Malware Removal Help Required

aravindrp112 · March 6, 2013

I have laptop running Windows 7 32-bit on which I recently opened up a flash drive.The folders in it was changed to shortcuts.I tried scanning the flash drive with many antivirus scanners and anti-malware scanners. All returned results with no infections.Yesterday I noticed that multiple icons for Windows Update center keep popping up in the notification tray. However when I hover the cursor over to it , it automatically disappears.I also noticed when I open up the install shields for Malwarebytes and Avast antivirus, it automatically closes .I have observed the same when opening msconfig. I have read the instructions provided in the sub forum and downloaded dds files.When I tried to run them and generate reports the window automatically disappears like the ones I mentioned above. Please provide assistance as immediately as possible.Thanks.

aravindrp112 · March 6, 2013

This is my earlier post in the forum.

http://forums.malwarebytes.org/index.php?showtopic=123477

Maniac · March 6, 2013

Hello aravindrp112! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and post the log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

aravindrp112 · March 6, 2013

I tried to run the dds file..but it closes automatically like I have mentioned earler. What should I do now??

Maniac · March 6, 2013

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

aravindrp112 · March 7, 2013

Maniac

As per yours instructions I have generated the log file using FRST. Here are its contents.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2013 01

Ran by SYSTEM at 07-03-2013 16:22:22

Running from J:\

Windows 7 Ultimate (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2004-12-13] (Adobe Systems Inc.)

HKLM\...\Run: [] [x]

HKLM\...\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [1138783 2011-05-26] (IDT, Inc.)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3405168 2011-03-24] (Dell Inc.)

HKLM\...\Run: [Chicony_OSD] "C:\Program Files\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [53248 2011-01-12] ()

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [148888 2012-06-16] (Sun Microsystems, Inc.)

HKLM\...\Run: [instaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1485208 2010-07-28] (Affinegy, Inc.)

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.)

HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)

HKLM\...\Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1614856 2013-02-19] (Bitdefender)

HKLM\...\Run: [spywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-02-11] (Crawler.com)

HKLM\...\Run: [spywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3674248 2013-02-11] (Crawler.com)

HKU\Common\...\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3565432 2013-02-12] (Tonec Inc.)

HKU\Common\...\Run: [Google Update] "C:\Users\Common\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-31] (Google Inc.)

HKU\User\...\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-14] (Facebook Inc.)

HKU\User\...\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3565432 2013-02-12] (Tonec Inc.)

HKU\User\...\Run: [googletalk] C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)

HKU\User\...\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-16] (Google Inc.)

HKU\User\...\Run: [644] C:\Users\User\AppData\Roaming\725f\644.js [48831 2013-03-07] ()

HKU\user_2\...\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3565432 2013-02-12] (Tonec Inc.)

HKU\user_2\...\Run: [Google Update] "C:\Users\user_2\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-18] (Google Inc.)

HKU\user_2\...\Run: [Facebook Update] "C:\Users\user_2\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-06-18] (Facebook Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()

Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\37.js ()

==================== Services (Whitelisted) ===================

3 Adobe LM Service; "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2012-06-15] ()

2 AffinegyService; "C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe" [569752 2010-07-28] (Affinegy, Inc.)

4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [62688 2013-02-10] (Bitdefender)

2 KMService; C:\Windows\system32\srvany.exe [8192 2012-10-17] ()

3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-06-14] (Mozilla Foundation)

2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [503080 2010-05-03] (Nero AG)

2 OSDSvc; C:\Program Files\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony)

2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3290896 2012-12-13] (Skype Technologies S.A.)

2 ST2012_Svc; "C:\Program Files\Spyware Terminator\st_rsser.exe" [587912 2013-02-11] (Crawler.com)

2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-26] (IDT, Inc.)

2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe" /service [55544 2012-11-13] (Bitdefender)

2 vsserv; "C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe" /service [1343472 2013-02-07] (Bitdefender)

==================== Drivers (Whitelisted) ====================

0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [625128 2013-01-11] (BitDefender)

3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-01] (BitDefender)

3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [482928 2013-01-11] (BitDefender)

1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77192 2012-07-06] (BitDefender LLC)

1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)

3 BDSandBox; \??\C:\Windows\system32\drivers\bdsandbox.sys [66392 2012-11-12] (BitDefender SRL)

1 bdselfpr; \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [134136 2012-10-01] (BitDefender LLC)

0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [161312 2012-08-29] (BitDefender LLC)

3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)

0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2012-06-16] (Duplex Secure Ltd.)

1 sp_rsdrv2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-20] ()

0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [343456 2012-10-30] (BitDefender S.R.L.)

4 Msiscdeo; [x]

0 sr; [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-03-07 16:22 - 2013-03-07 16:22 - 00000000 ____D C:\FRST

2013-03-06 04:27 - 2013-03-06 04:27 - 00000387 ____A C:\Windows\System32\checkdnsid.xml

2013-03-06 02:48 - 2013-03-06 02:05 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com

2013-03-06 02:48 - 2013-03-06 02:05 - 00688992 ____A (Swearware) C:\Users\User\Desktop\dds.scr

2013-03-06 02:32 - 2013-03-06 02:32 - 00002959 ____A C:\Users\User\Desktop\HiJackThis.lnk

2013-03-06 02:32 - 2013-03-06 02:32 - 00000000 ____D C:\Program Files\Trend Micro

2013-03-06 02:27 - 2013-03-06 00:10 - 01402880 ____A C:\Users\User\Desktop\HiJackThis.msi

2013-03-06 02:21 - 2013-03-06 02:21 - 01376225 ____A C:\Users\User\Desktop\dds.rar

2013-03-06 00:39 - 2013-03-06 02:28 - 00003016 ____A C:\Users\User\Desktop\Rkill.txt

2013-03-06 00:39 - 2013-03-06 00:14 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.com

2013-03-05 22:37 - 2013-03-05 21:48 - 110539200 ____A C:\Users\User\Desktop\avast_free_antivirus_setup.exe

2013-03-03 17:46 - 2012-12-16 06:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2013-03-03 17:46 - 2012-12-16 06:25 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2013-03-03 17:45 - 2009-09-09 21:52 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll

2013-03-03 17:37 - 2009-11-24 23:17 - 01130824 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll

2013-03-03 17:37 - 2009-11-24 23:17 - 00297808 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll

2013-03-03 17:37 - 2009-11-24 23:17 - 00295264 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe

2013-03-03 17:37 - 2009-11-24 23:17 - 00099176 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll

2013-03-03 17:37 - 2009-11-24 23:17 - 00049472 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll

2013-03-03 17:16 - 2013-03-03 17:16 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help

2013-03-03 17:16 - 2013-03-03 17:16 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

2013-03-03 09:54 - 2013-03-03 09:54 - 00000504 ____A C:\Users\User\AppData\Roaming\ICARE_ACTIVITY.LOG

2013-03-03 09:50 - 2013-03-04 18:44 - 00000000 ____D C:\ProgramData\Spyware Terminator

2013-03-03 09:50 - 2013-03-03 09:50 - 00001008 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk

2013-03-03 09:50 - 2013-03-03 09:50 - 00000000 ____D C:\Users\User\AppData\Roaming\Spyware Terminator

2013-03-03 09:50 - 2011-06-20 21:54 - 00032768 ____A C:\Windows\System32\Drivers\sp_rsdrv2.sys

2013-03-03 09:49 - 2013-03-03 09:50 - 00000000 ____D C:\Program Files\Spyware Terminator

2013-03-03 09:45 - 2013-01-03 19:00 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-03-03 09:45 - 2011-11-16 21:41 - 01288984 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2013-03-03 09:45 - 2011-04-28 18:57 - 00311296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys

2013-03-03 09:45 - 2011-04-28 18:57 - 00309760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys

2013-03-03 09:45 - 2011-04-28 18:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys

2013-03-03 09:45 - 2011-04-24 20:56 - 01286016 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-03-03 09:45 - 2011-04-24 18:35 - 00338944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys

2013-03-03 09:45 - 2010-08-20 21:32 - 00316928 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe

2013-03-03 09:45 - 2010-06-28 21:02 - 01413632 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll

2013-03-03 09:44 - 2012-08-24 09:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2013-03-03 09:43 - 2012-11-01 20:48 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll

2013-03-03 09:42 - 2013-01-07 20:44 - 06031872 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-03-03 09:42 - 2012-12-20 04:59 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-03-03 09:42 - 2012-12-20 04:56 - 11019264 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-03-03 09:41 - 2013-01-07 19:12 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-03-03 09:41 - 2012-12-20 04:59 - 01230848 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-03-03 09:41 - 2012-12-20 04:59 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-03-03 09:41 - 2012-12-20 04:56 - 02077184 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-03-03 09:41 - 2012-12-20 04:56 - 00627200 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-03-03 09:41 - 2012-12-20 04:56 - 00606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll

2013-03-03 09:41 - 2012-12-20 04:56 - 00185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-03-03 09:41 - 2012-12-20 04:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-03-03 09:41 - 2012-12-20 04:56 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-03-03 09:41 - 2012-12-20 04:56 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-03-03 09:41 - 2012-12-20 04:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-03-03 09:41 - 2012-12-20 04:55 - 00381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-03-03 09:41 - 2012-12-20 04:01 - 00386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-03-03 09:41 - 2012-12-20 03:28 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-03-03 09:41 - 2012-12-20 03:28 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-03-03 09:40 - 2012-11-08 20:49 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-03-03 09:40 - 2011-02-17 21:36 - 00428032 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-03-03 09:40 - 2011-02-17 21:35 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-03-03 09:39 - 2013-03-03 09:34 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.65.1.1000.exe

2013-03-03 09:39 - 2011-03-02 21:29 - 00269824 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll

2013-03-03 09:39 - 2011-03-02 21:29 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll

2013-03-03 09:39 - 2011-03-02 21:27 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe

2013-03-03 09:39 - 2010-07-28 22:30 - 00197632 ____A (Intel® Corporation) C:\Windows\System32\ir32_32.dll

2013-03-03 09:39 - 2010-07-28 22:30 - 00082944 ____A (Radius Inc.) C:\Windows\System32\iccvid.dll

2013-03-03 09:39 - 2009-10-30 21:45 - 02614272 ____A (Microsoft Corporation) C:\Windows\explorer.exe

2013-03-03 09:39 - 2009-10-27 22:17 - 00285696 ____A (Microsoft Corporation) C:\Windows\System32\winlogon.exe

2013-03-03 09:38 - 2010-08-25 20:39 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll

2013-03-03 09:35 - 2011-05-24 02:35 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll

2013-03-03 09:25 - 2013-03-03 10:02 - 00144768 ____A C:\Users\User\AppData\Roaming\ICARE.LOG

2013-03-03 09:24 - 2010-05-13 01:23 - 00047104 ____A (Inside Core) C:\Users\User\Desktop\AutoRunExterminator.exe

2013-03-03 09:23 - 2012-11-01 20:50 - 01388544 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2013-03-03 09:23 - 2011-04-26 18:33 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys

2013-03-03 09:15 - 2010-08-30 20:32 - 00954752 ____A (Microsoft Corporation) C:\Windows\System32\mfc40.dll

2013-03-03 09:15 - 2010-08-30 20:32 - 00954288 ____A (Microsoft Corporation) C:\Windows\System32\mfc40u.dll

2013-03-03 09:12 - 2010-08-31 20:29 - 11406848 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll

2013-03-03 09:12 - 2010-08-31 20:23 - 12625408 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL

2013-03-03 09:08 - 2012-04-01 20:46 - 03958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-03-03 09:08 - 2012-04-01 20:46 - 03902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-03-03 09:08 - 2011-02-11 21:30 - 00191488 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe

2013-03-03 09:06 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2013-03-03 09:06 - 2012-07-04 13:23 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2013-03-03 09:06 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2013-03-03 09:06 - 2011-10-25 20:25 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-03-03 09:06 - 2011-10-14 21:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll

2013-03-03 09:06 - 2009-12-19 01:02 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\avifil32.dll

2013-03-03 09:06 - 2009-12-19 01:02 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\mciavi32.dll

2013-03-03 09:06 - 2009-12-19 01:02 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll

2013-03-03 09:06 - 2009-12-19 01:02 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll

2013-03-03 09:06 - 2009-12-19 01:02 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll

2013-03-03 09:06 - 2009-12-19 01:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll

2013-03-03 09:06 - 2009-12-19 01:02 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll

2013-03-03 09:06 - 2009-12-08 03:32 - 00292864 ____A (Microsoft Corporation) C:\Windows\System32\apphelp.dll

2013-03-03 09:06 - 2009-10-19 06:10 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll

2013-03-03 09:03 - 2010-12-22 21:28 - 00850432 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll

2013-03-03 09:03 - 2010-12-22 21:28 - 00642048 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll

2013-03-03 09:03 - 2010-12-22 21:24 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax

2013-03-03 09:01 - 2012-08-10 15:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2013-03-03 09:01 - 2011-10-25 20:28 - 01328640 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll

2013-03-03 09:01 - 2011-10-25 20:28 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll

2013-03-03 08:41 - 2011-06-15 01:04 - 00319488 ____A (Microsoft Corporation) C:\Windows\System32\odbcjt32.dll

2013-03-03 08:41 - 2011-06-15 01:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll

2013-03-03 08:41 - 2011-06-15 01:04 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll

2013-03-03 08:41 - 2011-06-15 01:04 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll

2013-03-03 08:41 - 2011-06-15 01:04 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll

2013-03-03 07:23 - 2013-03-03 07:23 - 00000385 ____A C:\Users\User\AppData\Roaminguser_gensett.xml

2013-03-03 07:20 - 2013-03-03 07:20 - 00000385 ____A C:\Windows\System32\user_gensett.xml

2013-03-03 07:18 - 2013-03-03 07:18 - 00072704 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys

2013-03-03 06:48 - 2013-03-03 06:48 - 04569032 ____A C:\ProgramData\1362298163.bdinstall.bin

2013-03-03 06:46 - 2013-03-05 23:51 - 00000307 ___AH C:\bdr-cf01

2013-03-03 06:46 - 2013-03-03 06:46 - 00002122 ____A C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk

2013-03-03 06:46 - 2013-03-03 06:46 - 00002074 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk

2013-03-03 06:46 - 2013-03-03 06:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf

2013-03-03 06:46 - 2013-03-03 06:46 - 00000000 ____D C:\ProgramData\BDLogging

2013-03-03 06:44 - 2013-01-11 06:59 - 00625128 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys

2013-03-03 06:44 - 2013-01-11 06:59 - 00482928 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys

2013-03-03 06:44 - 2012-11-12 03:41 - 00066392 ____A (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys

2013-03-03 06:44 - 2012-11-01 23:47 - 00242504 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys

2013-03-03 06:44 - 2012-07-06 00:43 - 00077192 ____A (BitDefender LLC) C:\Windows\System32\Drivers\BdfNdisf6.sys

2013-03-03 06:44 - 2007-04-10 20:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\capicom.dll

2013-03-03 00:49 - 2012-04-25 20:48 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2013-03-03 00:49 - 2012-04-25 20:48 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2013-03-03 00:49 - 2012-04-25 20:43 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2013-03-03 00:49 - 2011-12-15 23:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll

2013-03-03 00:44 - 2010-08-26 21:46 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll

2013-03-03 00:41 - 2010-10-15 20:41 - 00101760 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-03-03 00:36 - 2012-03-02 21:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-03-03 00:36 - 2012-03-02 21:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-03-03 00:36 - 2012-03-02 21:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-03-03 00:36 - 2012-03-02 21:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-03-03 00:36 - 2012-03-02 21:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-03-03 00:34 - 2012-09-06 08:48 - 00245616 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys

2013-03-03 00:32 - 2013-03-03 06:47 - 00000000 ____D C:\ProgramData\Bitdefender

2013-03-03 00:32 - 2013-03-03 06:46 - 00253404 ___AH C:\bdr-ld01

2013-03-03 00:32 - 2013-03-03 06:46 - 00009216 ___AH C:\bdr-ld01.mbr

2013-03-03 00:32 - 2013-03-03 00:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitdefender

2013-03-03 00:32 - 2012-10-18 21:46 - 35184777 ___AH C:\bdr-im01.gz

2013-03-03 00:32 - 2012-08-15 00:58 - 02294848 ___AH C:\bdr-bz01

2013-03-03 00:30 - 2013-03-03 00:30 - 00000000 ____D C:\Users\User\AppData\Roaming\QuickScan

2013-03-03 00:25 - 2011-03-10 21:40 - 01164288 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll

2013-03-03 00:25 - 2011-03-10 21:40 - 01137664 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll

2013-03-03 00:24 - 2010-05-04 22:46 - 00363520 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll

2013-03-03 00:13 - 2012-11-08 20:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2013-03-03 00:10 - 2012-10-30 22:43 - 00343456 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys

2013-03-03 00:10 - 2012-08-29 03:54 - 00161312 ____A (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys

2013-03-03 00:09 - 2013-01-03 20:50 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-03-03 00:09 - 2013-01-03 20:46 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-03-03 00:09 - 2013-01-03 20:46 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 18:59 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-03-03 00:09 - 2013-01-03 18:43 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 18:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 18:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-03-03 00:09 - 2013-01-03 18:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-03-03 00:04 - 2013-03-03 00:00 - 02436680 ____A C:\Users\User\Desktop\bitdefender_isecurity.exe

2013-03-02 23:59 - 2013-03-02 23:59 - 00301136 ____A C:\ProgramData\1362297162.bdinstall.bin

2013-03-02 23:59 - 2013-03-02 23:59 - 00000000 ____D C:\Program Files\Bitdefender

2013-03-02 23:48 - 2013-03-02 09:26 - 02436672 ____A C:\Users\User\Desktop\bitdefender_antivirus_2.exe

2013-03-02 23:36 - 2013-03-02 23:47 - 00000000 ____D C:\Program Files\Trojan Remover

2013-03-02 23:06 - 2012-02-14 21:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll

2013-03-02 23:06 - 2012-02-14 20:22 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2013-03-02 23:06 - 2012-02-14 20:22 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys

2013-03-02 23:06 - 2010-01-08 22:52 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll

2013-03-02 20:31 - 2013-03-02 23:16 - 00001945 ____A C:\Windows\epplauncher.mif

2013-03-02 20:30 - 2010-04-08 23:24 - 00240008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2013-03-02 10:01 - 2013-03-02 10:01 - 00075272 ____A C:\ProgramData\1362246260.8016.bin

2013-03-02 09:45 - 2013-03-02 10:01 - 00003005 ____A C:\ProgramData\1362246260.2752.bin

2013-03-02 09:45 - 2013-03-02 10:01 - 00002167 ____A C:\ProgramData\1362246260.3016.bin

2013-03-02 09:45 - 2013-03-02 09:59 - 00001090 ____A C:\ProgramData\1362246260.1004.bin

2013-03-02 09:45 - 2013-03-02 09:45 - 00014769 ____A C:\ProgramData\1362246260.3220.bin

2013-03-02 09:45 - 2013-03-02 09:45 - 00008721 ____A C:\ProgramData\1362246260.1152.bin

2013-03-02 09:45 - 2013-03-02 09:45 - 00002266 ____A C:\ProgramData\1362246260.3308.bin

2013-03-02 09:45 - 2013-03-02 09:45 - 00000738 ____A C:\ProgramData\1362246260.788.bin

2013-03-02 09:44 - 2013-03-02 10:01 - 00300262 ____A C:\ProgramData\1362246260.6056.bin

2013-03-02 09:44 - 2013-03-02 10:01 - 00161452 ____A C:\ProgramData\1362246260.6116.bin

2013-03-02 09:44 - 2013-03-02 09:59 - 00008054 ____A C:\ProgramData\1362246260.6092.bin

2013-03-02 09:37 - 2013-03-02 09:37 - 00057224 ____A C:\ProgramData\1362245812.bdinstall.bin

2013-03-02 09:36 - 2013-03-02 09:36 - 00314376 ____A C:\ProgramData\1362245572.bdinstall.bin

2013-03-02 09:29 - 2013-03-03 00:10 - 00000000 ____D C:\Program Files\Common Files\Bitdefender

2013-03-02 09:28 - 2013-03-02 09:28 - 00000033 ____A C:\Users\Common\Desktop\Bitdefender.txt

2013-03-02 09:28 - 2013-03-02 09:26 - 02436672 ____A C:\Users\Common\Desktop\bitdefender_antivirus_2.exe

2013-03-02 09:20 - 2013-02-19 04:42 - 13529576 ____A (Microsoft Corporation) C:\Users\User\Desktop\mseinstall.exe

2013-03-02 09:03 - 2013-03-02 09:03 - 00000000 __SHD C:\Users\User\AppData\Roaming\725f

2013-03-02 09:03 - 2013-03-02 09:03 - 00000000 __SHD C:\737e

2013-03-01 07:14 - 2013-03-01 07:14 - 00001196 ____A C:\Users\Public\Desktop\BCL easyConverter Desktop 3 (Word Version).lnk

2013-03-01 07:14 - 2013-03-01 07:14 - 00000000 ____D C:\Program Files\BCL Technologies

2013-02-24 03:32 - 2013-02-24 03:32 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia

2013-02-18 09:09 - 2013-02-18 09:09 - 00001989 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-02-12 05:59 - 2013-02-12 05:59 - 00000000 ____D C:\ProgramData\IDM

2013-02-12 04:25 - 2013-03-06 10:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-02-12 04:25 - 2013-02-28 06:50 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

==================== One Month Modified Files and Folders ========

2013-03-07 16:22 - 2013-03-07 16:22 - 00000000 ____D C:\FRST

2013-03-07 15:53 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles

2013-03-07 02:44 - 2012-06-16 08:15 - 00000000 ____D C:\Users\User\AppData\Roaming\DMCache

2013-03-07 02:44 - 2009-07-13 20:34 - 00010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-03-07 02:44 - 2009-07-13 20:34 - 00010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-03-07 02:43 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-03-07 02:43 - 2009-07-13 20:39 - 00095556 ____A C:\Windows\setupact.log

2013-03-06 18:16 - 2012-06-15 00:40 - 01133399 ____A C:\Windows\WindowsUpdate.log

2013-03-06 18:03 - 2012-07-31 00:25 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1004UA.job

2013-03-06 10:42 - 2013-02-12 04:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-03-06 10:39 - 2012-06-16 01:18 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000UA.job

2013-03-06 10:30 - 2012-06-18 07:25 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003UA.job

2013-03-06 10:30 - 2012-06-18 02:25 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003UA.job

2013-03-06 09:44 - 2012-06-16 06:34 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000UA.job

2013-03-06 07:30 - 2012-06-18 07:25 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003Core.job

2013-03-06 06:44 - 2012-06-16 06:34 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000Core.job

2013-03-06 04:27 - 2013-03-06 04:27 - 00000387 ____A C:\Windows\System32\checkdnsid.xml

2013-03-06 02:33 - 2012-06-15 00:56 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe

2013-03-06 02:33 - 2012-06-15 00:55 - 00000000 ____D C:\ProgramData\Adobe

2013-03-06 02:32 - 2013-03-06 02:32 - 00002959 ____A C:\Users\User\Desktop\HiJackThis.lnk

2013-03-06 02:32 - 2013-03-06 02:32 - 00000000 ____D C:\Program Files\Trend Micro

2013-03-06 02:32 - 2012-06-15 00:38 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore

2013-03-06 02:30 - 2012-06-18 02:25 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003Core.job

2013-03-06 02:28 - 2013-03-06 00:39 - 00003016 ____A C:\Users\User\Desktop\Rkill.txt

2013-03-06 02:21 - 2013-03-06 02:21 - 01376225 ____A C:\Users\User\Desktop\dds.rar

2013-03-06 02:05 - 2013-03-06 02:48 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com

2013-03-06 02:05 - 2013-03-06 02:48 - 00688992 ____A (Swearware) C:\Users\User\Desktop\dds.scr

2013-03-06 00:14 - 2013-03-06 00:39 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.com

2013-03-06 00:10 - 2013-03-06 02:27 - 01402880 ____A C:\Users\User\Desktop\HiJackThis.msi

2013-03-06 00:03 - 2012-07-31 00:25 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1004Core.job

2013-03-05 23:52 - 2012-06-15 00:43 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI

2013-03-05 23:51 - 2013-03-03 06:46 - 00000307 ___AH C:\bdr-cf01

2013-03-05 21:48 - 2013-03-05 22:37 - 110539200 ____A C:\Users\User\Desktop\avast_free_antivirus_setup.exe

2013-03-05 11:08 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-03-04 18:44 - 2013-03-03 09:50 - 00000000 ____D C:\ProgramData\Spyware Terminator

2013-03-03 18:05 - 2012-06-16 02:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-03-03 18:05 - 2009-07-13 20:33 - 00484320 ____A C:\Windows\System32\FNTCACHE.DAT

2013-03-03 18:03 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal

2013-03-03 18:03 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore

2013-03-03 18:03 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System

2013-03-03 17:47 - 2012-06-15 00:47 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-03-03 17:35 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini

2013-03-03 17:16 - 2013-03-03 17:16 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help

2013-03-03 17:16 - 2013-03-03 17:16 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

2013-03-03 10:02 - 2013-03-03 09:25 - 00144768 ____A C:\Users\User\AppData\Roaming\ICARE.LOG

2013-03-03 09:54 - 2013-03-03 09:54 - 00000504 ____A C:\Users\User\AppData\Roaming\ICARE_ACTIVITY.LOG

2013-03-03 09:50 - 2013-03-03 09:50 - 00001008 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk

2013-03-03 09:50 - 2013-03-03 09:50 - 00000000 ____D C:\Users\User\AppData\Roaming\Spyware Terminator

2013-03-03 09:50 - 2013-03-03 09:49 - 00000000 ____D C:\Program Files\Spyware Terminator

2013-03-03 09:34 - 2013-03-03 09:39 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.65.1.1000.exe

2013-03-03 09:24 - 2013-02-02 22:33 - 00000000 ____D C:\Users\User\Downloads\Compressed

2013-03-03 08:02 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp

2013-03-03 07:23 - 2013-03-03 07:23 - 00000385 ____A C:\Users\User\AppData\Roaminguser_gensett.xml

2013-03-03 07:20 - 2013-03-03 07:20 - 00000385 ____A C:\Windows\System32\user_gensett.xml

2013-03-03 07:18 - 2013-03-03 07:18 - 00072704 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys

2013-03-03 06:48 - 2013-03-03 06:48 - 04569032 ____A C:\ProgramData\1362298163.bdinstall.bin

2013-03-03 06:47 - 2013-03-03 00:32 - 00000000 ____D C:\ProgramData\Bitdefender

2013-03-03 06:46 - 2013-03-03 06:46 - 00002122 ____A C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk

2013-03-03 06:46 - 2013-03-03 06:46 - 00002074 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk

2013-03-03 06:46 - 2013-03-03 06:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf

2013-03-03 06:46 - 2013-03-03 06:46 - 00000000 ____D C:\ProgramData\BDLogging

2013-03-03 06:46 - 2013-03-03 00:32 - 00253404 ___AH C:\bdr-ld01

2013-03-03 06:46 - 2013-03-03 00:32 - 00009216 ___AH C:\bdr-ld01.mbr

2013-03-03 05:39 - 2012-06-16 01:18 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000Core.job

2013-03-03 00:32 - 2013-03-03 00:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitdefender

2013-03-03 00:30 - 2013-03-03 00:30 - 00000000 ____D C:\Users\User\AppData\Roaming\QuickScan

2013-03-03 00:10 - 2013-03-02 09:29 - 00000000 ____D C:\Program Files\Common Files\Bitdefender

2013-03-03 00:01 - 2012-06-15 18:57 - 00354434 ____A C:\Windows\PFRO.log

2013-03-03 00:00 - 2013-03-03 00:04 - 02436680 ____A C:\Users\User\Desktop\bitdefender_isecurity.exe

2013-03-03 00:00 - 2012-06-16 08:15 - 00000000 ____D C:\Users\User\AppData\Roaming\IDM

2013-03-02 23:59 - 2013-03-02 23:59 - 00301136 ____A C:\ProgramData\1362297162.bdinstall.bin

2013-03-02 23:59 - 2013-03-02 23:59 - 00000000 ____D C:\Program Files\Bitdefender

2013-03-02 23:47 - 2013-03-02 23:36 - 00000000 ____D C:\Program Files\Trojan Remover

2013-03-02 23:16 - 2013-03-02 20:31 - 00001945 ____A C:\Windows\epplauncher.mif

2013-03-02 10:01 - 2013-03-02 10:01 - 00075272 ____A C:\ProgramData\1362246260.8016.bin

2013-03-02 10:01 - 2013-03-02 09:45 - 00003005 ____A C:\ProgramData\1362246260.2752.bin

2013-03-02 10:01 - 2013-03-02 09:45 - 00002167 ____A C:\ProgramData\1362246260.3016.bin

2013-03-02 10:01 - 2013-03-02 09:44 - 00300262 ____A C:\ProgramData\1362246260.6056.bin

2013-03-02 10:01 - 2013-03-02 09:44 - 00161452 ____A C:\ProgramData\1362246260.6116.bin

2013-03-02 09:59 - 2013-03-02 09:45 - 00001090 ____A C:\ProgramData\1362246260.1004.bin

2013-03-02 09:59 - 2013-03-02 09:44 - 00008054 ____A C:\ProgramData\1362246260.6092.bin

2013-03-02 09:45 - 2013-03-02 09:45 - 00014769 ____A C:\ProgramData\1362246260.3220.bin

2013-03-02 09:45 - 2013-03-02 09:45 - 00008721 ____A C:\ProgramData\1362246260.1152.bin

2013-03-02 09:45 - 2013-03-02 09:45 - 00002266 ____A C:\ProgramData\1362246260.3308.bin

2013-03-02 09:45 - 2013-03-02 09:45 - 00000738 ____A C:\ProgramData\1362246260.788.bin

2013-03-02 09:37 - 2013-03-02 09:37 - 00057224 ____A C:\ProgramData\1362245812.bdinstall.bin

2013-03-02 09:36 - 2013-03-02 09:36 - 00314376 ____A C:\ProgramData\1362245572.bdinstall.bin

2013-03-02 09:28 - 2013-03-02 09:28 - 00000033 ____A C:\Users\Common\Desktop\Bitdefender.txt

2013-03-02 09:26 - 2013-03-02 23:48 - 02436672 ____A C:\Users\User\Desktop\bitdefender_antivirus_2.exe

2013-03-02 09:26 - 2013-03-02 09:28 - 02436672 ____A C:\Users\Common\Desktop\bitdefender_antivirus_2.exe

2013-03-02 09:22 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public

2013-03-02 09:03 - 2013-03-02 09:03 - 00000000 __SHD C:\Users\User\AppData\Roaming\725f

2013-03-02 09:03 - 2013-03-02 09:03 - 00000000 __SHD C:\737e

2013-03-01 07:14 - 2013-03-01 07:14 - 00001196 ____A C:\Users\Public\Desktop\BCL easyConverter Desktop 3 (Word Version).lnk

2013-03-01 07:14 - 2013-03-01 07:14 - 00000000 ____D C:\Program Files\BCL Technologies

2013-02-28 06:50 - 2013-02-12 04:25 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-02-28 06:50 - 2012-06-15 00:57 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-02-25 20:43 - 2012-06-29 01:23 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla

2013-02-25 00:04 - 2012-07-30 23:59 - 00000000 ____D C:\Users\Common\AppData\Roaming\DMCache

2013-02-25 00:04 - 2012-07-12 08:43 - 00000000 ____D C:\Users\Common\AppData\Roaming\vlc

2013-02-24 11:41 - 2012-06-22 06:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype

2013-02-24 03:32 - 2013-02-24 03:32 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia

2013-02-19 04:42 - 2013-03-02 09:20 - 13529576 ____A (Microsoft Corporation) C:\Users\User\Desktop\mseinstall.exe

2013-02-19 04:37 - 2012-06-15 00:55 - 00001989 ____A C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk

2013-02-18 09:09 - 2013-02-18 09:09 - 00001989 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-02-18 09:09 - 2012-06-15 00:52 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-02-18 09:09 - 2012-06-15 00:52 - 00000000 ____D C:\Program Files\Adobe

2013-02-18 03:59 - 2009-07-13 20:53 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-02-12 07:38 - 2012-06-16 08:15 - 00000000 ____D C:\Program Files\Internet Download Manager

2013-02-12 05:59 - 2013-02-12 05:59 - 00000000 ____D C:\ProgramData\IDM

2013-02-11 01:04 - 2012-07-12 08:41 - 00000000 ____D C:\Users\Common\AppData\Roaming\Adobe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2013-03-03 00:34] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-01 07:13:58

Restore point made on: 2013-03-02 20:30:45

Restore point made on: 2013-03-03 16:37:29

Restore point made on: 2013-03-06 02:31:59

==================== Memory info ===========================

Percentage of memory in use: 22%

Total physical RAM: 1956.27 MB

Available physical RAM: 1523.53 MB

Total Pagefile: 1956.27 MB

Available Pagefile: 1531.29 MB

Total Virtual: 2047.88 MB

Available Virtual: 1944.48 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:73.14 GB) (Free:43.45 GB) NTFS

2 Drive d: (New Volume) (Fixed) (Total:97.66 GB) (Free:86.18 GB) NTFS

3 Drive e: (New Volume) (Fixed) (Total:97.66 GB) (Free:81.32 GB) NTFS

4 Drive f: (New Volume) (Fixed) (Total:99.55 GB) (Free:84.67 GB) NTFS

5 Drive h: () (Fixed) (Total:97.66 GB) (Free:42.47 GB) NTFS

6 Drive i: (CD_ROM) (CDROM) (Total:3.48 GB) (Free:0 GB) CDFS

7 Drive j: (SRI MURUGA) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32

8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 3072 KB

Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:

===============

Disk ID: 1BAF0215

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 73 GB 101 MB

Partition 3 Primary 97 GB 73 GB

Partition 0 Extended 294 GB 170 GB

Partition 4 Logical 97 GB 170 GB

Partition 5 Logical 97 GB 268 GB

Partition 6 Logical 99 GB 366 GB

=========================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 73 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 H NTFS Partition 97 GB Healthy

=========================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 D New Volume NTFS Partition 97 GB Healthy

=========================================================

Disk: 0

Partition 5

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 E New Volume NTFS Partition 97 GB Healthy

=========================================================

Disk: 0

Partition 6

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 6 F New Volume NTFS Partition 99 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 00000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7633 MB 16 KB

=========================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 7 J SRI MURUGA FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2013-03-05 20:52

==================== End Of Log ============================

FRST.txt

Maniac · March 8, 2013

Boot back into System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

volsnap.sys

Click Search button and post the log (Search.txt) it makes to your reply.

aravindrp112 · March 10, 2013

Here is the content of Search.txt generated by FRST...

Farbar Recovery Scan Tool (x86) Version: 06-03-2013 01

Ran by SYSTEM at 2013-03-10 16:30:30

Running from J:\

================== Search: "volsnap.sys" ===================

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.21320_none_16526fd7765a2629\volsnap.sys

[2013-03-03 00:34] - [2012-09-06 11:18] - 0245616 ____A (Microsoft Corporation) 295954C522A057D3E590EE38246789CE

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.17122_none_15cad1ba5d3abbe6\volsnap.sys

[2013-03-03 00:34] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

[2009-07-13 15:11] - [2009-07-13 17:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FD

C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_73593b5de1f7705b\volsnap.sys

[2013-03-03 00:34] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys

[2009-07-13 15:11] - [2009-07-13 17:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FD

C:\Windows\System32\drivers\volsnap.sys

[2013-03-03 00:34] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

=== End Of Search ===

Maniac · March 10, 2013

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

2013-03-02 09:03 - 2013-03-02 09:03 - 00000000 __SHD C:\Users\User\AppData\Roaming\725f
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\37.js ()
Replace: C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.21320_none_16526fd7765a2629\volsnap.sys C:\Windows\System32\Drivers\volsnap.sys

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

aravindrp112 · March 10, 2013

Do I have to write the script file from the infected PC before running it ??

aravindrp112 · March 10, 2013

Okay here is the Fixlog...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-03-2013 01

Ran by SYSTEM at 2013-03-10 17:01:16 Run:1

Running from J:\

==============================================

C:\Users\User\AppData\Roaming\725f moved successfully.

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\37.js not found.

C:\Windows\System32\Drivers\volsnap.sys moved successfully.

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.21320_none_16526fd7765a2629\volsnap.sys copied successfully to C:\Windows\System32\Drivers\volsnap.sys

==== End of Fixlog ====

Maniac · March 10, 2013

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

aravindrp112 · March 10, 2013

The program's install sheild closes automatically after a few sec...like msconfig and Malwarebytes ...what should I do??

Maniac · March 10, 2013

I guess this is in Normal mode. Please try in Safe mode with Networking.

http://windows.microsoft.com/en-US/windows7/start-your-computer-in-safe-mode

aravindrp112 · March 10, 2013

ComboFix Log...

ComboFix 13-03-10.02 - User 10-03-2013 19:46:49.1.4 - x86 NETWORK

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.1950.1150 [GMT 5.5:30]

Running from: c:\users\User\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}

FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

SP: Bitdefender Antispyware *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\1362245572.bdinstall.bin

c:\programdata\1362245812.bdinstall.bin

c:\programdata\1362246260.1004.bin

c:\programdata\1362246260.1152.bin

c:\programdata\1362246260.2752.bin

c:\programdata\1362246260.3016.bin

c:\programdata\1362246260.3220.bin

c:\programdata\1362246260.3308.bin

c:\programdata\1362246260.6056.bin

c:\programdata\1362246260.6092.bin

c:\programdata\1362246260.6116.bin

c:\programdata\1362246260.788.bin

c:\programdata\1362246260.8016.bin

c:\programdata\1362297162.bdinstall.bin

c:\programdata\1362298163.bdinstall.bin

G:\Setup.exe

.

((((((((((((((((((((((((( Files Created from 2013-02-10 to 2013-03-10 )))))))))))))))))))))))))))))))

.

2013-03-10 14:26 . 2013-03-10 14:26 -------- d-----w- c:\users\User\AppData\Local\temp

2013-03-10 12:58 . 2013-03-10 12:58 48831 ----a-w- c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\390.js

2013-03-10 12:58 . 2013-03-10 12:58 -------- d-sh--w- c:\users\User\AppData\Roaming\725f

2013-03-08 00:22 . 2013-03-08 00:22 -------- d-----w- C:\FRST

2013-03-06 10:32 . 2013-03-06 10:32 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-03-06 10:32 . 2013-03-06 10:32 -------- d-----w- c:\program files\Trend Micro

2013-03-04 01:46 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-03-04 01:46 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-03-04 01:45 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2013-03-04 01:37 . 2009-11-25 07:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2013-03-04 01:37 . 2009-11-25 07:17 49472 ----a-w- c:\windows\system32\netfxperf.dll

2013-03-04 01:37 . 2009-11-25 07:17 297808 ----a-w- c:\windows\system32\mscoree.dll

2013-03-04 01:37 . 2009-11-25 07:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2013-03-04 01:37 . 2009-11-25 07:17 1130824 ----a-w- c:\windows\system32\dfshim.dll

2013-03-04 01:16 . 2013-03-04 01:16 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2013-03-03 17:50 . 2011-06-21 05:54 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2013-03-03 17:45 . 2013-01-04 03:00 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-03-03 17:45 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

2013-03-03 17:45 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll

2013-03-03 17:45 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2013-03-03 17:45 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2013-03-03 17:45 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2013-03-03 17:45 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-03-03 17:45 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-03-03 17:45 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe

2013-03-03 17:45 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll

2013-03-03 17:44 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-03-03 17:43 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll

2013-03-03 17:42 . 2012-12-20 12:59 981504 ----a-w- c:\windows\system32\wininet.dll

2013-03-03 17:40 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll

2013-03-03 17:40 . 2012-11-09 04:49 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-03-03 17:39 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2013-03-03 17:39 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2013-03-03 17:39 . 2011-10-01 04:43 708608 ----a-w- c:\program files\Common Files\System\wab32.dll

2013-03-03 17:39 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2013-03-03 17:39 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

2013-03-03 17:39 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe

2013-03-03 17:39 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe

2013-03-03 17:38 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll

2013-03-03 17:38 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2013-03-03 17:35 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2013-03-03 17:23 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-03-03 17:23 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-03-03 17:23 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-03-03 17:23 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-03-03 17:23 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2013-03-03 17:23 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\system32\msxml6.dll

2013-03-03 17:15 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll

2013-03-03 17:15 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll

2013-03-03 17:12 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-03-03 17:12 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2013-03-03 17:08 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2013-03-03 17:08 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-03 17:08 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-03 17:08 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2013-03-03 17:03 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll

2013-03-03 17:03 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll

2013-03-03 17:03 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2013-03-03 17:01 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll

2013-03-03 17:01 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll

2013-03-03 17:01 . 2012-08-10 23:54 541184 ----a-w- c:\windows\system32\kerberos.dll

2013-03-03 16:41 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2013-03-03 16:41 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll

2013-03-03 16:41 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll

2013-03-03 16:41 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll

2013-03-03 16:41 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll

2013-03-03 16:41 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

2013-03-03 15:18 . 2013-03-03 15:18 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys

2013-03-03 14:46 . 2013-03-03 14:46 -------- d-----w- c:\programdata\BDLogging

2013-03-03 14:44 . 2012-11-12 11:41 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys

2013-03-03 14:44 . 2012-07-06 08:43 77192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys

2013-03-03 14:44 . 2007-04-11 04:41 511328 ----a-w- c:\windows\capicom.dll

2013-03-03 14:44 . 2012-11-02 07:47 242504 ----a-w- c:\windows\system32\drivers\avchv.sys

2013-03-03 14:44 . 2013-01-11 14:59 625128 ----a-w- c:\windows\system32\drivers\avc3.sys

2013-03-03 14:44 . 2013-01-11 14:59 482928 ----a-w- c:\windows\system32\drivers\avckf.sys

2013-03-03 08:49 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2013-03-03 08:49 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2013-03-03 08:49 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2013-03-03 08:49 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

2013-03-03 08:44 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll

2013-03-03 08:42 . 2012-12-26 04:51 760320 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-03 08:41 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe

2013-03-03 08:36 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2013-03-03 08:36 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\system32\DWrite.dll

2013-03-03 08:36 . 2012-03-03 05:40 739840 ----a-w- c:\windows\system32\d2d1.dll

2013-03-03 08:36 . 2012-03-03 05:40 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-03-03 08:36 . 2012-03-03 05:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2013-03-03 08:34 . 2012-09-06 19:18 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys

2013-03-03 08:32 . 2013-03-03 08:32 -------- d-----w- c:\users\User\AppData\Roaming\Bitdefender

2013-03-03 08:32 . 2013-03-03 14:47 -------- d-----w- c:\programdata\Bitdefender

2013-03-03 08:30 . 2013-03-03 08:30 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan

2013-03-03 08:25 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2013-03-03 08:25 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll

2013-03-03 08:24 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2013-03-03 08:13 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll

2013-03-03 08:10 . 2012-08-29 11:54 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys

2013-03-03 08:10 . 2012-10-31 06:43 343456 ----a-w- c:\windows\system32\drivers\trufos.sys

2013-03-03 07:59 . 2013-03-03 07:59 -------- d-----w- c:\program files\Bitdefender

2013-03-03 07:36 . 2013-03-03 07:47 -------- d-----w- c:\program files\Trojan Remover

2013-03-03 07:06 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll

2013-03-03 07:06 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2013-03-03 07:06 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2013-03-03 07:06 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

2013-03-03 04:30 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2013-03-02 17:29 . 2013-03-03 08:10 -------- d-----w- c:\program files\Common Files\Bitdefender

2013-03-02 17:03 . 2013-03-02 17:03 -------- d-----w- C:\737e

2013-03-01 15:14 . 2013-03-01 15:14 -------- d-----w- c:\program files\BCL Technologies

2013-02-24 11:32 . 2013-02-24 11:32 -------- d-----w- c:\users\User\AppData\Local\Macromedia

2013-02-12 13:59 . 2013-02-12 13:59 -------- d-----w- c:\programdata\IDM

2013-02-12 12:25 . 2013-02-28 14:50 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-28 14:50 . 2012-06-15 08:57 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-24 10:27 . 2012-11-28 13:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACEDCCFC-1EBB-4EF8-93D2-B41BB324960C}\offreg.dll

2012-06-14 22:20 . 2012-06-25 07:53 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-14 138096]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-02-12 3565432]

"googletalk"="c:\users\User\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 143384]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 176664]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 178200]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-05-27 1138783]

"Chicony_OSD"="c:\program files\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-12 53248]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-06-16 148888]

"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-02-19 1614856]

.

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

390.js [2013-3-10 48831]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2012-6-15 25214]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-15 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-06-16 09:18 116648 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22 3739648 ----a-w- c:\users\User\AppData\Roaming\Google\Google Talk\googletalk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2011-03-22 12:52 1406248 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nimbuzz]

2012-04-19 19:52 12549632 ----a-w- c:\program files\Nimbuzz\Nimbuzz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2013-01-08 07:29 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-12-24 10:25 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

R0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]

R2 OSDSvc;ChiconyOSDService;c:\program files\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]

R4 Msiscdeo;Msiscdeo; [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]

S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-12 14:50]

.

2013-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000Core.job

- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 14:39]

.

2013-03-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000UA.job

- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 14:39]

.

2013-03-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003Core.job

- c:\users\user_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 15:25]

.

2013-03-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003UA.job

- c:\users\user_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 15:25]

.

2013-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000Core.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 09:18]

.

2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1000UA.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 09:18]

.

2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003Core.job

- c:\users\user_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 10:25]

.

2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1003UA.job

- c:\users\user_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 10:25]

.

2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1004Core.job

- c:\users\Common\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 08:25]

.

2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-886538030-807793273-4249695029-1004UA.job

- c:\users\Common\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 08:25]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yd.delta-search.com/?affID=110825&tt=230113_srchyd_0413_5&babsrc=HP_ss&mntrId=1c8b8d060000000000002aedb9686b89

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4uf807n.default\

FF - prefs.js: browser.search.selectedEngine - Delta Search

FF - prefs.js: browser.startup.homepage - hxxp://www.yd.delta-search.com/?affID=110825&tt=230113_srchyd_0413_5&babsrc=HP_ss&mntrId=1c8b8d060000000000002aedb9686b89

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-01-24 12:22; ffxtlbr@delta.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4uf807n.default\extensions\ffxtlbr@delta.com

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - 1c8b8d060000000000002aedb9686b89

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15729

FF - user.js: extensions.delta.vrsn - 1.8.8.8

FF - user.js: extensions.delta.vrsni - 1.8.8.8

FF - user.js: extensions.delta_i.vrsnTs - 1.8.8.812:25

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta_i.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta_i.excTlbr - false

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta_i.newTab - false

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

AddRemove-PDF Creator - c:\progra~1\PDFCreator\Actual\uninstpw.exe

AddRemove-{C1080852-065E-4991-9260-F3756E3CC182} - c:\users\User\AppData\Local\{A850D4D9-871B-4234-908D-21C457767270}\CursorFX_public.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-886538030-807793273-4249695029-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):bb,19,06,8d,ec,37,d7,8e,77,93,4d,42,50,45,7f,c6,cd,41,94,fd,4b,

fa,ac,89,e6,25,9c,80,c4,1d,51,a4,3f,12,84,02,30,b1,d6,63,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-886538030-807793273-4249695029-1000_Classes\CLSID\{ba7ec6d7-6a41-4499-83a0-cebbe247a3e2}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000124

"Therad"=dword:0000001f

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-10 19:59:13

ComboFix-quarantined-files.txt 2013-03-10 14:29

.

Pre-Run: 46,549,946,368 bytes free

Post-Run: 46,954,835,968 bytes free

.

- - End Of File - - A046E27BF1F8AB1958DA31806C4564F5

Maniac · March 10, 2013

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\390.js
Folder::
c:\users\User\AppData\Roaming\725f
DDS::
uStart Page = hxxp://www.yd.delta-search.com/?affID=110825&tt=230113_srchyd_0413_5&babsrc=HP_ss&mntrId=1c8b8d060000000000002aedb9686b89
FireFox::
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4uf807n.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yd.delta-search.com/?affID=110825&tt=230113_srchyd_0413_5&babsrc=HP_ss&mntrId=1c8b8d060000000000002aedb9686b89
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-24 12:22; ffxtlbr@delta.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4uf807n.default\extensions\ffxtlbr@delta.com
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 1c8b8d060000000000002aedb9686b89
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15729
FF - user.js: extensions.delta.vrsn - 1.8.8.8
FF - user.js: extensions.delta.vrsni - 1.8.8.8
FF - user.js: extensions.delta_i.vrsnTs - 1.8.8.812:25
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta_i.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta_i.excTlbr - false
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta_i.newTab - false
JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

aravindrp112 · March 11, 2013

Hey i got this error earlier today when I turned on my PC...pic is attached...

Anyway here is the new ComboFix log...

ComboFix 13-03-10.02 - User 11-03-2013 16:04:58.2.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.1950.1178 [GMT 5.5:30]

Running from: c:\users\User\Desktop\ComboFix.exe

Command switches used :: c:\users\User\Desktop\CFScript.txt

AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}

FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\390.js"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\ntuser.dat

c:\users\User\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

c:\users\User\AppData\Roaming\725f

c:\users\User\AppData\Roaming\725f\644.js

c:\windows\system32\drivers\etc\lmhosts

.

((((((((((((((((((((((((( Files Created from 2013-02-11 to 2013-03-11 )))))))))))))))))))))))))))))))

.

2013-03-11 10:43 . 2013-03-11 10:43 -------- d-----w- c:\users\user_2\AppData\Local\temp

2013-03-11 10:43 . 2013-03-11 10:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-11 10:43 . 2013-03-11 10:43 -------- d-----w- c:\users\Common\AppData\Local\temp

2013-03-10 14:29 . 2013-03-11 10:45 -------- d-----w- c:\users\User\AppData\Local\temp