12 replies to this topic

[Mr. Scott]

I am brand new to this website, and not sure if this is the right forum. I have an old eMachine computer with XP that has recently started running very slowly. It takes quite a while for a browser to load, to reach a website, change pages, etc. I have installed Kaspersky Pure and CCleaner, ran them both, and no difference. I'm not sure what you need (hijack this or whatever) but I would appreciate assistance. Thanks very much.

[----------------]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

• Execute TDSSKiller.exe by doubleclicking on it.
• Press Start Scan
• If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
• Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please attach this file to your next reply.

[Mr. Scott]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Owner (administrator) on COMPUTER1 on 31-03-2014 15:29:39
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
() C:\WINDOWS\zHotkey.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\shwiconem.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RealPlay.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Owner\My Documents\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Recguard] - C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [CHotkey] - C:\WINDOWS\zHotkey.exe [543232 2004-05-17] ()
HKLM\...\Run: [ShowWnd] - C:\WINDOWS\ShowWnd.exe [36864 2003-09-19] ()
HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [77824 2004-11-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2003-10-31] (Cyberlink Corp.)
HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2004-11-11] (ATI Technologies, Inc.)
HKLM\...\Run: [SunKistEM] - C:\Program Files\Digital Media Reader\shwiconem.exe [135168 2004-11-15] (Alcor Micro, Corp.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [98304 2005-01-28] (Apple Computer, Inc.)
HKLM\...\Run: [Symantec NetDriver Monitor] - C:\Program Files\SymNetDrv\SNDMon.exe [111840 2005-10-20] (Symantec Corporation)
HKLM\...\Run: [RealTray] - C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2006-09-26] (RealNetworks, Inc.)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-1559671199-845651217-608087500-1003\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1559671199-845651217-608087500-1003\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-04-09] (Google Inc.)
HKU\S-1-5-21-1559671199-845651217-608087500-1003\...\MountPoints2: {4f63278d-8557-11d9-be24-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
HKU\S-1-5-21-1559671199-845651217-608087500-1003\...\MountPoints2: {e1ec6b61-710a-11d9-b301-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\261694~1.246\{c16c1~1\bitguard.dll => c:\docume~1\alluse~1\applic~1\bitguard\261694~1.246\{c16c1~1\bitguard.dll File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00000038a000011
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page =
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...00000038a000011
SearchScopes: HKCU - {0CD3A4A4-DA9E-45E2-B965-FE0D67D260DD} URL = http://search.yahoo....=utf-8&fr=b1ie7
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...00000038a000011
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default
FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\user.js
FF NewTab: hxxp://www.delta-search.com/?affID=119776&tt=gc_&babsrc=NT_ss&mntrId=28CD00038A000011
FF DefaultSearchEngine: Delta Search
FF SearchEngineOrder.1: Delta Search
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www.delta-search.com/?affID=119776&tt=gc_&babsrc=HP_ss&mntrId=28CD00038A000011
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\searchplugins\BitGuard.xml
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\searchplugins\delta.xml
FF Extension: GoPhotoIt - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\Extensions\gophoto@gophoto.it [2013-09-17]
FF Extension: FTdownloader V3.0 - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\Extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11]
FF Extension: GoPhotoIt - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\Extensions\gophoto@gophoto.it.xpi [2012-07-31]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-03-27]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-27]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-03-27]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-03-27]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-03-27]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-23]
CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-23]
CHR Extension: (Kaspersky URL Advisor) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-27]
CHR Extension: (Delta Toolbar) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2014-01-23]
CHR Extension: (Safe Money) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-27]
CHR Extension: (Content Blocker) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-27]
CHR Extension: (Virtual Keyboard) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-23]
CHR Extension: (GoPhoto.it) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2014-01-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-23]
CHR Extension: (Anti-Banner) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-27]
CHR HKLM\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files\FTDownloader.com\FTDownloader10.crx [2014-03-27]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Documents and Settings\Owner\Application Data\BabSolution\CR\Delta.crx [2013-05-27]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit14.crx [2012-07-31]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2005-01-28] (New Boundary Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2297664 2004-11-17] (Realtek Semiconductor Corp.)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-09-26] (Windows ® 2000 DDK provider)
R0 CSCrySec; C:\WINDOWS\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\WINDOWS\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [593504 2013-11-11] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24160 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [145040 2013-11-11] (Kaspersky Lab ZAO)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [36804 2004-11-15] (Alcor Micro Corp.)
S3 SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [11544 2005-02-25] (Symantec Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [123208 2005-02-16] (Symantec Corporation)
S3 SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [173176 2005-02-25] (Symantec Corporation)
S3 SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [36984 2005-02-25] (Symantec Corporation)
S3 SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [47192 2005-02-25] (Symantec Corporation)
S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [17976 2005-02-25] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [268216 2005-02-25] (Symantec Corporation)
S3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22608 2001-08-09] (America Online, Inc.)
U4 intelppm;
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-11-11] (Kaspersky Lab ZAO)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-31 15:27 - 2014-03-31 15:29 - 00000000 ____D () C:\FRST
2014-03-29 21:43 - 2014-03-29 21:43 - 00001294 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140329_214326.reg
2014-03-29 21:42 - 2014-03-29 21:42 - 00271604 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140329_214247.reg
2014-03-29 21:22 - 2014-03-29 21:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-29 21:22 - 2014-03-29 21:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SoftwareWatcher bundle
2014-03-29 21:22 - 2014-03-29 21:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-03-27 21:39 - 2014-03-27 21:39 - 00001857 _____ () C:\Documents and Settings\Owner\Desktop\Safe Money.lnk
2014-03-27 21:36 - 2014-03-27 21:36 - 00000815 _____ () C:\Documents and Settings\All Users\Desktop\Kaspersky PURE 3.0.lnk
2014-03-27 21:36 - 2014-03-27 21:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky PURE 3.0
2014-03-27 21:35 - 2011-06-02 14:39 - 00039736 _____ (Infowatch) C:\WINDOWS\system32\Drivers\CSVirtualDiskDrv.sys
2014-03-27 21:34 - 2011-06-02 14:39 - 00088632 _____ (Infowatch) C:\WINDOWS\system32\Drivers\CSCrySec.sys
2014-03-27 21:33 - 2014-03-31 14:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2014-03-27 21:33 - 2014-03-27 21:33 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-03-27 21:33 - 2014-03-27 21:33 - 00000000 ____D () C:\Program Files\Common Files\InfoWatch
2014-03-27 21:33 - 2013-11-11 22:18 - 00593504 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2014-03-27 21:33 - 2013-11-11 22:18 - 00074336 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2014-03-27 21:20 - 2014-03-27 21:21 - 00000000 ___HD () C:\kleaner.tmp
2014-03-27 21:15 - 2014-03-27 21:15 - 00030304 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-11 20:58 - 2014-03-11 20:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-11 20:57 - 2014-03-11 20:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-11 20:37 - 2014-03-11 20:37 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-11 01:57 - 2014-03-11 01:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-10 20:10 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-10 20:10 - 2014-02-25 18:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe

==================== One Month Modified Files and Folders =======

2014-03-31 15:29 - 2014-03-31 15:27 - 00000000 ____D () C:\FRST
2014-03-31 15:26 - 2012-06-23 21:23 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 14:30 - 2014-03-27 21:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2014-03-31 14:06 - 2004-08-26 11:02 - 01214080 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-31 14:05 - 2012-06-23 21:23 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-31 14:05 - 2004-08-26 11:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-31 13:07 - 2004-08-26 11:09 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-03-31 13:07 - 2004-08-26 11:08 - 00032556 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-29 21:43 - 2014-03-29 21:43 - 00001294 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140329_214326.reg
2014-03-29 21:42 - 2014-03-29 21:42 - 00271604 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140329_214247.reg
2014-03-29 21:38 - 2004-08-26 11:09 - 00000000 ____D () C:\Documents and Settings\Owner
2014-03-29 21:22 - 2014-03-29 21:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-29 21:22 - 2014-03-29 21:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SoftwareWatcher bundle
2014-03-29 21:22 - 2014-03-29 21:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-03-27 23:14 - 2005-06-29 18:04 - 00000000 ____D () C:\Program Files\McAfee
2014-03-27 23:14 - 2005-01-28 02:19 - 00000000 ____D () C:\Program Files\BigFix
2014-03-27 23:10 - 2005-01-28 02:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee.com
2014-03-27 23:09 - 2005-06-29 18:04 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-27 23:09 - 2005-01-28 02:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2014-03-27 23:04 - 2004-08-26 09:12 - 00000502 _____ () C:\WINDOWS\win.ini
2014-03-27 21:39 - 2014-03-27 21:39 - 00001857 _____ () C:\Documents and Settings\Owner\Desktop\Safe Money.lnk
2014-03-27 21:36 - 2014-03-27 21:36 - 00000815 _____ () C:\Documents and Settings\All Users\Desktop\Kaspersky PURE 3.0.lnk
2014-03-27 21:36 - 2014-03-27 21:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky PURE 3.0
2014-03-27 21:33 - 2014-03-27 21:33 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-03-27 21:33 - 2014-03-27 21:33 - 00000000 ____D () C:\Program Files\Common Files\InfoWatch
2014-03-27 21:26 - 2005-01-28 02:09 - 00000000 ____D () C:\Program Files\Symantec
2014-03-27 21:26 - 2005-01-28 02:09 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-03-27 21:22 - 2005-01-28 02:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-03-27 21:21 - 2014-03-27 21:20 - 00000000 ___HD () C:\kleaner.tmp
2014-03-27 21:20 - 2005-10-20 20:54 - 00000075 _____ () C:\WINDOWS\system32\LuResult.txt
2014-03-27 21:20 - 2005-01-28 02:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
2014-03-27 21:15 - 2014-03-27 21:15 - 00030304 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-27 14:35 - 2004-08-26 09:12 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-18 16:34 - 2013-07-14 00:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 16:30 - 2009-05-15 10:58 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-15 08:40 - 2014-01-23 21:22 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-11 21:31 - 2004-08-26 03:54 - 00143624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-11 20:58 - 2014-03-11 20:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-11 20:57 - 2014-03-11 20:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-11 20:37 - 2014-03-11 20:37 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-11 01:57 - 2014-03-11 01:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-08 19:30 - 2005-01-28 02:17 - 00000000 ____D () C:\Program Files\Common Files\AOL
2014-03-08 19:27 - 2005-01-28 02:18 - 00000000 ____D () C:\Program Files\Pure Networks
2014-03-08 19:25 - 2005-01-28 02:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AOL
2014-03-08 19:24 - 2014-02-05 13:06 - 00000006 _____ () C:\WINDOWS\msoffice.ini

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\AtiCimUn.exe
C:\Documents and Settings\Owner\Local Settings\Temp\autorun.dll
C:\Documents and Settings\Owner\Local Settings\Temp\fp_pl_pfs_installer-1.exe
C:\Documents and Settings\Owner\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Owner\Local Settings\Temp\mny73.exe
C:\Documents and Settings\Owner\Local Settings\Temp\uninst.dll


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Owner at 2014-03-31 15:30:55
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Kaspersky PURE 3.0 (Disabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Kaspersky PURE 3.0 (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader 6.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-000000000001}) (Version: 6.0 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1010 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5134 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.08-041111a-019690C - )
ccCommon (Version: 103.5.0.89 - Symantec) Hidden
CCleaner (Version: 4.12 - Piriform) Hidden
Digital Media Reader (HKLM\...\InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}) (Version: 1.10 - )
Digital Media Reader (Version: 1.10 - ) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Java 2 Runtime Environment, SE v1.4.2 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142000}) (Version: 1.4.2 - Sun Microsystems, Inc.)
Kaspersky PURE 3.0 (HKLM\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (Version: 13.0.2.558 - Kaspersky Lab) Hidden
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MSN (HKLM\...\MSNINST) (Version: - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Keyboard Driver (HKLM\...\{FF262740-C85A-11D5-BBEC-00D0B740900A}) (Version: - )
Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version: - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
Norton Internet Security (Version: 8.2.0.32 - Symantec Corporation) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
QuickTime (HKLM\...\QuickTime) (Version: - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version: - )
SoftwareWatcher bundle (HKLM\...\SoftwareWatcher bundle) (Version: 2.0.0.3 - SoftwareWatcher)
SymNet (Version: 5.5.0.60 - Symantec Corporation) Hidden
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB953356) (HKLM\...\KB953356) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - )

==================== Restore Points =========================

04-01-2014 20:25:47 System Checkpoint
05-01-2014 06:15:57 Software Distribution Service 3.0
07-01-2014 01:52:00 System Checkpoint
08-01-2014 03:10:52 System Checkpoint
09-01-2014 05:15:23 System Checkpoint
10-01-2014 13:53:31 System Checkpoint
11-01-2014 21:19:28 System Checkpoint
12-01-2014 21:51:43 System Checkpoint
14-01-2014 00:10:11 System Checkpoint
14-01-2014 20:07:30 Software Distribution Service 3.0
15-01-2014 23:20:55 System Checkpoint
16-01-2014 01:26:11 Software Distribution Service 3.0
18-01-2014 06:33:53 System Checkpoint
20-01-2014 17:59:05 System Checkpoint
22-01-2014 04:21:50 System Checkpoint
23-01-2014 04:37:49 System Checkpoint
24-01-2014 04:53:58 System Checkpoint
25-01-2014 05:09:04 System Checkpoint
27-01-2014 04:47:46 System Checkpoint
28-01-2014 17:05:22 System Checkpoint
30-01-2014 16:54:41 System Checkpoint
31-01-2014 22:37:26 System Checkpoint
01-02-2014 23:34:55 System Checkpoint
03-02-2014 07:32:19 System Checkpoint
04-02-2014 18:53:05 System Checkpoint
06-02-2014 19:05:54 System Checkpoint
09-02-2014 18:36:36 System Checkpoint
11-02-2014 03:14:06 System Checkpoint
12-02-2014 17:46:22 System Checkpoint
13-02-2014 07:45:00 Software Distribution Service 3.0
15-02-2014 18:37:20 System Checkpoint
17-02-2014 17:01:06 System Checkpoint
19-02-2014 21:43:37 System Checkpoint
22-02-2014 01:06:09 System Checkpoint
23-02-2014 18:21:10 System Checkpoint
26-02-2014 04:09:45 System Checkpoint
27-02-2014 05:11:02 System Checkpoint
28-02-2014 05:28:17 System Checkpoint
01-03-2014 06:55:54 System Checkpoint
02-03-2014 06:57:24 System Checkpoint
03-03-2014 07:43:46 System Checkpoint
04-03-2014 08:08:10 System Checkpoint
05-03-2014 18:03:56 System Checkpoint
07-03-2014 03:35:11 System Checkpoint
09-03-2014 01:48:57 System Checkpoint
09-03-2014 02:21:41 Removed BabylonObjectInstaller
11-03-2014 08:55:41 Software Distribution Service 3.0
12-03-2014 03:56:02 Software Distribution Service 3.0
13-03-2014 04:27:27 System Checkpoint
14-03-2014 06:57:41 System Checkpoint
15-03-2014 16:12:37 System Checkpoint
17-03-2014 04:28:53 System Checkpoint
18-03-2014 23:29:40 Software Distribution Service 3.0
20-03-2014 01:16:13 System Checkpoint
22-03-2014 00:57:28 System Checkpoint
23-03-2014 21:04:44 System Checkpoint
25-03-2014 04:47:23 System Checkpoint
26-03-2014 19:42:47 System Checkpoint
28-03-2014 04:22:19 Removed Norton Security Center
28-03-2014 04:33:29 First Restore Point
30-03-2014 19:13:13 System Checkpoint

==================== Hosts content: ==========================

2004-08-26 09:11 - 2004-08-04 12:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2005-01-28 02:09 - 2004-05-17 19:30 - 00543232 _____ () C:\WINDOWS\zHotkey.exe
2005-01-28 02:09 - 2001-07-02 21:36 - 00024576 _____ () C:\WINDOWS\HKNTDLL.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2014-03-15 08:39 - 2014-03-14 17:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2004-08-26 09:11 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-26 09:12 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-03-15 08:39 - 2014-03-14 17:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 08:39 - 2014-03-14 17:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 08:39 - 2014-03-14 17:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-01-24 11:07 - 2014-01-24 11:07 - 04591616 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2014-01-24 11:07 - 2014-01-24 11:07 - 00112128 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2014 10:35:29 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/27/2014 09:40:47 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/27/2014 09:40:44 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/27/2014 09:14:30 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (03/27/2014 09:24:08 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/27/2014 09:24:08 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/27/2014 09:24:08 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/27/2014 09:24:08 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/27/2014 09:24:07 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/27/2014 09:24:07 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/27/2014 09:24:07 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/27/2014 09:24:07 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/27/2014 09:24:07 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/27/2014 09:24:07 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (03/29/2014 10:35:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/29/2014 10:35:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/27/2014 09:40:47 PM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/27/2014 09:40:44 PM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/27/2014 09:14:30 PM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.


==================== Memory info ===========================

Percentage of memory in use: 92%
Total physical RAM: 382.48 MB
Available physical RAM: 29.28 MB
Total Pagefile: 913.58 MB
Available Pagefile: 266.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:145.29 GB) (Free:133.12 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:3.75 GB) (Free:1.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=145 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

[Mr. Scott]

I didn't see the file attachment link the first time. Here it is.

Thanks

Attached Files

•  TDSSKiller.3.0.0.26_31.03.2014_15.34.42_log.txt   126.27KB   235 downloads

[----------------]

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Kaspersky or Norton.

 

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Yahoo! Toolbar
Yahoo! Toolbar
Google Toolbar

Close the window.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

• Download the attached fixlist.txt and save it to the location where FRST is saved to.
• Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

• If not existing, please download Malwarebytes Anti-Malware to your desktop.
• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

Attached Files

•  fixlist.txt   2.97KB   220 downloads

[Mr. Scott]

I deleted Norton before I installed Kaspersky (through Control Panel.) There must be some remnant of it somewhere, but there is no Norton directory in Explorer and it is not listed in Add/Remove programs. There was a manual in the start menu, and I deleted that, although that shouldn't be an issue.

Google and Yahoo toolbars removed.

I am comfortable editing the Registry if necessary.

After running the MBAM program, and restarting, it is still quite slow. I opened Task Manager, and it showed avp.exe using high 95 - 100% range. And the reply box does not have the attachment link, so I will have to attach the file you want in a separate reply like the first time.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/1/2014
Scan Time: 10:29:28 PM
Logfile:
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.02.01
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 213574
Time Elapsed: 44 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 15
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [78110f16abd0c27429165ae5956d8779],
PUP.Optional.Delta.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Quarantined, [f792c75e661581b5f34cfe40669cd729],
PUP.Optional.Delta.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Quarantined, [f792c75e661581b5f34cfe40669cd729],
PUP.Optional.Delta.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Quarantined, [2b5ea87d88f366d09ca26ed0976bbf41],
PUP.Optional.Delta.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Quarantined, [2b5ea87d88f366d09ca26ed0976bbf41],
Trojan.Agent, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{549B5CA7-4A86-11D7-A4DF-000874180BB3}, Quarantined, [cebb48dd0d6e86b0dafabf6da062619f],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETUP.EXE, Quarantined, [e0a976afd0ab171f441145d91ee23ac6],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, Quarantined, [810860c57704c96d980b4a37a06324dc],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [13760b1aea910d29a06ea2e019ea35cb],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [bacfba6b710a61d5840a037d1ce757a9],
PUP.Optional.Delta.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\delta LTD, Quarantined, [4d3c1411f08bda5cd67487fbb64dd828],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Quarantined, [3c4d66bf7407d462ebac4140da29a858],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [b9d0df46aad1bb7b1d9896ea50b3e61a],
PUP.Optional.BProtector.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Quarantined, [e6a3cf569fdca88e737800832bd8c937],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Quarantined, [1079b372cfac2313386ab9c8a65d0ef2],

Registry Values: 3
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 1523565541038856066, Quarantined, [810860c57704c96d980b4a37a06324dc]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1J1U1D1O1P1ItGyB1V, Quarantined, [b9d0df46aad1bb7b1d9896ea50b3e61a]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1559671199-845651217-608087500-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1523565541038856066, Quarantined, [1079b372cfac2313386ab9c8a65d0ef2]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.FileScout.A, C:\Documents and Settings\Owner\Application Data\File Scout, Quarantined, [1475ae7727540531f60ca6acc53d7c84],
PUP.Optional.Conduit.A, C:\Documents and Settings\Owner\Local Settings\Temp\CT3325809, Quarantined, [e3a6091ce497ab8b0f535df57b87f907],

[Mr. Scott]

Files: 43

PUP.Optional.FileScout.A, C:\Documents and Settings\Owner\Application Data\File Scout\filescout.exe, Quarantined, [6d1ce93c5d1ee65063712ed16c94a858], 

PUP.Optional.Conduit, C:\Documents and Settings\Owner\My Documents\Downloads\CCleaner_TSV47DQAB.exe, Quarantined, [8cfd34f1e09bbc7ac57327123bc9e11f], 

PUP.Optional.BabylonToolBar.A, C:\Documents and Settings\Owner\Local Settings\Temp\0B0CED31-BAB0-7891-8336-A68461231332\Latest\MyBabylonTB.exe, Quarantined, [5d2ce73e04777bbb87fc2ee128d92ed2], 

PUP.GamePlayLabs, C:\Documents and Settings\Owner\Local Settings\Temp\is754907076\GiantSavings_US.exe, Quarantined, [4a3f3aeb4b30072f2470e2b0e21ef808], 

PUP.Optional.Babylon.A, C:\Documents and Settings\Owner\Local Settings\Temp\is754907076\MyBabylonTB.exe, Quarantined, [08813bea25566fc7e7d3fd21a759728e], 

PUP.Optional.BabylonToolBar.A, C:\Documents and Settings\Owner\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe, Quarantined, [2267fc29ed8e40f6b9cab9560bf609f7], 

PUP.Optional.Babylon.A, C:\Documents and Settings\Owner\Local Settings\Temp\64B090E8-BAB0-7891-90B6-B6D17F693106\Latest\BExternal.dll, Quarantined, [8cfd1f06f784171f7d627ca6f50b6c94], 

PUP.Optional.Babylon.A, C:\Documents and Settings\Owner\Local Settings\Temp\64B090E8-BAB0-7891-90B6-B6D17F693106\Latest\CrxInstaller.dll, Quarantined, [2960cf565724f442f818a071ad542fd1], 

PUP.Optional.Delta, C:\Documents and Settings\Owner\Local Settings\Temp\64B090E8-BAB0-7891-90B6-B6D17F693106\Latest\MyBabylonTB.exe, Quarantined, [8efbdc492655bc7a817cad531de42ed2], 

PUP.Optional.Babylon.A, C:\Documents and Settings\Owner\Local Settings\Temp\64B090E8-BAB0-7891-90B6-B6D17F693106\Latest\Setup.exe, Quarantined, [e0a976afd0ab171f441145d91ee23ac6], 

PUP.Optional.BProtector.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\bProtector_extensions.sqlite, Quarantined, [c5c47baa8feccd69bc5f78e7956d7a86], 

PUP.Optional.BProtector.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\bprotector_prefs.js, Quarantined, [b9d0e2436813cc6ad14b203f5fa320e0], 

PUP.Optional.FileScout.A, C:\Documents and Settings\Owner\Application Data\File Scout\uninst.exe, Quarantined, [1475ae7727540531f60ca6acc53d7c84], 

PUP.Optional.Conduit.A, C:\Documents and Settings\Owner\Local Settings\Temp\CT3325809\ddt.csf, Quarantined, [e3a6091ce497ab8b0f535df57b87f907], 

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), Replaced,[e5a4ec39d0ab49ed601a6fcba75d11ef]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), Replaced,[f099df46166550e683f71d1d18eca15f]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Replaced,[25642005f8835adc7a003307f311619f]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), Replaced,[0485be67abd08fa7097144f6af55827e]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.babTrack", "affID=109935&tt=010712_2");), Replaced,[a8e1e2437902a5911d5db88222e2cc34]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.bbDpng", "27");), Replaced,[ccbd180d92e9c86ed8a2f644b450de22]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.cntry", "US");), Replaced,[1475d055f487b87eadcd2d0d3bc937c9]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "en");), Replaced,[4f3a48ddfe7dee485d1d033754b026da]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), Replaced,[b2d7889dabd09e981c5ea49632d23bc5]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), Replaced,[3e4b38edcfac6acc1d5d6ad0e123946c]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.hdrMd5", "E030597C79820788E2AF7EA56748B1E8");), Replaced,[2e5b6bba18639a9ccfab8cae11f357a9]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "28cd0eaf00000000000000038a000011");), Replaced,[eb9e40e5b1cada5ccdada595996b43bd]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15852");), Replaced,[e3a66cb9f685c57126549b9f8282c937]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), Replaced,[bacf49dcea911422d4a6300a51b3d42c]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.lastVrsnTs", "1.8.21.515:31:10");), Replaced,[6821da4bfe7d9a9ca0dadb5f27dd17e9]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), Replaced,[70193ee70e6dc4724931e951cb3920e0]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), Replaced,[ee9b998c39425bdbaeccef4b758f6898]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), Replaced,[8bfe68bdbcbf999d4a303406cc386c94]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), Replaced,[8efb2bfa98e30e284e2c0d2db4500af6]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.sg", "azb");), Replaced,[31589194e69558def08a97a3fa0aee12]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), Replaced,[d0b9ed382e4dc670d5a5221846be738d]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), Replaced,[cdbc0421d3a8b482413965d538cc05fb]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), Replaced,[5d2cd352c4b782b44b2faa90b64e08f8]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.21.5");), Replaced,[0683879e007bd4628cee3efc34d07e82]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.21.515:31:10");), Replaced,[2a5f39ec2f4cea4c1f5b74c6aa5a56aa]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.21.5");), Replaced,[c5c4a87d413a2f0782f8201a7c88e917]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babExt", "");), Replaced,[98f1b174e992d363bac0fc3e22e24db3]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babTrack", "affID=119776&tt=gc_");), Replaced,[acdd0c19d7a47db9bac084b69173f60a]

PUP.Optional.Delta.A, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.srcExt", "ss");), Replaced,[13767fa6bbc04ee8b6c4201a768e8b75]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Attached Files

•  Fixlog.txt   6.69KB   215 downloads

[----------------]

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

[Mr. Scott]

C:\Documents and Settings\Owner\Local Settings\Temp\0B0CED31-BAB0-7891-8336-A68461231332\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application
C:\Documents and Settings\Owner\Local Settings\Temp\0B0CED31-BAB0-7891-8336-A68461231332\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Documents and Settings\Owner\Local Settings\Temp\0B0CED31-BAB0-7891-8336-A68461231332\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted application
C:\Documents and Settings\Owner\Local Settings\Temp\0B0CED31-BAB0-7891-8336-A68461231332\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application
C:\Documents and Settings\Owner\Local Settings\Temp\0B0CED31-BAB0-7891-8336-A68461231332\Latest\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Documents and Settings\Owner\Local Settings\Temp\0B0CED31-BAB0-7891-8336-A68461231332\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted application
C:\Documents and Settings\Owner\Local Settings\Temp\64B090E8-BAB0-7891-90B6-B6D17F693106\Latest\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application
C:\Documents and Settings\Owner\Local Settings\Temp\64B090E8-BAB0-7891-90B6-B6D17F693106\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Documents and Settings\Owner\Local Settings\Temp\64B090E8-BAB0-7891-90B6-B6D17F693106\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application
C:\Documents and Settings\Owner\My Documents\Downloads\CCleaner_TSV47DQAB\565592d342e241eb6fca351f9c810ae3_ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

[----------------]

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[S1].txt also

Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.

[Mr. Scott]

# AdwCleaner v3.023 - Report created 04/04/2014 at 21:21:13
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - COMPUTER1
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Gophoto.it
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Owner\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Owner\Start Menu\Programs\BitGuard
Folder Deleted : C:\Documents and Settings\Owner\Start Menu\Programs\FTDownloader.com
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\user.js

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKCU\Software\59e8d8db469bd17
Key Deleted : HKLM\SOFTWARE\59e8d8db469bd17
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IM
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl2bo1v0.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "28cd0eaf00000000000000038a000011");
Line Deleted : user_pref("extensions.delta.instlDay", "15852");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.515:31:10");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119776&tt=gc_");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6554 octets] - [04/04/2014 21:17:34]
AdwCleaner[S0].txt - [6417 octets] - [04/04/2014 21:21:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6477 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Owner on Fri 04/04/2014 at 21:44:49.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1559671199-845651217-608087500-1003\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\bigfix"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\wl2bo1v0.default\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/04/2014 at 21:50:02.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Results of screen317's Security Check version 0.99.81
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Online Scanner v3
Norton Internet Security
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 2 Runtime Environment, SE v1.4.2
Java version out of Date!
Adobe Flash Player 11.7.700.224 Flash Player out of Date!
Adobe Reader 6 Adobe Reader out of Date!
Mozilla Firefox (28.0)
Google Chrome 33.0.1750.152
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

[----------------]

Your system is clean now!

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

• Get the actual JRE from here
• Save jxpiinstall.exe to your desktop
• Close all running programs, especially your browser(s)
• Run jxpiinstall.exe. This will download the newest JRE installer and install the software
• when finished, go to
  Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
• When finished, reboot your computer.

After the reboot

• Open control panel again and click the java symbol.
• Click Settings under Temporary Internet Files.
  The Temporary Files Settings dialog box appears.
• Click Delete Files.
  The Delete Temporary Files dialog box appears
• Click OK on Delete Temporary Files window.
• Click OK again.

 

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

• Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
• Click upon Start-->control panel-->add/remove programs.
• Search for and remove any older reader versions.

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.

• Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
• Run setup and follow the instructions.
• Click upon Start-->control panel-->add/remove programs.
• Search for and remove any older reader versions.

 

 

Uninstall our tools using delfix

Please follow these steps in order:

• In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
• In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
• In any case please download delfix to your desktop.
  
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process
• If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

• System Updates
  Please ensure to have automatic updates activated in your control panel.
  For further information and a tutorial, see this Microsoft Support article.
• Protection
  What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
  Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
  
  • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
    It will filter unwanted advertising out of the website´s content.
  • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
    It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
    In addition, before accessing a dangerous classified web site, a warning screen is displayed.
  
  
• Up to date Software
  Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  
  • Secunia Personal Software Inspector - checks if your software has updates available.
  • SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
  
  
• Backup
  Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
• Behaviour
  The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
  
  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

[----------------]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.