Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 31

Thread: mysterious desktop icons probably malware Silverlight and FantasticInst.exe

  1. #11
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Microsoft Windows XP x86
    Ran by User on Thu 03/06/2014 at 17:56:51.96
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Failed to stop: [Service] qknfd
    Successfully stopped: [Service] qksvc
    Successfully deleted: [Service] qksvc



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}



    ~~~ Files

    Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
    Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
    Successfully deleted: [File] "C:\WINDOWS\system32\drivers\qknfd.sys"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files\bigfix"
    Successfully deleted: [Folder] "C:\Program Files\quiknowledge"



    ~~~ FireFox

    Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com"
    Successfully deleted: [Folder] C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\br7jorsi.default\extensions\staged
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\quiknowledge@quiknowledge.com
    Successfully deleted the following from C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\br7jorsi.default\prefs.js

    user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"203\" /><GlobalSuppresses><s u=\".cab\" g=\"13\" i=\"1342\" /><s u=\".hop.cl
    user_pref("id_couponscom.variables.Var1", "hxxp%3A//cdn.coupons.com/couponbar.coupons.com");
    user_pref("id_couponscom.variables.Var2", "hxxp%3A//couponbar.coupons.com");
    user_pref("id_couponscom.variables.Var3", "hxxp%3A//www.coupons.com/coupon-codes/");
    Emptied folder: C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\br7jorsi.default\minidumps [6 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 03/06/2014 at 18:05:48.90
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  2. #12
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    That took out a chunk.

    After you run the below scan give me an update on how the computer is at the moment.


    Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #13
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default MBAM log

    Juliet,

    I really appreicate your help with my computer. You have been so quick to respond and I value both your time and your knowledge.

    As I mentioned previously some stuff installed on my computer when I tried to install adwcleaner a zip file with a bunch of programs installed instead. I think I was able to remove most of the stuff using the control panel remove software function, but this pesky program called outfox tv is still there and I can not remove it. It has installed a side bar on my desktop and taken over my homepage on IE.

    Anyway, Here is the MBAM Log:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.07.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    User :: HOME [administrator]

    3/7/2014 4:10:02 PM
    mbam-log-2014-03-07 (16-10-02).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 322844
    Time elapsed: 1 hour(s), 38 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 19
    HKCR\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{F213853A-D221-4C97-8A4B-7E0AC63F31A1} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{63A20A19-B1E6-4355-AB4C-28553AF40CA2} (PUP.Optional.Jotzey.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63A20A19-B1E6-4355-AB4C-28553AF40CA2} (PUP.Optional.Jotzey.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82249076-d5c8-431d-982b-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82249076-d5c8-431d-982b-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
    HKCU\Software\PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
    HKCU\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    HKCU\Software\AppDataLow\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\QUIKNOWLEDGE (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    HKLM\Software\PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790677B676555736AD91 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Quiknowledge|ie-ver (PUP.Optional.Quiknowledge.A) -> Data: 8.0.6001.18702 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 40
    C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Application Data\Mysearchdial\UpdateProc\UpdateTask.exe.vir (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Desktop\java(1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\nsc25.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\nsk2A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\nsl2D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\nst22.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\is1590112554\655978_stp\quiknowledge-setup-1.9.0.1.exe (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\is1590112554\656068_stp\rcpsetup_adppi12_adppi12.exe (PUP.Optional.RegCleanPro) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\is826640\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\nsi1D\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\FRST\Quarantine\PlurPushBHO.dll06-03-2014_16-47-58 (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
    C:\FRST\Quarantine\updatePlurPush.exe06-03-2014_16-47-58 (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
    C:\FRST\Quarantine\Level Quality Watcher06-03-2014_16-47-51\v1.01\levelqualitywatcher64.exe (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1477\A0216700.exe (PUP.Optional.WeatherAlerts.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1489\A0218461.exe (PUP.Optional.Outbrowse) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0218693.exe (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0218702.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0219146.sys (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0219147.dll (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0219148.exe (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0219149.exe (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1496\A0219183.dll (PUP.Optional.Jotzey.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1496\A0219185.exe (PUP.Optional.Jotzey.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1496\A0219186.exe (PUP.Optional.Jotzey.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1497\A0219315.exe (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.

    (end)

  4. #14
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    From a scan on the previous page it was found, and supposedly deleted.

    Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.outfox.tv/?referid=150|hxxp://search.conduit.com/?ctid=CT3324790&

    Let's try a couple of things




    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :folderfind
      outfox.tv
      :filefind
      outfox.tv
      :regfind
      outfox.tv
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Last edited by Juliet; 2014-03-08 at 02:20. Reason: typo
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #15
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    As I mentioned previously some stuff installed on my computer when I tried to install adwcleaner a zip file with a bunch of programs installed instead.
    I meant to ask, what site did you download this from?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #16
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default system look log

    I clicked on the link to adware (bleepingcomputer.com site) and clicked on the first blue box with the arrow next to it which opened another page with a zipextractor program. Once I opened that a bunch of stuff installed. I guess I clicked on the wrong box? Anyway, here is the log from system look:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:06 on 07/03/2014 by User
    Administrator - Elevation successful

    ========== folderfind ==========

    Searching for "outfox.tv"
    No folders found.

    ========== filefind ==========

    Searching for "outfox.tv"
    No files found.

    ========== regfind ==========

    Searching for "outfox.tv"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\outfox.tv]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="http://www.outfox.tv/?referid=150"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutfoxTV]
    "URLInfoAbout"="http://www.outfox.tv/"
    [HKEY_USERS\S-1-5-21-1266927252-1395366336-781762406-1005\Software\Microsoft\Internet Explorer\DOMStorage\outfox.tv]

    -= EOF =-

  7. #17
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default

    Outfox tv still showing up on my start menu and outfox tv side bar is still on my desk top. I also tried to delete it as my homepage on IE but even after restarting my computer it re established as my homepage. Something must be hiding in my computer still.

    Pesky program...

    I'll keep waiting for your instructions.

    Thanks so much Juliet

  8. #18
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Download OTM by OldTimer Here & save it to your desktop.
    • Double click on OTM.exe to run it
    • Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved

    Note: Do not type it out to minimize the risk of typo error
    Code:
    :reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\outfox.tv]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutfoxTV]
    [-HKEY_USERS\S-1-5-21-1266927252-1395366336-781762406-1005\Software\Microsoft\Internet Explorer\DOMStorage\outfox.tv]
    :Commands
    [emptytemp]
    [Reboot]
    • Click on MoveIt!
    • When done, click on Exit

    Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
    A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

    Let's see if this does any good.

    ~~~~~~~~~~~~~~~~~~~
    Next
    Please open farbar-recovery-scan-tool

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #19
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default

    I opened OTM and pasted the text into move it and it ran but then my screen changed over to my old wallpaper before I cleaned my desktop (picture of my cats). I never had the opportunity to exit and had to reboot my computer to access the desktop files again.

    I ran farbar and it produced one log (as far as I can tell)

    Here is the log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2014
    Ran by User (administrator) on HOME on 08-03-2014 11:59:02
    Running from C:\Documents and Settings\User\Desktop
    Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    (Outfox Tv Productions Pty Ltd) C:\Program Files\OutfoxTV\OutfoxTvService.exe
    ( ) C:\WINDOWS\system32\slserv.exe
    () C:\Program Files\NetDrive\wdService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (FinePrint Software, LLC) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
    (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
    (Outfox Tv Productions Pty Ltd) C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [437008 2005-12-04] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [461584 2005-12-04] (Microsoft Corporation)
    HKLM\...\Run: [pdfFactory Pro Dispatcher v2] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [499712 2006-04-06] (FinePrint Software, LLC)
    HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2010-02-11] (RealNetworks, Inc.)
    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
    HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
    HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe"
    HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
    HKLM\...\runonceex: [] - [X]
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
    HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
    HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\Run: [OutfoxTV] - C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe [326032 2014-01-28] (Outfox Tv Productions Pty Ltd)
    HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: G - G:\LaunchU3.exe
    Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outfox.tv/?referid=150
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP39EB8F52-728A-4B52-97F8-70299885813E&q={searchTerms}&SSPV=
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab
    DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab
    DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.corestaff.com/application/ScriptX.cab
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
    DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10...t.cab55579.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1141696688906
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab
    DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames...l.cab55579.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetupstatic.com/appl...tUploader5.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10...y.cab55579.cab
    DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll No File
    ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default
    FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\user.js
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmnqmp07030901.dll (Move Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\nostmp [2012-02-01]
    FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011-06-21]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-02-09]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-02-09]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
    FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2010-02-11]
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
    FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\ []

    ========================== Services (Whitelisted) =================

    S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
    R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    R2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [312720 2014-01-29] (Outfox Tv Productions Pty Ltd)
    R2 SLService; C:\WINDOWS\system32\slserv.exe [45056 2002-07-02] ( )
    R2 WebDriveService; C:\Program Files\NetDrive\wdService.exe [94208 2003-03-26] ()
    S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
    S2 vToolbarUpdater18.0.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]

    ==================== Drivers (Whitelisted) ====================

    R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [659356 2002-10-02] (Avance Logic, Inc.)
    R3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2002-08-29] (ADMtek Incorporated.)
    R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
    R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
    R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
    R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
    R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.)
    R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-03-02] (AVG Technologies)
    S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5315 2005-05-17] (Cisco Systems, Inc.)
    S3 DNINDIS5; C:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA))
    R1 FileDisk; C:\WINDOWS\system32\Drivers\FileDisk.sys [12928 2005-10-16] (Bo Brantén)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2003-05-14] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2003-05-14] (HP)
    R2 MDC8021X; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [15890 2006-03-10] (Meetinghouse Data Communications)
    S3 MLFILEM; C:\WINDOWS\system32\drivers\MLFILEM.SYS [28288 2004-06-04] (Sysinternals - www.sysinternals.com)
    R3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [197152 2002-09-24] ( )
    S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1807568 2002-07-02] ( )
    S3 NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [161976 2002-07-02] ( )
    R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    R3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [418720 2002-07-02] ( )
    S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [84720 2002-07-02] ( )
    R3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [39348 2002-07-02] (Vireo Software)
    R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [716272 2008-11-01] ()
    S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-01-03] (EnTech Taiwan)
    R2 WebDriveFSD; C:\Program Files\NetDrive\rffsd.sys [67032 2002-11-27] ()
    R1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [91390 2002-07-31] (Intel Corporation)
    R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [71258 2002-07-31] (Intel Corporation)
    S3 AR5523; system32\DRIVERS\wg11tnd5.sys [X]
    S3 ATHFMWDL; System32\Drivers\ATHFMWDL.sys [X]
    S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
    S1 qknfd; system32\drivers\qknfd.sys [X]
    S4 RFNP32; No ImagePath
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-08 11:59 - 2014-03-08 11:59 - 00017671 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
    2014-03-08 11:37 - 2014-03-08 11:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2014-03-08 11:36 - 2014-03-08 11:36 - 00000000 ____D () C:\_OTM
    2014-03-07 20:06 - 2014-03-07 20:14 - 00001578 _____ () C:\Documents and Settings\User\Desktop\SystemLook.txt
    2014-03-07 20:03 - 2014-03-07 20:04 - 00139264 _____ () C:\Documents and Settings\User\Desktop\SystemLook.exe
    2014-03-07 16:04 - 2014-03-07 16:04 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Malwarebytes
    2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-03-07 16:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-03-07 15:56 - 2014-03-07 15:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\User\Desktop\mbam-setup-1.75.0.1300.exe
    2014-03-06 17:56 - 2014-03-06 17:56 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-03-06 17:31 - 2014-03-06 17:31 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\SlimWare Utilities Inc
    2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Program Files\OutfoxTV
    2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\OutfoxTV
    2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Downloaded Installers
    2014-03-06 17:27 - 2014-03-06 17:43 - 00000000 ____D () C:\AdwCleaner
    2014-03-06 17:26 - 2014-03-06 17:26 - 00930952 _____ (CNET Download.com) C:\Documents and Settings\User\Desktop\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe
    2014-03-06 17:04 - 2014-03-07 21:04 - 00000412 _____ () C:\WINDOWS\Tasks\At2.job
    2014-03-06 17:03 - 2012-07-25 12:03 - 00017136 _____ () C:\WINDOWS\system32\sasnative32.exe
    2014-03-06 17:02 - 2014-03-07 21:01 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
    2014-03-06 17:00 - 2014-03-06 17:00 - 01037734 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
    2014-03-06 16:33 - 2014-03-06 16:37 - 01145344 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
    2014-03-05 22:51 - 2014-03-05 22:51 - 00010663 ____C () C:\Rkill1.txt
    2014-03-05 22:46 - 2014-03-05 22:46 - 00038874 ____C () C:\Rkill4.txt
    2014-03-05 22:46 - 2014-03-05 22:43 - 00035407 ____C () C:\Rkill3.txt
    2014-03-05 22:39 - 2014-03-05 22:51 - 00043974 ____C () C:\Rkill2.txt
    2014-03-05 14:34 - 2014-03-08 11:59 - 00000000 ____D () C:\FRST
    2014-03-05 14:18 - 2014-03-05 14:24 - 00213888 ____C () C:\Rkill.txt
    2014-03-05 13:47 - 2014-03-07 21:05 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Unused Desktop Shortcuts
    2014-03-05 12:51 - 2014-03-05 12:36 - 00451108 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-125113.backup
    2014-03-05 12:36 - 2014-03-02 18:39 - 00446704 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-123626.backup
    2014-03-05 12:24 - 2014-03-05 12:24 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
    2014-03-05 11:49 - 2014-03-05 12:47 - 00000000 ____D () C:\WINDOWS\ERDNT
    2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Program Files\ERUNT
    2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    2014-03-02 19:58 - 2014-03-08 11:36 - 00219093 _____ () C:\WINDOWS\setupapi.log
    2014-03-02 18:39 - 2013-04-06 18:27 - 00446704 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140302-183920.backup
    2014-03-01 21:53 - 2014-03-01 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Weather Alerts
    2014-03-01 21:09 - 2014-03-01 21:12 - 00015385 _____ () C:\WINDOWS\KB2909921-IE8.log
    2014-03-01 20:43 - 2014-03-01 20:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
    2014-03-01 20:24 - 2014-03-01 20:25 - 00004867 _____ () C:\WINDOWS\KB2909210-IE8.log
    2014-03-01 18:52 - 2014-03-01 18:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
    2014-03-01 18:51 - 2014-03-01 18:52 - 00009419 _____ () C:\WINDOWS\KB2914368.log
    2014-03-01 18:51 - 2014-03-01 18:51 - 00009399 _____ () C:\WINDOWS\KB2904266.log
    2014-03-01 18:51 - 2014-03-01 18:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
    2014-03-01 18:50 - 2014-03-01 18:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
    2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
    2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
    2014-03-01 18:47 - 2014-03-01 18:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
    2014-03-01 18:46 - 2014-03-01 18:46 - 00007706 _____ () C:\WINDOWS\KB2900986.log
    2014-03-01 18:46 - 2014-03-01 18:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
    2014-03-01 18:45 - 2014-03-01 18:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
    2014-03-01 18:44 - 2014-03-01 18:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
    2014-03-01 18:43 - 2014-03-01 18:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
    2014-03-01 18:36 - 2014-03-01 18:36 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
    2014-03-01 18:08 - 2014-03-01 20:43 - 00011995 _____ () C:\WINDOWS\KB2916036.log
    2014-03-01 18:08 - 2014-03-01 18:50 - 00016197 _____ () C:\WINDOWS\KB2898715.log
    2014-03-01 18:08 - 2014-03-01 18:45 - 00013778 _____ () C:\WINDOWS\KB2868626.log
    2014-03-01 18:07 - 2014-03-01 18:48 - 00015700 _____ () C:\WINDOWS\KB2893984.log
    2014-03-01 18:07 - 2014-03-01 18:47 - 00014503 _____ () C:\WINDOWS\KB2893294.log
    2014-03-01 18:07 - 2014-03-01 18:46 - 00014365 _____ () C:\WINDOWS\KB2876331.log
    2014-03-01 18:07 - 2014-03-01 18:43 - 00012789 _____ () C:\WINDOWS\KB2862152.log
    2014-03-01 18:04 - 2014-03-01 18:48 - 00014515 _____ () C:\WINDOWS\KB2892075.log

    ==================== One Month Modified Files and Folders =======

    2014-03-08 11:59 - 2014-03-08 11:59 - 00017671 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
    2014-03-08 11:59 - 2014-03-05 14:34 - 00000000 ____D () C:\FRST
    2014-03-08 11:56 - 2010-01-06 14:29 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-08 11:51 - 2006-03-06 20:58 - 01663121 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-03-08 11:48 - 2010-01-06 14:29 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-08 11:48 - 2002-12-24 06:29 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-03-08 11:46 - 2002-12-24 07:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-03-08 11:46 - 2002-12-23 23:37 - 00000157 _____ () C:\WINDOWS\wiadebug.log
    2014-03-08 11:46 - 2002-12-23 23:37 - 00000048 _____ () C:\WINDOWS\wiaservc.log
    2014-03-08 11:45 - 2012-12-30 15:25 - 00032404 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-03-08 11:45 - 2006-03-06 18:39 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini
    2014-03-08 11:37 - 2014-03-08 11:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2014-03-08 11:36 - 2014-03-08 11:36 - 00000000 ____D () C:\_OTM
    2014-03-08 11:36 - 2014-03-02 19:58 - 00219093 _____ () C:\WINDOWS\setupapi.log
    2014-03-08 11:36 - 2012-05-06 20:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-03-08 11:30 - 2011-04-22 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
    2014-03-08 11:29 - 2011-04-22 12:25 - 00000000 ____D () C:\WINDOWS\system32\Drivers\AVG
    2014-03-07 21:11 - 2006-03-12 13:11 - 00000340 _____ () C:\WINDOWS\Tasks\HP Usg Daily.job
    2014-03-07 21:05 - 2014-03-05 13:47 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Unused Desktop Shortcuts
    2014-03-07 21:04 - 2014-03-06 17:04 - 00000412 _____ () C:\WINDOWS\Tasks\At2.job
    2014-03-07 21:01 - 2014-03-06 17:02 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
    2014-03-07 20:14 - 2014-03-07 20:06 - 00001578 _____ () C:\Documents and Settings\User\Desktop\SystemLook.txt
    2014-03-07 20:04 - 2014-03-07 20:03 - 00139264 _____ () C:\Documents and Settings\User\Desktop\SystemLook.exe
    2014-03-07 18:11 - 2009-06-24 22:53 - 00000000 __HDC () C:\WINDOWS\ie8
    2014-03-07 17:19 - 2008-07-23 11:17 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{1B35155B-B273-4F78-A4C9-B3AD29E35858}.job
    2014-03-07 16:04 - 2014-03-07 16:04 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Malwarebytes
    2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-03-07 15:56 - 2014-03-07 15:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\User\Desktop\mbam-setup-1.75.0.1300.exe
    2014-03-06 17:56 - 2014-03-06 17:56 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-03-06 17:55 - 2013-02-09 14:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-03-06 17:43 - 2014-03-06 17:27 - 00000000 ____D () C:\AdwCleaner
    2014-03-06 17:31 - 2014-03-06 17:31 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\SlimWare Utilities Inc
    2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Program Files\OutfoxTV
    2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\OutfoxTV
    2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Downloaded Installers
    2014-03-06 17:26 - 2014-03-06 17:26 - 00930952 _____ (CNET Download.com) C:\Documents and Settings\User\Desktop\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe
    2014-03-06 17:00 - 2014-03-06 17:00 - 01037734 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
    2014-03-06 16:37 - 2014-03-06 16:33 - 01145344 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
    2014-03-05 22:51 - 2014-03-05 22:51 - 00010663 ____C () C:\Rkill1.txt
    2014-03-05 22:51 - 2014-03-05 22:39 - 00043974 ____C () C:\Rkill2.txt
    2014-03-05 22:46 - 2014-03-05 22:46 - 00038874 ____C () C:\Rkill4.txt
    2014-03-05 22:43 - 2014-03-05 22:46 - 00035407 ____C () C:\Rkill3.txt
    2014-03-05 14:24 - 2014-03-05 14:18 - 00213888 ____C () C:\Rkill.txt
    2014-03-05 12:47 - 2014-03-05 11:49 - 00000000 ____D () C:\WINDOWS\ERDNT
    2014-03-05 12:36 - 2014-03-05 12:51 - 00451108 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-125113.backup
    2014-03-05 12:24 - 2014-03-05 12:24 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
    2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Program Files\ERUNT
    2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    2014-03-03 11:30 - 2006-03-06 18:39 - 00001599 _____ () C:\Documents and Settings\User\Start Menu\Programs\Remote Assistance.lnk
    2014-03-03 11:23 - 2002-12-24 07:43 - 00001599 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
    2014-03-03 11:22 - 2007-07-09 11:03 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
    2014-03-02 22:57 - 2013-02-23 14:11 - 00000000 ____D () C:\Program Files\Settings Alerter
    2014-03-02 21:22 - 2012-09-05 09:44 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
    2014-03-02 21:22 - 2011-12-08 17:31 - 00000000 ____D () C:\WINDOWS\system32\cache
    2014-03-02 19:57 - 2006-03-10 13:07 - 00003503 _____ () C:\WINDOWS\wininit.ini
    2014-03-02 18:39 - 2014-03-05 12:36 - 00446704 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-123626.backup
    2014-03-02 18:33 - 2006-10-08 18:00 - 00000000 ____D () C:\Program Files\Java
    2014-03-02 18:21 - 2006-03-22 16:42 - 00000000 ____D () C:\WINDOWS\Corel
    2014-03-02 18:00 - 2011-03-24 22:37 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
    2014-03-02 18:00 - 2008-09-29 19:31 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
    2014-03-02 17:50 - 2006-03-15 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
    2014-03-02 17:24 - 2007-11-10 18:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
    2014-03-02 17:24 - 2006-05-06 16:51 - 00000000 ____D () C:\Program Files\Google
    2014-03-02 17:24 - 2006-05-06 16:51 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Google
    2014-03-01 21:59 - 2012-06-20 15:22 - 00859072 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
    2014-03-01 21:59 - 2010-12-08 23:57 - 00779704 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
    2014-03-01 21:53 - 2014-03-01 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Weather Alerts
    2014-03-01 21:12 - 2014-03-01 21:09 - 00015385 _____ () C:\WINDOWS\KB2909921-IE8.log
    2014-03-01 21:12 - 2009-06-24 22:57 - 00000000 ____D () C:\WINDOWS\ie8updates
    2014-03-01 21:12 - 2006-03-06 23:59 - 00482093 _____ () C:\WINDOWS\updspapi.log
    2014-03-01 21:12 - 2002-12-23 23:35 - 03283003 _____ () C:\WINDOWS\FaxSetup.log
    2014-03-01 21:12 - 2002-12-23 23:35 - 01270282 _____ () C:\WINDOWS\tsoc.log
    2014-03-01 21:12 - 2002-12-23 23:35 - 00621392 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-03-01 21:12 - 2002-12-23 23:35 - 00518548 _____ () C:\WINDOWS\iis6.log
    2014-03-01 21:12 - 2002-12-23 23:35 - 00166046 _____ () C:\WINDOWS\ocmsn.log
    2014-03-01 21:12 - 2002-12-23 23:35 - 00165529 _____ () C:\WINDOWS\msgsocm.log
    2014-03-01 21:09 - 2013-10-20 20:39 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-03-01 20:49 - 2002-12-23 23:34 - 00570014 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-03-01 20:43 - 2014-03-01 20:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
    2014-03-01 20:43 - 2014-03-01 18:08 - 00011995 _____ () C:\WINDOWS\KB2916036.log
    2014-03-01 20:43 - 2002-12-23 23:35 - 00001355 _____ () C:\WINDOWS\imsins.BAK
    2014-03-01 20:25 - 2014-03-01 20:24 - 00004867 _____ () C:\WINDOWS\KB2909210-IE8.log
    2014-03-01 19:28 - 2012-05-06 20:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-03-01 19:28 - 2011-08-20 11:39 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-03-01 19:19 - 2002-12-23 23:34 - 00220840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-03-01 18:52 - 2014-03-01 18:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
    2014-03-01 18:52 - 2014-03-01 18:51 - 00009419 _____ () C:\WINDOWS\KB2914368.log
    2014-03-01 18:51 - 2014-03-01 18:51 - 00009399 _____ () C:\WINDOWS\KB2904266.log
    2014-03-01 18:51 - 2014-03-01 18:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
    2014-03-01 18:51 - 2007-02-16 00:30 - 00894282 _____ () C:\WINDOWS\system32\TZLog.log
    2014-03-01 18:50 - 2014-03-01 18:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
    2014-03-01 18:50 - 2014-03-01 18:08 - 00016197 _____ () C:\WINDOWS\KB2898715.log
    2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
    2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
    2014-03-01 18:48 - 2014-03-01 18:07 - 00015700 _____ () C:\WINDOWS\KB2893984.log
    2014-03-01 18:48 - 2014-03-01 18:04 - 00014515 _____ () C:\WINDOWS\KB2892075.log
    2014-03-01 18:47 - 2014-03-01 18:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
    2014-03-01 18:47 - 2014-03-01 18:07 - 00014503 _____ () C:\WINDOWS\KB2893294.log
    2014-03-01 18:46 - 2014-03-01 18:46 - 00007706 _____ () C:\WINDOWS\KB2900986.log
    2014-03-01 18:46 - 2014-03-01 18:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
    2014-03-01 18:46 - 2014-03-01 18:07 - 00014365 _____ () C:\WINDOWS\KB2876331.log
    2014-03-01 18:45 - 2014-03-01 18:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
    2014-03-01 18:45 - 2014-03-01 18:08 - 00013778 _____ () C:\WINDOWS\KB2868626.log
    2014-03-01 18:44 - 2014-03-01 18:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
    2014-03-01 18:43 - 2014-03-01 18:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
    2014-03-01 18:43 - 2014-03-01 18:07 - 00012789 _____ () C:\WINDOWS\KB2862152.log
    2014-03-01 18:36 - 2014-03-01 18:36 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
    2014-03-01 17:18 - 2006-03-10 11:10 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
    2014-02-06 03:54 - 2006-11-07 03:26 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2014-02-06 03:54 - 2002-12-24 06:28 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

    Files to move or delete:
    ====================
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At2.job


    ==================== Bamital & volsnap Check =================

    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================

  10. #20
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please uninstall this from your add/remove programs if possible:

    Quiknowledge
    If it's not listed please just move on.


    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\Run: [OutfoxTV] - C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe [326032 2014-01-28] (Outfox Tv Productions Pty Ltd)
    HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: G - G:\LaunchU3.exe
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outfox.tv/?referid=150
    earchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP39EB8F52-728A-4B52-97F8-70299885813E&q={searchTerms}&SSPV=
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    R2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [312720 2014-01-29] (Outfox Tv Productions Pty Ltd)
    S1 qknfd; system32\drivers\qknfd.sys [X]
    2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Program Files\OutfoxTV
    2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\OutfoxTV
    2014-03-06 17:26 - 2014-03-06 17:26 - 00930952 _____ (CNET Download.com) C:\Documents and Settings\User\Desktop\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe
    2014-03-06 17:04 - 2014-03-07 21:04 - 00000412 _____ () C:\WINDOWS\Tasks\At2.job
    C:\Windows\Tasks\At*.job
    Reboot:
    end
    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~

    Please post fixlist.txt in your next reply.
    Also, how is the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •