Results 1 to 3 of 3

Thread: Oscar_Delta Toolbar

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member Trickey's Avatar
    Join Date
    Nov 2013
    Posts
    2

    Default Oscar_Delta Toolbar



    Please Help: Thank You in advance, Trickey

    Oscardelta.Toolbar: [SBI $FC70D376] Settings (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-329068152-1644491937-839522115-1004\Software\Conduit\FF\smartbar.machineId
    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
    _______________________________________________________________
    Oscardelta.Toolbar: [SBI $FC70D376] Settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-329068152-1644491937-839522115-1004\Software\Conduit\FF\smartbar.machineId
    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---


    System: Windows XP Home 2002
    Service Pack 3


    Comes back every time, every scan, never really fixes, and tea timer is running.




    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.21359 BrowserJavaVersion: 10.45.2
    Run by Bob at 15:50:33 on 2013-11-26
    Microsoft Windows XP Home Edition

    5.1.2600.3.1252.1.1033.18.2813.1752 [GMT -5:00]
    .
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *Disabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.wafj.com/
    uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
    uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} -
    BHO: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} -
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
    TB: ZoneAlarm Security Toolbar: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} -
    TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} -
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
    TB: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [deskPDF Creator] "c:\program files\docudesk\deskpdf creator\deskPDFCreator.exe" -minimize
    uRun: [DesktopCal] c:\program files\desktopcal\desktopcal.exe
    uRun: [OutlookOnDesktop] c:\program files\outlook on the desktop\OutlookDesktop.exe
    uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [EasyTuneVI] c:\program files\gigabyte\et6\ETcall.exe
    mRun: [USRpdA] <no file>
    StartupFolder: c:\docume~1\bob\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\bob\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wdquic~1.lnk - c:\program files\western digital\wd smartware\WDDMStatus.exe
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:177
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 75.76.84.102 75.76.84.103 192.168.0.1
    TCP: Interfaces\{BCC0671D-63C1-400D-AC50-358785E1E156} : DHCPNameServer = 75.76.84.102 75.76.84.103 192.168.0.1
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\wkcyz349.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\wkcyz349.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\wkcyz349.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\plugins\npConduitFirefoxPlugin.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
    FF - ExtSQL: !HIDDEN! 2010-11-10 13:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-11-5 902432]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-10-14 37352]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-10-14 440376]
    R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-10-14 440376]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-10-14 1164360]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-10-14 90400]
    R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-11-10 219360]
    R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-11-10 68136]
    R2 HPFECP11;HPFECP11;c:\windows\system32\drivers\HPFecp11.sys [1999-5-3 52800]
    R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2010-11-10 22016]
    R2 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-8-1 1091984]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-11-5 152704]
    R3 AODDriver;AODDriver;c:\program files\gigabyte\et6\i386\AODDriver.sys [2009-2-23 7168]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-10-26 100368]
    R3 pmxscan;Memorex USB Kernel;c:\windows\system32\drivers\usbscan.sys [2012-1-13 14976]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-11-5 2326912]
    S2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2013-10-23 166352]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-8-1 263056]
    S2 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-8-1 1592208]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-10 1691480]
    S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-11-11 17488]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-28 14336]
    S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2010-11-10 29440]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2010-11-10 17536]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-10-6 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
    SUnknown GVTDrv;GVTDrv; [x]
    .
    =============== File Associations ===============
    .
    ShellExec: QuickPDF v3.0.exe: Open=c:\program files\quickpdfconverter\QuickPdfToWord.exe "%1"
    .
    =============== Created Last 30 ================
    .
    2013-11-14 19:49:07 -------- d-----w- C:\ab9f2a67826c603b974d803c
    .
    ==================== Find3M ====================
    .
    2013-11-26 12:54:56 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
    2013-11-26 12:54:41 17488 ----a-w- c:\windows\gdrv.sys
    2013-11-19 13:21:07 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2013-11-19 13:21:07 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2013-10-13 08:16:43 841216 ----a-w- c:\windows\system32\wininet.dll
    2013-10-13 08:16:41 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2013-10-13 08:16:40 78336 ----a-w- c:\windows\system32\ieencode.dll
    2013-10-13 08:16:39 17408 ----a-w- c:\windows\system32\corpol.dll
    2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
    2013-10-09 15:07:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-10-09 15:07:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-10-09 15:07:22 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
    2013-10-08 11:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-10-08 11:29:36 145408 ----a-w- c:\windows\system32\javacpl.cpl
    2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
    2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
    2013-09-04 13:47:50 991232 ----a-w- c:\windows\system32\ieframe.dll.mui
    2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
    2013-08-29 00:56:06 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
    .
    ============= FINISH: 15:51:15.60 ===============


    ASWMBR:
    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-11-26 16:38:49
    -----------------------------
    16:38:49.921 OS Version: Windows 5.1.2600 Service Pack 3
    16:38:49.921 Number of processors: 2 586 0x603
    16:38:49.921 ComputerName: RKD UserName: Bob
    16:38:59.890 Initialize success
    16:39:23.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    16:39:23.609 Disk 0 Vendor: WDC_WD10EACS-32D6B1 01.01A01 Size: 953869MB BusType: 3
    16:39:24.390 Disk 0 MBR read successfully
    16:39:24.390 Disk 0 MBR scan
    16:39:24.390 Disk 0 Windows XP default MBR code
    16:39:24.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238496 MB offset 63
    16:39:24.453 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 47998 MB offset 488440260
    16:39:24.515 Disk 0 scanning sectors +586741995
    16:39:25.484 Disk 0 scanning C:\WINDOWS\system32\drivers
    16:40:30.125 Service scanning
    16:40:44.859 Modules scanning
    16:41:07.171 Disk 0 trace - called modules:
    16:41:07.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    16:41:07.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8d8ab8]
    16:41:07.187 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a8c2f18]
    16:41:07.203 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8de940]
    16:41:07.203 Scan finished successfully
    16:41:20.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bob\Desktop\MBR.dat"
    16:41:20.593 The log file has been saved successfully to "C:\Documents and Settings\Bob\Desktop\aswMBR.txt"
    Attached Files Attached Files

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •