101 MB Partition 3 Primary 97 GB 73 GB Partition 0 Extended 294 GB 170 GB Partition 4 Logical 97 GB 170 GB Partition 5 Logical 97 GB 268 GB Partition 6 Logical 99 GB 366 GB=========================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 Y System Rese NTFS Partition 100 MB Healthy =========================================================Disk: 0Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C NTFS Partition 73 GB Healthy =========================================================Disk: 0Partition 3Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 H NTFS Partition 97 GB Healthy =========================================================Disk: 0Partition 4Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 4 D New Volume NTFS Partition 97 GB Healthy =========================================================Disk: 0Partition 5Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 5 E New Volume NTFS Partition 97 GB Healthy =========================================================Disk: 0Partition 6Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 6 F New Volume NTFS Partition 99 GB Healthy =========================================================Partitions of Disk 1:===============Disk ID: 00000000 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7633 MB 16 KB=========================================================Disk: 1Partition 1Type : 0BHidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 7 J SRI MURUGA FAT32 Removable 7633 MB Healthy =========================================================Last Boot: 2013-03-05 20:52==================== End Of Log ============================FRST.txt Link to post Share on other sites More sharing options...
Maniac Posted March 8, 2013 ID:654856 Share Posted March 8, 2013 Boot back into System Recovery Options and run FRST.Type the following in the edit box after "Search:".volsnap.sysClick Search button and post the log (Search.txt) it makes to your reply. Link to post Share on other sites More sharing options...
aravindrp112 Posted March 10, 2013 Author ID:655419 Share Posted March 10, 2013 Here is the content of Search.txt generated by FRST...Farbar Recovery Scan Tool (x86) Version: 06-03-2013 01Ran by SYSTEM at 2013-03-10 16:30:30Running from J:\================== Search: "volsnap.sys" ===================C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.21320_none_16526fd7765a2629\volsnap.sys[2013-03-03 00:34] - [2012-09-06 11:18] - 0245616 ____A (Microsoft Corporation) 295954C522A057D3E590EE38246789CEC:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.17122_none_15cad1ba5d3abbe6\volsnap.sys[2013-03-03 00:34] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960EC:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys[2009-07-13 15:11] - [2009-07-13 17:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FDC:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_73593b5de1f7705b\volsnap.sys[2013-03-03 00:34] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960EC:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys[2009-07-13 15:11] - [2009-07-13 17:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FDC:\Windows\System32\drivers\volsnap.sys[2013-03-03 00:34] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E=== End Of Search === Link to post Share on other sites More sharing options...
Maniac Posted March 10, 2013 ID:655420 Share Posted March 10, 2013 Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt2013-03-02 09:03 - 2013-03-02 09:03 - 00000000 __SHD C:\Users\User\AppData\Roaming\725fStartup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\37.js ()Replace: C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.21320_none_16526fd7765a2629\volsnap.sys C:\Windows\System32\Drivers\volsnap.sysNOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options then select Command PromptRun FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Reboot Normally. Link to post Share on other sites More sharing options...
aravindrp112 Posted March 10, 2013 Author ID:655422 Share Posted March 10, 2013 Do I have to write the script file from the infected PC before running it ?? Link to post Share on other sites More sharing options...
aravindrp112 Posted March 10, 2013 Author ID:655423 Share Posted March 10, 2013 Okay here is the Fixlog...Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-03-2013 01Ran by SYSTEM at 2013-03-10 17:01:16 Run:1Running from J:\==============================================C:\Users\User\AppData\Roaming\725f moved successfully.C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\37.js not found.C:\Windows\System32\Drivers\volsnap.sys moved successfully.C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.21320_none_16526fd7765a2629\volsnap.sys copied successfully to C:\Windows\System32\Drivers\volsnap.sys==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Maniac Posted March 10, 2013 ID:655431 Share Posted March 10, 2013 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look herePlease visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please post the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
aravindrp112 Posted March 10, 2013 Author ID:655453 Share Posted March 10, 2013 The program's install sheild closes automatically after a few sec...like msconfig and Malwarebytes ...what should I do?? Link to post Share on other sites More sharing options...
Maniac Posted March 10, 2013 ID:655459 Share Posted March 10, 2013 I guess this is in Normal mode. Please try in Safe mode with Networking.http://windows.microsoft.com/en-US/windows7/start-your-computer-in-safe-mode Link to post Share on other sites More sharing options...
aravindrp112 Posted March 10, 2013 Author ID:655500 Share Posted March 10, 2013 ComboFix Log...ComboFix 13-03-10.02 - User 10-03-2013 19:46:49.1.4 - x86 NETWORKMicrosoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.1950.1150 [GMT 5.5:30]Running from: c:\users\User\Desktop\ComboFix.exeAV: Bitdefender Antivirus *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}SP: Bitdefender Antispyware *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\1362245572.bdinstall.binc:\programdata\1362245812.bdinstall.binc:\programdata\1362246260.1004.binc:\programdata\1362246260.1152.binc:\programdata\1362246260.2752.binc:\programdata\1362246260.3016.binc:\programdata\1362246260.3220.binc:\programdata\1362246260.3308.binc:\programdata\1362246260.6056.binc:\programdata\1362246260.6092.binc:\programdata\1362246260.6116.binc:\programdata\1362246260.788.binc:\programdata\1362246260.8016.binc:\programdata\1362297162.bdinstall.binc:\programdata\1362298163.bdinstall.binG:\Setup.exe..((((((((((((((((((((((((( Files Created from 2013-02-10 to 2013-03-10 )))))))))))))))))))))))))))))))..2013-03-10 14:26 . 2013-03-10 14:26 -------- d-----w- c:\users\User\AppData\Local\temp2013-03-10 12:58 . 2013-03-10 12:58 48831 ----a-w- c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\390.js2013-03-10 12:58 . 2013-03-10 12:58 -------- d-sh--w- c:\users\User\AppData\Roaming\725f2013-03-08 00:22 . 2013-03-08 00:22 -------- d-----w- C:\FRST2013-03-06 10:32 . 2013-03-06 10:32 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-03-06 10:32 . 2013-03-06 10:32 -------- d-----w- c:\program files\Trend Micro2013-03-04 01:46 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll2013-03-04 01:46 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll2013-03-04 01:45 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll2013-03-04 01:37 . 2009-11-25 07:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll2013-03-04 01:37 . 2009-11-25 07:17 49472 ----a-w- c:\windows\system32\netfxperf.dll2013-03-04 01:37 . 2009-11-25 07:17 297808 ----a-w- c:\windows\system32\mscoree.dll2013-03-04 01:37 . 2009-11-25 07:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe2013-03-04 01:37 . 2009-11-25 07:17 1130824 ----a-w- c:\windows\system32\dfshim.dll2013-03-04 01:16 . 2013-03-04 01:16 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help2013-03-03 17:50 . 2011-06-21 05:54 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys2013-03-03 17:45 . 2013-01-04 03:00 2345984 ----a-w- c:\windows\system32\win32k.sys2013-03-03 17:45 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe2013-03-03 17:45 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll2013-03-03 17:45 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys2013-03-03 17:45 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys2013-03-03 17:45 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys2013-03-03 17:45 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-03-03 17:45 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys2013-03-03 17:45 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe2013-03-03 17:45 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll2013-03-03 17:44 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll2013-03-03 17:43 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll2013-03-03 17:42 . 2012-12-20 12:59 981504 ----a-w- c:\windows\system32\wininet.dll2013-03-03 17:40 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll2013-03-03 17:40 . 2012-11-09 04:49 492032 ----a-w- c:\windows\system32\win32spl.dll2013-03-03 17:39 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll2013-03-03 17:39 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe2013-03-03 17:39 . 2011-10-01 04:43 708608 ----a-w- c:\program files\Common Files\System\wab32.dll2013-03-03 17:39 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll2013-03-03 17:39 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll2013-03-03 17:39 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe2013-03-03 17:39 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe2013-03-03 17:38 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll2013-03-03 17:38 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe2013-03-03 17:35 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll2013-03-03 17:23 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2013-03-03 17:23 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-03-03 17:23 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2013-03-03 17:23 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2013-03-03 17:23 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys2013-03-03 17:23 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\system32\msxml6.dll2013-03-03 17:15 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll2013-03-03 17:15 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll2013-03-03 17:12 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2013-03-03 17:12 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL2013-03-03 17:08 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll2013-03-03 17:08 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-03 17:08 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-03-03 17:08 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe2013-03-03 17:03 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll2013-03-03 17:03 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll2013-03-03 17:03 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax2013-03-03 17:01 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll2013-03-03 17:01 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll2013-03-03 17:01 . 2012-08-10 23:54 541184 ----a-w- c:\windows\system32\kerberos.dll2013-03-03 16:41 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll2013-03-03 16:41 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll2013-03-03 16:41 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll2013-03-03 16:41 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll2013-03-03 16:41 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll2013-03-03 16:41 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll2013-03-03 15:18 . 2013-03-03 15:18 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys2013-03-03 14:46 . 2013-03-03 14:46 -------- d-----w- c:\programdata\BDLogging2013-03-03 14:44 . 2012-11-12 11:41 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys2013-03-03 14:44 . 2012-07-06 08:43 77192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys2013-03-03 14:44 . 2007-04-11 04:41 511328 ----a-w- c:\windows\capicom.dll2013-03-03 14:44 . 2012-11-02 07:47 242504 ----a-w- c:\windows\system32\drivers\avchv.sys2013-03-03 14:44 . 2013-01-11 14:59 625128 ----a-w- c:\windows\system32\drivers\avc3.sys2013-03-03 14:44 . 2013-01-11 14:59 482928 ----a-w- c:\windows\system32\drivers\avckf.sys2013-03-03 08:49 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll2013-03-03 08:49 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll2013-03-03 08:49 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe2013-03-03 08:49 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll2013-03-03 08:44 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll2013-03-03 08:42 . 2012-12-26 04:51 760320 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-03-03 08:41 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe2013-03-03 08:36 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\system32\d3d10warp.dll2013-03-03 08:36 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\system32\DWrite.dll2013-03-03 08:36 . 2012-03-03 05:40 739840 ----a-w- c:\windows\system32\d2d1.dll2013-03-03 08:36 . 2012-03-03 05:40 218624 ----a-w- c:\windows\system32\d3d10_1core.dll2013-03-03 08:36 . 2012-03-03 05:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll2013-03-03 08:34 . 2012-09-06 19:18 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys2013-03-03 08:32 . 2013-03-03 08:32 -------- d-----w- c:\users\User\AppData\Roaming\Bitdefender2013-03-03 08:32 . 2013-03-03 14:47 -------- d-----w- c:\programdata\Bitdefender2013-03-03 08:30 . 2013-03-03 08:30 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan2013-03-03 08:25 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll2013-03-03 08:25 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll2013-03-03 08:24 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll2013-03-03 08:13 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll2013-03-03 08:10 . 2012-08-29 11:54 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys2013-03-03 08:10 . 2012-10-31 06:43 343456 ----a-w- c:\windows\system32\drivers\trufos.sys2013-03-03 07:59 . 2013-03-03 07:59 -------- d-----w- c:\program files\Bitdefender2013-03-03 07:36 . 2013-03-03 07:47 -------- d-----w- c:\program files\Trojan Remover2013-03-03 07:06 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll2013-03-03 07:06 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys2013-03-03 07:06 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys2013-03-03 07:06 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll2013-03-03 04:30 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys2013-03-02 17:29 . 2013-03-03 08:10 -------- d-----w- c:\program files\Common Files\Bitdefender2013-03-02 17:03 . 2013-03-02 17:03 -------- d-----w- C:\737e2013-03-01 15:14 . 2013-03-01 15:14 -------- d-----w- c:\program files\BCL Technologies2013-02-24 11:32 . 2013-02-24 11:32 -------- d-----w- c:\users\User\AppData\Local\Macromedia2013-02-12 13:59 . 2013-02-12 13:59 -------- d-----w- c:\programdata\IDM2013-02-12 12:25 . 2013-02-28 14:50 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-28 14:50 . 2012-06-15 08:57 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-24 10:27 . 2012-11-28 13:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACEDCCFC-1EBB-4EF8-93D2-B41BB324960C}\offreg.dll2012-06-14 22:20 . 2012-06-25 07:53 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-14 138096]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-02-12 3565432]"googletalk"="c:\users\User\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 143384]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 176664]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 178200]"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-05-27 1138783]"Chicony_OSD"="c:\program files\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-12 53248]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-06-16 148888]"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-02-19 1614856].c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\390.js [2013-3-10 48831].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2012-6-15 25214]Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-15 113664].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"mixer"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2012-06-16 09:18 116648 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]2007-01-01 21:22 3739648 ----a-w- c:\users\User\AppData\Roaming\Google\Google Talk\googletalk.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]2011-03-22 12:52 1406248 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nimbuzz]2012-04-19 19:52 12549632 ----a-w- c:\program files\Nimbuzz\Nimbuzz.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2013-01-08 07:29 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]2007-12-24 10:25 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe.R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]R0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]R2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]R2 KMService;KMService;c:\windows\system32\srvany.exe [x]R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]R2 OSDSvc;ChiconyOSDService;c:\program files\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [x]R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]R4 Msiscdeo;Msiscdeo; [x]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]..Contents of the 'Scheduled Tasks' folder.2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-12 14:50].2013-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000Core.job- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 14:39].2013-03-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000UA.job- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 14:39].2013-03-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003Core.job- c:\users\user_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 15:25].2013-03-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003UA.job- c:\users\user_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 15:25].2013-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000Core.job- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 09:18].2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000UA.job- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 09:18].2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003Core.job- c:\users\user_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 10:25].2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003UA.job- c:\users\user_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 10:25].2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1004Core.job- c:\users\Common\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 08:25].2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1004UA.job- c:\users\Common\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 08:25]..------- Supplementary Scan -------.uStart Page = hxxp://www.yd.delta-search.com/?affID=110825&tt=230113_srchyd_0413_5&babsrc=HP_ss&mntrId=1c8b8d060000000000002aedb9686b89uDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.2.1DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cabFF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4uf807n.default\FF - prefs.js: browser.search.selectedEngine - Delta SearchFF - prefs.js: browser.startup.homepage - hxxp://www.yd.delta-search.com/?affID=110825&tt=230113_srchyd_0413_5&babsrc=HP_ss&mntrId=1c8b8d060000000000002aedb9686b89FF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2013-01-24 12:22; ffxtlbr@delta.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4uf807n.default\extensions\ffxtlbr@delta.comFF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 1c8b8d060000000000002aedb9686b89FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15729FF - user.js: extensions.delta.vrsn - 1.8.8.8FF - user.js: extensions.delta.vrsni - 1.8.8.8FF - user.js: extensions.delta_i.vrsnTs - 1.8.8.812:25FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta_i.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta_i.excTlbr - falseFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta_i.newTab - false..------- File Associations -------..scr=AutoCADScriptFile.- - - - ORPHANS REMOVED - - - -.AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exeAddRemove-PDF Creator - c:\progra~1\PDFCreator\Actual\uninstpw.exeAddRemove-{C1080852-065E-4991-9260-F3756E3CC182} - c:\users\User\AppData\Local\{A850D4D9-871B-4234-908D-21C457767270}\CursorFX_public.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-886538030-807793273-4249695029-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):bb,19,06,8d,ec,37,d7,8e,77,93,4d,42,50,45,7f,c6,cd,41,94,fd,4b, fa,ac,89,e6,25,9c,80,c4,1d,51,a4,3f,12,84,02,30,b1,d6,63,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-886538030-807793273-4249695029-1000_Classes\CLSID\{ba7ec6d7-6a41-4499-83a0-cebbe247a3e2}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:00000124"Therad"=dword:0000001f"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-03-10 19:59:13ComboFix-quarantined-files.txt 2013-03-10 14:29.Pre-Run: 46,549,946,368 bytes freePost-Run: 46,954,835,968 bytes free.- - End Of File - - A046E27BF1F8AB1958DA31806C4564F5 Link to post Share on other sites More sharing options...
Maniac Posted March 10, 2013 ID:655507 Share Posted March 10, 2013 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:File::c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\390.jsFolder::c:\users\User\AppData\Roaming\725fDDS::uStart Page = hxxp://www.yd.delta-search.com/?affID=110825&tt=230113_srchyd_0413_5&babsrc=HP_ss&mntrId=1c8b8d060000000000002aedb9686b89FireFox::FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4uf807n.default\FF - prefs.js: browser.search.selectedEngine - Delta SearchFF - prefs.js: browser.startup.homepage - hxxp://www.yd.delta-search.com/?affID=110825&tt=230113_srchyd_0413_5&babsrc=HP_ss&mntrId=1c8b8d060000000000002aedb9686b89FF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2013-01-24 12:22; ffxtlbr@delta.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4uf807n.default\extensions\ffxtlbr@delta.comFF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 1c8b8d060000000000002aedb9686b89FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15729FF - user.js: extensions.delta.vrsn - 1.8.8.8FF - user.js: extensions.delta.vrsni - 1.8.8.8FF - user.js: extensions.delta_i.vrsnTs - 1.8.8.812:25FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta_i.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta_i.excTlbr - falseFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta_i.newTab - falseJavaClearCache::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
aravindrp112 Posted March 11, 2013 Author ID:655778 Share Posted March 11, 2013 Hey i got this error earlier today when I turned on my PC...pic is attached...Anyway here is the new ComboFix log...ComboFix 13-03-10.02 - User 11-03-2013 16:04:58.2.4 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.1950.1178 [GMT 5.5:30]Running from: c:\users\User\Desktop\ComboFix.exeCommand switches used :: c:\users\User\Desktop\CFScript.txtAV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point.FILE ::"c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\390.js"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\ntuser.datc:\users\User\AppData\Local\Temp\1.tmp\F_IN_BOX.dllc:\users\User\AppData\Roaming\725fc:\users\User\AppData\Roaming\725f\644.jsc:\windows\system32\drivers\etc\lmhosts..((((((((((((((((((((((((( Files Created from 2013-02-11 to 2013-03-11 )))))))))))))))))))))))))))))))..2013-03-11 10:43 . 2013-03-11 10:43 -------- d-----w- c:\users\user_2\AppData\Local\temp2013-03-11 10:43 . 2013-03-11 10:43 -------- d-----w- c:\users\Default\AppData\Local\temp2013-03-11 10:43 . 2013-03-11 10:43 -------- d-----w- c:\users\Common\AppData\Local\temp2013-03-10 14:29 . 2013-03-11 10:45 -------- d-----w- c:\users\User\AppData\Local\temp2013-03-08 00:22 . 2013-03-08 00:22 -------- d-----w- C:\FRST2013-03-06 10:32 . 2013-03-06 10:32 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-03-06 10:32 . 2013-03-06 10:32 -------- d-----w- c:\program files\Trend Micro2013-03-04 01:46 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll2013-03-04 01:46 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll2013-03-04 01:45 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll2013-03-04 01:37 . 2009-11-25 07:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll2013-03-04 01:37 . 2009-11-25 07:17 49472 ----a-w- c:\windows\system32\netfxperf.dll2013-03-04 01:37 . 2009-11-25 07:17 297808 ----a-w- c:\windows\system32\mscoree.dll2013-03-04 01:37 . 2009-11-25 07:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe2013-03-04 01:37 . 2009-11-25 07:17 1130824 ----a-w- c:\windows\system32\dfshim.dll2013-03-04 01:16 . 2013-03-04 01:16 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help2013-03-03 17:50 . 2011-06-21 05:54 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys2013-03-03 17:45 . 2013-01-04 03:00 2345984 ----a-w- c:\windows\system32\win32k.sys2013-03-03 17:45 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe2013-03-03 17:45 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll2013-03-03 17:45 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys2013-03-03 17:45 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys2013-03-03 17:45 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys2013-03-03 17:45 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-03-03 17:45 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys2013-03-03 17:45 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe2013-03-03 17:45 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll2013-03-03 17:44 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll2013-03-03 17:43 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll2013-03-03 17:42 . 2012-12-20 12:59 981504 ----a-w- c:\windows\system32\wininet.dll2013-03-03 17:40 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll2013-03-03 17:40 . 2012-11-09 04:49 492032 ----a-w- c:\windows\system32\win32spl.dll2013-03-03 17:39 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll2013-03-03 17:39 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe2013-03-03 17:39 . 2011-10-01 04:43 708608 ----a-w- c:\program files\Common Files\System\wab32.dll2013-03-03 17:39 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll2013-03-03 17:39 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll2013-03-03 17:39 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe2013-03-03 17:39 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe2013-03-03 17:38 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll2013-03-03 17:38 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe2013-03-03 17:35 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll2013-03-03 17:23 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2013-03-03 17:23 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-03-03 17:23 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2013-03-03 17:23 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2013-03-03 17:23 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys2013-03-03 17:23 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\system32\msxml6.dll2013-03-03 17:15 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll2013-03-03 17:15 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll2013-03-03 17:12 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2013-03-03 17:12 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL2013-03-03 17:08 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll2013-03-03 17:08 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-03 17:08 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-03-03 17:08 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe2013-03-03 17:03 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll2013-03-03 17:03 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll2013-03-03 17:03 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax2013-03-03 17:01 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll2013-03-03 17:01 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll2013-03-03 17:01 . 2012-08-10 23:54 541184 ----a-w- c:\windows\system32\kerberos.dll2013-03-03 16:41 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll2013-03-03 16:41 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll2013-03-03 16:41 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll2013-03-03 16:41 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll2013-03-03 16:41 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll2013-03-03 16:41 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll2013-03-03 15:18 . 2013-03-03 15:18 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys2013-03-03 14:46 . 2013-03-03 14:46 -------- d-----w- c:\programdata\BDLogging2013-03-03 14:44 . 2012-11-12 11:41 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys2013-03-03 14:44 . 2012-07-06 08:43 77192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys2013-03-03 14:44 . 2007-04-11 04:41 511328 ----a-w- c:\windows\capicom.dll2013-03-03 14:44 . 2012-11-02 07:47 242504 ----a-w- c:\windows\system32\drivers\avchv.sys2013-03-03 14:44 . 2013-01-11 14:59 625128 ----a-w- c:\windows\system32\drivers\avc3.sys2013-03-03 14:44 . 2013-01-11 14:59 482928 ----a-w- c:\windows\system32\drivers\avckf.sys2013-03-03 08:49 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll2013-03-03 08:49 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll2013-03-03 08:49 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe2013-03-03 08:49 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll2013-03-03 08:44 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll2013-03-03 08:42 . 2012-12-26 04:51 760320 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-03-03 08:41 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe2013-03-03 08:36 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\system32\d3d10warp.dll2013-03-03 08:36 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\system32\DWrite.dll2013-03-03 08:36 . 2012-03-03 05:40 739840 ----a-w- c:\windows\system32\d2d1.dll2013-03-03 08:36 . 2012-03-03 05:40 218624 ----a-w- c:\windows\system32\d3d10_1core.dll2013-03-03 08:36 . 2012-03-03 05:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll2013-03-03 08:34 . 2012-09-06 19:18 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys2013-03-03 08:32 . 2013-03-03 08:32 -------- d-----w- c:\users\User\AppData\Roaming\Bitdefender2013-03-03 08:32 . 2013-03-03 14:47 -------- d-----w- c:\programdata\Bitdefender2013-03-03 08:30 . 2013-03-03 08:30 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan2013-03-03 08:25 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll2013-03-03 08:25 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll2013-03-03 08:24 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll2013-03-03 08:13 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll2013-03-03 08:10 . 2012-08-29 11:54 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys2013-03-03 08:10 . 2012-10-31 06:43 343456 ----a-w- c:\windows\system32\drivers\trufos.sys2013-03-03 07:59 . 2013-03-03 07:59 -------- d-----w- c:\program files\Bitdefender2013-03-03 07:36 . 2013-03-03 07:47 -------- d-----w- c:\program files\Trojan Remover2013-03-03 07:06 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll2013-03-03 07:06 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys2013-03-03 07:06 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys2013-03-03 07:06 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll2013-03-03 04:30 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys2013-03-02 17:29 . 2013-03-03 08:10 -------- d-----w- c:\program files\Common Files\Bitdefender2013-03-02 17:03 . 2013-03-02 17:03 -------- d-----w- C:\737e2013-03-01 15:14 . 2013-03-01 15:14 -------- d-----w- c:\program files\BCL Technologies2013-02-24 11:32 . 2013-02-24 11:32 -------- d-----w- c:\users\User\AppData\Local\Macromedia2013-02-12 13:59 . 2013-02-12 13:59 -------- d-----w- c:\programdata\IDM2013-02-12 12:25 . 2013-02-28 14:50 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-28 14:50 . 2012-06-15 08:57 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-24 10:27 . 2012-11-28 13:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACEDCCFC-1EBB-4EF8-93D2-B41BB324960C}\offreg.dll2012-06-14 22:20 . 2012-06-25 07:53 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-14 138096]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-02-12 3565432]"googletalk"="c:\users\User\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 143384]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 176664]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 178200]"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-05-27 1138783]"Chicony_OSD"="c:\program files\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-12 53248]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-06-16 148888]"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-02-19 1614856].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2012-6-15 25214]Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-15 113664].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"mixer"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2012-06-16 09:18 116648 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]2007-01-01 21:22 3739648 ----a-w- c:\users\User\AppData\Roaming\Google\Google Talk\googletalk.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]2011-03-22 12:52 1406248 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nimbuzz]2012-04-19 19:52 12549632 ----a-w- c:\program files\Nimbuzz\Nimbuzz.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2013-01-08 07:29 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]2007-12-24 10:25 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe.R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]R4 Msiscdeo;Msiscdeo; [x]S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]S2 KMService;KMService;c:\windows\system32\srvany.exe [x]S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]S2 OSDSvc;ChiconyOSDService;c:\program files\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x]S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]..Contents of the 'Scheduled Tasks' folder.2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-12 14:50].2013-03-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000Core.job- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 14:39].2013-03-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000UA.job- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 14:39].2013-03-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003Core.job- c:\users\user_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 15:25].2013-03-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003UA.job- c:\users\user_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 15:25].2013-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000Core.job- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 09:18].2013-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000UA.job- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 09:18].2013-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003Core.job- c:\users\user_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 10:25].2013-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003UA.job- c:\users\user_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 10:25].2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1004Core.job- c:\users\Common\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 08:25].2013-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1004UA.job- c:\users\Common\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 08:25]..------- Supplementary Scan -------.uDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cabFF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4uf807n.default\FF - ExtSQL: 2013-01-24 12:22; ffxtlbr@delta.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4uf807n.default\extensions\ffxtlbr@delta.comFF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 1c8b8d060000000000002aedb9686b89FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15729FF - user.js: extensions.delta.vrsn - 1.8.8.8FF - user.js: extensions.delta.vrsni - 1.8.8.8FF - user.js: extensions.delta_i.vrsnTs - 1.8.8.812:25FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta_i.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta_i.excTlbr - falseFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta_i.newTab - false..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-886538030-807793273-4249695029-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):bb,19,06,8d,ec,37,d7,8e,77,93,4d,42,50,45,7f,c6,cd,41,94,fd,4b, fa,ac,89,e6,25,9c,80,c4,1d,51,a4,3f,12,84,02,30,b1,d6,63,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-886538030-807793273-4249695029-1000_Classes\CLSID\{ba7ec6d7-6a41-4499-83a0-cebbe247a3e2}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:00000124"Therad"=dword:0000001f"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.exe'(2684)c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dllc:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLLc:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlrc:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr.------------------------ Other Running Processes ------------------------.c:\program files\Bitdefender\Bitdefender 2013\vsserv.exec:\program files\IDT\WDM\STacSV.exec:\program files\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files\Belkin\Router Setup and Monitor\BelkinService.exec:\windows\KMService.exec:\windows\system32\conhost.exec:\windows\system32\sppsvc.exec:\windows\system32\taskhost.exec:\windows\system32\conhost.exec:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exec:\program files\Windows Media Player\wmpnetwk.exec:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exec:\\?\c:\windows\system32\wbem\WMIADAP.EXE.**************************************************************************.Completion time: 2013-03-11 16:19:31 - machine was rebootedComboFix-quarantined-files.txt 2013-03-11 10:49ComboFix2.txt 2013-03-10 14:29.Pre-Run: 47,203,082,240 bytes freePost-Run: 47,009,742,848 bytes free.- - End Of File - - 0FC023EC10700400E8CF6BE268FA64BB Link to post Share on other sites More sharing options...
Maniac Posted March 11, 2013 ID:655880 Share Posted March 11, 2013 Step 1Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txtCopy and paste that log as a reply to this topicIn your next reply, post the following log files:Junkware Removal Tool logESET Online Scanner log Link to post Share on other sites More sharing options...
aravindrp112 Posted March 12, 2013 Author ID:656229 Share Posted March 12, 2013 Here are the logs...~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.7.0 (03.11.2013:1)OS: Windows 7 Ultimate x86Ran by User on 12-03-2013 at 17:07:55.69~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs~~~ Registry KeysSuccessfully deleted: [Registry Key] hkey_classes_root\escort.escortiepaneSuccessfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1Successfully deleted: [Registry Key] hkey_local_machine\software\babylonSuccessfully deleted: [Registry Key] hkey_current_user\software\conduitSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dllSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dllSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dllSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dllSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exeSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\delta.deltaappcoreSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\delta.deltaappcore.1Successfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.deltaesrvcSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.deltaesrvc.1Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.capSuccessfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancsSuccessfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\babylon"Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\babylon"Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\delta"Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\delta"Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"Successfully deleted: [Folder] "C:\Program Files\delta"~~~ FireFoxSuccessfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\n4uf807n.default\user.jsSuccessfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\n4uf807n.default\searchplugins\delta.xmlSuccessfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\n4uf807n.default\extensions\ffxtlbr@delta.comSuccessfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\n4uf807n.default\prefs.jsuser_pref("browser.newtab.url", "hxxp://www.yd.delta-search.com/?affID=110825&tt=230113_srchyd_0413_5&babsrc=NT_ss&mntrId=1c8b8d060000000000002aedb9686b89");user_pref("extensions.BabylonToolbar_i.newTab", true);user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.yd.delta-search.com/?affID=110825&tt=230113_srchyd_0413_5&babsrc=NT_ss&mntrId=1c8b8d060000000000002aedb9686b89")user_pref("extensions.delta.admin", false);user_pref("extensions.delta.aflt", "babsst");user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");user_pref("extensions.delta.autoRvrt", "false");user_pref("extensions.delta.dfltLng", "en");user_pref("extensions.delta.excTlbr", false);user_pref("extensions.delta.id", "1c8b8d060000000000002aedb9686b89");user_pref("extensions.delta.instlDay", "15729");user_pref("extensions.delta.instlRef", "sst");user_pref("extensions.delta.prdct", "delta");user_pref("extensions.delta.prtnrId", "delta");user_pref("extensions.delta.rvrt", "false");user_pref("extensions.delta.tlbrId", "base");user_pref("extensions.delta.tlbrSrchUrl", "");user_pref("extensions.delta.vrsn", "1.8.8.8");user_pref("extensions.delta.vrsni", "1.8.8.8");user_pref("extensions.delta_i.excTlbr", false);user_pref("extensions.delta_i.newTab", false);user_pref("extensions.delta_i.smplGrp", "none");user_pref("extensions.delta_i.vrsnTs", "1.8.8.812:25:35");~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 12-03-2013 at 17:15:15.90End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ESET Scanner LogESETSmartInstaller@High as downloader log:all ok# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=073346d334310748b2a760c630a763ee# engine=13363# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2013-03-12 03:13:27# local_time=2013-03-12 08:43:27 (+0530, India Standard Time)# country="India"# lang=1033# osver=6.1.7600 NT # compatibility_mode=5893 16776574 100 94 6754582 114730598 0 0# scanned=289763# found=6# cleaned=6# scan_time=10661sh=546D42FDE915BA6348413F701D4E176E75AD2582 ft=0 fh=0000000000000000 vn="JS/Kryptik.AGQ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\725f\644.js"sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\User\AppData\Roaming\PDF Converter Packages\uninstaller.exe"sh=096535ABDC2D062F8783A49EAC25A0958C371404 ft=1 fh=f62e490c14b9ec2f vn="a variant of Win32/InstallCore.BC application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\User\Downloads\Programs\PDFConverterSetup.exe"sh=01C7D28E8828A91C27FFE0F1155CFA835FA6D703 ft=1 fh=4b1c2067722f8571 vn="a variant of Win32/HackKMS.A application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Windows\KMService.exe"sh=CD9A7A057E8BF08B74CEA908B24B4CCC8A46AF85 ft=1 fh=5c58fdbb53d6f5c8 vn="a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="G:\Downloads\etypesetup.exe"sh=FBEA3CE0875E08071CF3951CC695B223DF0C3430 ft=1 fh=6ed5bddd41d51899 vn="a variant of Win32/HackKMS.A application (deleted - quarantined)" ac=C fn="G:\New folder\Microsoft Office Professional Plus 2010 Setup + Activator\Office 2010 KMS Phone Activation\mini-KMS_Activator_v1.053.exe" Link to post Share on other sites More sharing options...
aravindrp112 Posted March 12, 2013 Author ID:656248 Share Posted March 12, 2013 HeyI noticed that folders in flash drive doesn't change to shortcuts...and msconfig and other programs are working normally...So anything further needed to do?? Link to post Share on other sites More sharing options...
Maniac Posted March 12, 2013 ID:656291 Share Posted March 12, 2013 No, that's enough.Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Please uninstall ESET Online Scanner and manually delete Junkware Removal Tool log.Some malware prevention tips:users.telenet.be/bluepatchy/miekiemoes/prevention.htmlSafe surfing! Link to post Share on other sites More sharing options...
aravindrp112 Posted March 14, 2013 Author ID:656956 Share Posted March 14, 2013 Thanks Maniac....Really appreciate ur help... Link to post Share on other sites More sharing options...
Maniac Posted March 14, 2013 ID:657009 Share Posted March 14, 2013 You're welcome! Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 14, 2013 ID:657011 Share Posted March 14, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts