DimSpark Posted April 16, 2013 ID:669858 Share Posted April 16, 2013 Every time I open a new tab a Delta search page opens. I have run Malwarebytes three times after uninstalling the program: the first time it removed something. The next two times it has found nothing. Here is dds.txt followed by attach.txtDDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.17.2Run by RICHARD at 14:58:16 on 2013-04-16Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3957.1790 [GMT 1:00].AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exeC:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Windows\system32\DRIVERS\o2flash.exeC:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\thinkbroadband.com\tbbMeter\tbbLoaderService.exeC:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files\Zune\WMZuneComm.exeC:\Program Files\Zune\ZuneWlanCfgSvc.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exeC:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exeC:\Program Files (x86)\Secunia\PSI\psi_tray.exeC:\Users\RICHARD_2\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Users\RICHARD_2\AppData\Roaming\T-Mobile Internet Manager\ouc.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exeC:\Users\RICHARD_2\AppData\Roaming\Trusteer\Rapport\app\bin\RapportService.exeC:\Users\RICHARD_2\AppData\Roaming\Trusteer\Rapport\app\bin\x64\RapportInjService_x64.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.co.uk/uSearch Bar = PreservemSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c6115b5e0000000000000023148dbf58&tlver=1.4.19.19&ss=1&affID=17978mWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllmRun: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" amlmRun: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressbootStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}Trusted Zone: secunia.comDPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CABDPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://secure.stewardship.org.uk/Reserved.ReportViewerWebControl.axd?ReportSession=2qffa42ild5p5p3r1bxu3du4&ControlID=e698378161ca479587222d8079e5b489&Culture=2057&UICulture=2057&ReportStack=1&OpType=PrintCabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.0.1TCP: Interfaces\{30044346-5B93-4C90-BE9B-A13E4F037FC7} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{30044346-5B93-4C90-BE9B-A13E4F037FC7}\05C65737E6564775962756C6563737 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{30044346-5B93-4C90-BE9B-A13E4F037FC7}\3547F6272775966496 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{30044346-5B93-4C90-BE9B-A13E4F037FC7}\84F6C69702144435C4 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{505A6C19-D2F2-4737-8F17-D452849E6578} : DHCPNameServer = 192.168.0.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressbootx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\RICHARD\AppData\Roaming\Mozilla\Firefox\Profiles\7g4bn0kf.default\FF - prefs.js: network.proxy.type - 0FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2011-6-8 18792]R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2011-6-8 89600]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-6 236544]R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2011-6-8 60928]R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]R2 tbbLoaderService;tbbLoaderService;C:\Program Files (x86)\thinkbroadband.com\tbbMeter\tbbLoaderService.exe [2010-10-9 14848]R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-25 2673064]R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2011-6-8 23912]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-9 151936]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-6-3 6952960]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2009-11-13 74272]R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]R3 PSSDK42;PSSDK42;C:\Windows\System32\drivers\pssdk42.sys [2012-3-21 53312]R3 PSSDKLBF;PSSDKLBF;C:\Windows\System32\drivers\pssdklbf.sys [2012-3-21 65600]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-6-9 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2013-1-9 114304]S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2013-1-28 25584]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-14 19456]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-14 57856]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-9 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-04-16 07:46:38 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B209F47F-E3A5-4E82-9066-FDE20A9450EE}\offreg.dll2013-04-16 07:45:18 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B209F47F-E3A5-4E82-9066-FDE20A9450EE}\mpengine.dll2013-04-15 20:12:05 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-04-14 18:16:39 -------- d-----w- C:\Users\RICHARD\AppData\Roaming\WinPatrol2013-04-14 18:16:33 -------- d-----w- C:\ProgramData\InstallMate2013-04-14 18:16:33 -------- d-----w- C:\Program Files (x86)\BillP Studios2013-04-14 09:01:56 -------- d-----w- C:\Users\RICHARD\AppData\Roaming\Malwarebytes2013-04-14 09:01:36 -------- d-----w- C:\ProgramData\Malwarebytes2013-04-14 09:01:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-04-11 12:45:36 -------- d-----w- C:\Users\RICHARD\AppData\Roaming\player2013-04-11 12:39:51 -------- d-----w- C:\Users\RICHARD\AppData\Roaming\Babylon2013-04-11 12:39:51 -------- d-----w- C:\ProgramData\Babylon2013-04-10 19:37:32 3153408 ----a-w- C:\Windows\System32\win32k.sys2013-04-10 19:37:31 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-10 19:37:30 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys2013-04-10 19:37:27 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-04-10 19:37:26 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-04-10 19:37:25 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-04-10 19:37:24 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-04-10 19:37:24 112640 ----a-w- C:\Windows\System32\smss.exe2013-04-10 19:37:23 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-03-31 17:22:55 -------- d-----w- C:\ProgramData\PC-Doctor for Windows2013-03-27 13:45:32 -------- d-----w- C:\Program Files (x86)\ConvertHelper2013-03-21 08:49:24 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C10A6596-BD8E-4DF0-B81C-ADFC5253ED44}\gapaengine.dll.==================== Find3M ====================.2013-04-14 09:17:51 65600 ----a-w- C:\Windows\System32\drivers\pssdklbf.sys2013-04-14 09:17:51 53312 ----a-w- C:\Windows\System32\drivers\pssdk42.sys2013-04-10 11:47:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-04-10 11:47:15 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe2013-03-07 08:26:24 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-03-07 08:26:21 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-03-07 08:26:21 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys2013-01-20 15:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2013-01-20 15:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys.============= FINISH: 14:58:25.49 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 08/06/2011 21:30:31System Uptime: 15/04/2013 21:20:55 (17 hours ago).Motherboard: Dell Inc. | | 0KVMW2Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | U2E1 | 2267/1333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 466 GiB total, 252.682 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP264: 07/04/2013 09:17:28 - Windows UpdateRP265: 10/04/2013 22:55:31 - Windows UpdateRP266: 11/04/2013 15:02:23 - Quitado VAFPlayerRP267: 11/04/2013 16:19:47 - Windows UpdateRP268: 11/04/2013 20:31:49 - Removed Microsoft .NET Framework 4 ExtendedRP269: 14/04/2013 18:53:05 - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)AccelerometerAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.02)AMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD Media Foundation DecodersAncestral SourcesApple Application SupportApple Software UpdateAudacity 2.0Avanquest updateBasic PAYE ToolsBlue Chip BridgeCatalyst Control CenterCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishConvertHelper 2.2CutePDF Writer 2.8D3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell Driver Download ManagerDell Support CenterDoubleCAD XT Pro 3Excel VBA Code Cleaner 5.0Family Historian 5.0Family Historian PDF (novaPDF 7.7 printer)Family Historian PDF File (novaPDF 6.1 printer)FreeCAD 0.11GenQuiryGIMP 2.8.0GPL GhostscriptIDT AudioImageMagick 6.8.0-3 Q16 (2012-11-01)Intel® Turbo Boost Technology DriverJava 7 Update 17Java Auto UpdaterJunk Mail filter updateKeePass Password Safe 2.18LAME v3.99.3 (for Windows)Malwarebytes Anti-Malware version 1.75.0.1300Membership Co-ordinatorMesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft Access 2010 Runtime Service Pack 1 (SP1)Microsoft Access database engine 2010 (English)Microsoft Access Runtime 2010Microsoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access Runtime 2010Microsoft Office Access Runtime MUI (English) 2010Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2007Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual FoxPro OLE DB ProviderMoneysoft Money ManagerMotoHelper 2.1.32 Driver 5.4.0MotoHelper MergeModulesMotorola Mobile Drivers Installation 5.4.0Motorola Phone ToolsMotorola Software UpdateMozilla Firefox 20.0.1 (x86 en-GB)Mozilla Maintenance ServiceMozilla Thunderbird 17.0.5 (x86 en-GB)MSVCRTMSVCRT_amd64MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)O2Micro Flash Memory Card Windows Driveroffice Convert Pdf to Jpg Jpeg Tiff Free 6.5OmniPage SEQuickset64QuickTimeRapportRealtek Ethernet Controller Driver For Windows Vista and LaterSecunia PSI (3.0.0.6001)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687499) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760416) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSynaptics Pointing Device DriverT-Mobile Internet ManagertbbMetertbbMeter Loader ServiceTeamViewer 7Total Access Components Runtime 32-bitUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Mobile Device Updater ComponentWinPatrolZIP Reader 8.00.0010ZuneZune Language Pack (CHS)Zune Language Pack (CHT)Zune Language Pack (CSY)Zune Language Pack (DAN)Zune Language Pack (DEU)Zune Language Pack (ELL)Zune Language Pack (ESP)Zune Language Pack (FIN)Zune Language Pack (FRA)Zune Language Pack (HUN)Zune Language Pack (IND)Zune Language Pack (ITA)Zune Language Pack (JPN)Zune Language Pack (KOR)Zune Language Pack (MSL)Zune Language Pack (NLD)Zune Language Pack (NOR)Zune Language Pack (PLK)Zune Language Pack (PTB)Zune Language Pack (PTG)Zune Language Pack (RUS)Zune Language Pack (SVE).==== Event Viewer Messages From Past Week ========.15/04/2013 05:45:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1816.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.14/04/2013 09:15:41, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.11/04/2013 16:29:15, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.11/04/2013 16:29:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}11/04/2013 16:29:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}11/04/2013 16:29:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}11/04/2013 16:29:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}11/04/2013 16:29:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/04/2013 16:29:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}11/04/2013 16:28:48, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf11/04/2013 16:28:48, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/04/2013 16:28:48, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/04/2013 16:28:48, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.11/04/2013 16:28:48, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/04/2013 16:28:48, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/04/2013 16:28:48, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.11/04/2013 16:28:48, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/04/2013 16:28:48, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/04/2013 16:28:48, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/04/2013 16:28:48, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.10/04/2013 14:02:54, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted April 16, 2013 ID:669860 Share Posted April 16, 2013 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller 32 bit to your desktop.RogueKiller<---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes)P2P Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.MrCNote:Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>Please stick with me until I give you the "all clear".------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
DimSpark Posted April 16, 2013 Author ID:669885 Share Posted April 16, 2013 Thank you for prompt reply. Here is the output of RogueKiller:RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo...13-roguekiller/Website : http://tigzy.geeksto...roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : RICHARD [Admin rights]Mode : Scan -- Date : 04/16/2013 16:02:44| ARK || FAK || MBR |¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] ouc.exe -- C:\Users\RICHARD_2\AppData\Roaming\T-Mobile Internet Manager\ouc.exe [-] -> KILLED [TermProc]¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST9500420AS ATA Device +++++--- User ---[MBR] 1bfbe9613a122c476949751afd6d31a0[bSP] 498719cb6a5d1c5795f9b0afd625ea53 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_04162013_02d1602.txt >>RKreport[1]_S_04162013_02d1602.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 16, 2013 ID:669888 Share Posted April 16, 2013 Please download AdwCleaner from here and save it on your Desktop. AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:/DisableAskDetection - This option disables Ask Toolbar detection.MrC Link to post Share on other sites More sharing options...
DimSpark Posted April 16, 2013 Author ID:669907 Share Posted April 16, 2013 Found nothing listed below that I want to keep: except perhaps the clean preferences file? File : C:\Users\RICHARD\AppData\Roaming\Mozilla\Firefox\Profiles\7g4bn0kf.default\prefs.js# AdwCleaner v2.200 - Logfile created 04/16/2013 at 16:29:17# Updated 02/04/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : RICHARD - RICHARD-PC# Boot Mode : Normal# Running from : C:\Users\RICHARD_2\Downloads\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xmlFile Found : C:\Users\RICHARD_2\AppData\Roaming\Mozilla\Firefox\Profiles\cc7n4mty.default\bprotector_extensions.sqliteFile Found : C:\Users\RICHARD_2\AppData\Roaming\Mozilla\Firefox\Profiles\cc7n4mty.default\bprotector_prefs.jsFolder Found : C:\ProgramData\BabylonFolder Found : C:\ProgramData\InstallMateFolder Found : C:\Users\RICHARD\AppData\Local\PackageAwareFolder Found : C:\Users\RICHARD\AppData\LocalLow\BabylonToolbarFolder Found : C:\Users\RICHARD\AppData\Roaming\BabylonFolder Found : C:\Users\RICHARD_2\AppData\Local\PackageAwareFolder Found : C:\Users\RICHARD_2\AppData\LocalLow\BabylonToolbarFolder Found : C:\Windows\SysWOW64\TempDir***** [Registry] *****Key Found : HKCU\Software\BabylonToolbarKey Found : HKCU\Software\DataMngrKey Found : HKCU\Software\DataMngr_ToolbarKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Found : HKCU\Software\80dfd8b16ee914Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKLM\Software\BabylonKey Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1Key Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}Key Found : HKLM\Software\DataMngrKey Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCSKey Found : HKLM\SOFTWARE\Wow6432Node\80dfd8b16ee914Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcbKey Found : HKU\S-1-5-21-3608312683-3348983213-1428891598-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16537[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c6115b5e0000000000000023148dbf58&tlver=1.4.19.19&ss=1&affID=17978-\\ Mozilla Firefox v20.0.1 (en-GB)File : C:\Users\RICHARD\AppData\Roaming\Mozilla\Firefox\Profiles\7g4bn0kf.default\prefs.js[OK] File is clean.File : C:\Users\RICHARD_2\AppData\Roaming\Mozilla\Firefox\Profiles\cc7n4mty.default\prefs.jsFound : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?affID=120519&babsrc=NT_ss&mntrId=C611[...]*************************AdwCleaner[R1].txt - [3364 octets] - [16/04/2013 16:29:17]########## EOF - \AdwCleaner[R1].txt - [3424 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted April 16, 2013 ID:669942 Share Posted April 16, 2013 Those are OK.Please create a new system restore point before continuing.Some adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Then......and let me know how it is.If there's still a problem.........Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://www.itxassoci...T-Tools/OTL.exehttp://oldtimer.geekstogo.com/OTL.com (<---renamed version)Save it to your desktop.Double click on the icon on your desktop.Click the Scan All Users checkbox.Push the Quick Scan button.The scan will take about 10 minutes...depends on your hard drive size.Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedMrC Link to post Share on other sites More sharing options...
DimSpark Posted April 16, 2013 Author ID:669964 Share Posted April 16, 2013 All seems to be working well thank you.# AdwCleaner v2.200 - Logfile created 04/16/2013 at 17:35:07# Updated 02/04/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : RICHARD - RICHARD-PC# Boot Mode : Normal# Running from : C:\Users\RICHARD_2\Downloads\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xmlFile Deleted : C:\Users\RICHARD_2\AppData\Roaming\Mozilla\Firefox\Profiles\cc7n4mty.default\bprotector_extensions.sqliteFile Deleted : C:\Users\RICHARD_2\AppData\Roaming\Mozilla\Firefox\Profiles\cc7n4mty.default\bprotector_prefs.jsFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\InstallMateFolder Deleted : C:\Users\RICHARD\AppData\Local\PackageAwareFolder Deleted : C:\Users\RICHARD\AppData\LocalLow\BabylonToolbarFolder Deleted : C:\Users\RICHARD\AppData\Roaming\BabylonFolder Deleted : C:\Users\RICHARD_2\AppData\Local\PackageAwareFolder Deleted : C:\Users\RICHARD_2\AppData\LocalLow\BabylonToolbarFolder Deleted : C:\Windows\SysWOW64\TempDir***** [Registry] *****Key Deleted : HKCU\Software\BabylonToolbarKey Deleted : HKCU\Software\DataMngrKey Deleted : HKCU\Software\DataMngr_ToolbarKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKCU\Software\80dfd8b16ee914Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKLM\Software\BabylonKey Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCSKey Deleted : HKLM\SOFTWARE\Wow6432Node\80dfd8b16ee914Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16537Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c6115b5e0000000000000023148dbf58&tlver=1.4.19.19&ss=1&affID=17978 --> hxxp://www.google.com-\\ Mozilla Firefox v20.0.1 (en-GB)File : C:\Users\RICHARD\AppData\Roaming\Mozilla\Firefox\Profiles\7g4bn0kf.default\prefs.jsC:\Users\RICHARD\AppData\Roaming\Mozilla\Firefox\Profiles\7g4bn0kf.default\user.js ... Deleted ![OK] File is clean.File : C:\Users\RICHARD_2\AppData\Roaming\Mozilla\Firefox\Profiles\cc7n4mty.default\prefs.jsDeleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?affID=120519&babsrc=NT_ss&mntrId=C611[...]*************************AdwCleaner[R1].txt - [3487 octets] - [16/04/2013 16:29:17]AdwCleaner[R2].txt - [3547 octets] - [16/04/2013 17:34:49]AdwCleaner[s1].txt - [3532 octets] - [16/04/2013 17:35:07]########## EOF - \AdwCleaner[s1].txt - [3592 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted April 16, 2013 ID:669967 Share Posted April 16, 2013 Good.......Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
DimSpark Posted April 16, 2013 Author ID:670029 Share Posted April 16, 2013 Checkup.txt attachedcheckup.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 16, 2013 ID:670033 Share Posted April 16, 2013 Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.6001) Malwarebytes Anti-Malware version 1.75.0.1300 Excel VBA Code Cleaner 5.0 Java 7 Update 17 Adobe Flash Player 11.7.700.169 Adobe Reader XI Mozilla Firefox (20.0.1) Mozilla Thunderbird (17.0.5) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe WinPatrol winpatrol.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted April 16, 2013 ID:670036 Share Posted April 16, 2013 Looks Good........A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comhttp://www.itxassociates.com/OT-Tools/OTL.exeSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 18, 2013 ID:671190 Share Posted April 18, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts