@m_a_k

We shall remove all malware from your system and then I will ask FRST Quarantine folder for analysis. First things first …

MCShield has been detect malware source in the third USB mem device (the latest one that you have been attach to USB for MCShield scanning ) and malware is removed now.

Please do the following:

----- FIX -----

  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

START
File: C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [usbAl] - C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\usbAl.vbs [150772 2013-07-28] () <===== ATTENTION
HKCU\...\Run: [usbAl] - C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\usbAl.vbs [150772 2013-07-28] () <===== ATTENTION
Startup: C:\Documents and Settings\Windows XP Pro\Start Menu\Programs\Startup\usbAl.vbs ()
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=BCB3001E8C0CDCC4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=BCB3001E8C0CDCC4
FF SearchPlugin: C:\Documents and Settings\Windows XP Pro\Application Data\Mozilla\Firefox\Profiles\2186w7x4.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Documents and Settings\Windows XP Pro\Application Data\Mozilla\Firefox\Profiles\2186w7x4.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
C:\Documents and Settings\Windows XP Pro\Application Data\Mozilla\Firefox\Profiles\2186w7x4.default\searchplugins\BrowserProtect.xml
C:\Documents and Settings\Windows XP Pro\Application Data\Mozilla\Firefox\Profiles\2186w7x4.default\searchplugins\delta.xml
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
File: C:\WINDOWS\system32\ztvunrar36.dll
C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\usbAl.vbs
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
CMD: ipconfig /flushdns
Hosts:
END
  1. Save notepad as fixlist.txt
    NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  2. Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

----- next -----

Re-check:
Re-run FRST, just hit Scan button and attach here fresh created FRST.txt logreport.

----- next -----

Please find C:\FRST[b]Quarantine[/b] folder, zip-it / rar-it with password and please upload file here:

http://www.wikisend.com

Please post me here download link.