Jump to content


Photo
- - - - -

TornTV, Yontoo causing terribly slowing of pc

TornTV and Yontoo

  • This topic is locked This topic is locked
10 replies to this topic

#1 YKBH76

YKBH76

    New Member

  • Members
  • Pip
  • 5 posts

Posted 24 February 2013 - 08:30 AM

I recently download a bittorent software and I think it's a malware, because I found my pc when terribly slow and on a few occasions hanged. I found out that TornTV and Funmoods icons appeared on the desktop and I uninstaled it as well. However my pc remains slow and when I recheck, I found that there is a Yoontoo software appeared in the programme files. I googled and found that its a virus. I tried to scan with malwarebyte software and it detected and help to remove Funmood hidden files but my pc remains slower than ever. I am not good at computer, please help me...

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 February 2013 - 10:07 AM

Hello YKBH76 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here:
http://forums.malwar...?showtopic=9573
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 YKBH76

YKBH76

    New Member

  • Members
  • Pip
  • 5 posts

Posted 26 February 2013 - 01:30 PM

Dear Mr Maniac, I have followed your instruction and the following is my log:

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_31
Run by DELL at 2:18:22 on 2013-02-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2033 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\tsnp2uvc.exe
C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe
C:\Program Files\YouSendIt Desktop App\YSIAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Remote Monitoring\SWatch.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\TruDirect\TruDirectTray.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sp/*http://www.yahoo.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\users\dell\appdata\roaming\complitly\Complitly.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - c:\program files\searchpredict\SearchPredict.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [SWatch] c:\program files\remote monitoring\SWatch.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Google Pinyin 3 Autoupdater] "c:\program files\google\google pinyin 3\GooglePinyinDaemon.exe"
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [Yousendit Sync Agent] "c:\program files\yousendit desktop app\YSIAgent.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
StartupFolder: c:\users\dell\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\dell\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellto~1.lnk - c:\program files\dell touch zone\fingertapps.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\trudir~1.lnk - c:\program files\trudirect\TruDirectTray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4EA947F1-A681-45DB-B559-C08D62AB96D0}\B67716E6764756F60457E6966696 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{50CF9583-3BD1-47CF-81C8-001C4B6BC7F6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5B9C5F34-47E6-4E4D-8F13-89FA3D1128C2} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5B9C5F34-47E6-4E4D-8F13-89FA3D1128C2}\033323933414 : DHCPNameServer = 122.255.99.228 122.255.99.236
TCP: Interfaces\{CE3F99D3-C880-4B71-BF95-418AD90D1DFB} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dell\appdata\roaming\mozilla\firefox\profiles\pby1gvco.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=115
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\internet explorer\pplite\plugin\npplugin2.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 41bdcba8-6173-4a64-a746-da2f026e34a4
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 6ab32309000000000000bcaec59b168e
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15758
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.09:03:48
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 MpKsl5a0921a9;MpKsl5a0921a9;c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\MpKsl5a0921a9.sys [2013-2-27 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-12 116608]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-10-18 47640]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-25 25824]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2011-4-4 185632]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-2 14088]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-31 2754984]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-3-10 594976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-7 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-1 183560]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-16 80824]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-5 39272]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2011-4-4 807936]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-2-16 181432]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-5 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
FileExt: .chm: chm.file="c:\windows\hh.exe" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-26 18:13:30 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\MpKsl5a0921a9.sys
2013-02-26 04:04:10 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\mpengine.dll
2013-02-24 16:41:38 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-02-24 16:07:00 -------- d-----w- c:\users\dell\appdata\roaming\SUPERAntiSpyware.com
2013-02-24 16:06:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-02-24 16:06:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-24 12:50:51 -------- d-----w- c:\users\dell\appdata\roaming\Malwarebytes
2013-02-24 12:50:20 -------- d-----w- c:\programdata\Malwarebytes
2013-02-24 12:50:18 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-24 12:50:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-24 12:49:56 -------- d-----w- c:\users\dell\appdata\local\Programs
2013-02-22 01:49:58 -------- d-----w- c:\users\dell\appdata\roaming\TuneUp Software
2013-02-22 01:49:41 -------- d-----w- c:\programdata\TuneUp Software
2013-02-22 01:49:21 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-22 01:49:21 -------- d--h--w- c:\programdata\Common Files
2013-02-22 01:49:08 -------- d-----w- c:\users\dell\appdata\roaming\Complitly
2013-02-22 01:49:08 -------- d-----w- c:\program files\Complitly
2013-02-22 01:48:09 893560 ----a-w- c:\program files\common files\AutoCompletePro.exe
2013-02-22 01:48:05 -------- d-----w- c:\users\dell\appdata\roaming\OpenCandy
2013-02-22 01:48:05 -------- d-----w- c:\program files\Free YouTube Downloader
2013-02-22 01:03:11 -------- d-----w- c:\programdata\Babylon
2013-02-22 01:03:10 -------- d-----w- c:\users\dell\appdata\roaming\Babylon
2013-02-18 23:41:49 -------- d-----w- c:\users\dell\appdata\roaming\Funmoods
2013-02-18 23:41:28 -------- d-----w- c:\program files\Yontoo
2013-02-18 23:41:19 -------- d-----w- c:\programdata\Tarma Installer
2013-02-18 23:41:07 -------- d-----w- c:\program files\TornTV.com
2013-02-18 06:45:25 -------- d-----w- c:\users\dell\appdata\roaming\BitTorrent
2013-02-14 19:10:49 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-02-08 08:23:35 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-04 08:39:46 24576 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ssb3mpc.dll
2013-01-31 02:42:40 5999736 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2013-02-08 08:23:40 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 08:23:40 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-05 05:02:17 3957608 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:02:17 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:55:21 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 04:55:09 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 04:50:40 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:46:33 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-04 03:00:30 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:59:29 271360 ----a-w- c:\windows\system32\conhost.exe
2013-01-04 02:43:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-12-16 14:25:27 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25:19 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 05:04:20 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- c:\windows\system32\gameux.dll
.
============= FINISH: 2:18:31.04 ===============


Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/4/2011 2:43:35 AM
System Uptime: 2/25/2013 11:49:08 AM (39 hours ago)
.
Motherboard: Dell Inc. | | 0N826N
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2933/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 27.521 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 12.211 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 5.828 GiB free.
F: is FIXED (NTFS) - 10 GiB total, 9.674 GiB free.
G: is FIXED (NTFS) - 95 GiB total, 87.727 GiB free.
H: is FIXED (NTFS) - 15 GiB total, 8.463 GiB free.
I: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP425: 2/23/2013 6:25:18 AM - Windows Update
RP426: 2/26/2013 12:02:21 PM - Windows Update
.
==== Installed Programs ======================
.
??????? 3.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Asus 802.11n Network Adapter
Bing Bar
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Complitly
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Support Center
Dell Touch Zone
Delta Chrome Toolbar
DolbyFiles
Download Accelerator Plus (DAP)
Dropbox
DVDFab 8.2.1.0 (07/09/2012) Qt
Free YouTube Downloader 3.5.134
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Photo Creations
IBM SPSS Statistics 20
iCloud
ImagXpress
InCD Help
iTunes
Java Auto Updater
Java™ 6 Update 31
K-Lite Mega Codec Pack 7.0.0
LogMeIn
Malwarebytes Anti-Malware version 1.70.0.1100
Memeo Instant Backup
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Templates - Starter Kit
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Photo Creations (Photobookmart Edition)
Nero 10 Movie ThemePack Basic
Nero 9 Essentials
Nero BurnRights
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero BurnRights Help
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express 10
Nero Express 10 Help (CHM)
Nero Express Help
Nero InfoTool
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero InfoTool Help
Nero Installer
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero Online Upgrade
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero StartSmart Help
Nero StartSmart OEM
Nero Update
Nero Vision
Nero Vision Help
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Photobook Designer
Picasa 3
PIXAJOY Editor
QuickTime
Ralink RT2870 Wireless LAN Card
Remote Monitoring Version 1.4
Safari
Seagate Dashboard
SecuExpress 2
SecuExpress 2 Remote
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype™ 6.2
SoundTrax
SpeedBit Video Accelerator
SpeedBit Video Downloader
SUPERAntiSpyware
TeamViewer 7
TruDirect
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
USB Video Device
VLC media player 2.0.1
Vprint Creator
Windows Live Communications Platform
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
WinRAR 4.00 (32-bit)
Yahoo! Toolbar
Yontoo 1.12.02
YouSendIt Desktop App
.
==== Event Viewer Messages From Past Week ========
.
2/24/2013 7:38:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/24/2013 7:36:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/24/2013 7:36:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/24/2013 7:36:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/24/2013 7:36:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/24/2013 7:36:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/24/2013 7:36:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
2/24/2013 7:26:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.304.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
2/24/2013 7:26:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.304.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
2/22/2013 11:26:53 AM, Error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
.
==== End Of File ===========================


Please help me. Thanks.

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 February 2013 - 04:49 AM

Step 1

Please uninstall the following applications:

Ask Toolbar
Delta Chrome Toolbar
Yontoo 1.12.02



Step 2

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 YKBH76

YKBH76

    New Member

  • Members
  • Pip
  • 5 posts

Posted 27 February 2013 - 07:58 AM

Dear Mr Maniac, I have followed your instruction except I can't find Ask toolbar in my programme list hence didn't uninstall it, here are all the logs:
  • Junkware Removal Tool log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x86
Ran by DELL on Wed 02/27/2013 at 20:25:11.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{0329e7d6-6f54-462d-93f6-f5c3118badf2}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{0329e7d6-6f54-462d-93f6-f5c3118badf2}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2109891866-211909989-2525062061-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}

~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\baidu
Successfully deleted: [Registry Key] hkey_current_user\software\complitly
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\funmoods
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\complitly.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\suggestmeyes.suggestmeyesbho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\suggestmeyes.suggestmeyesbho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0329e7d6-6f54-462d-93f6-f5c3118badf2}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0fb6a909-6086-458f-bd92-1f8ee10042a0}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0fb6a909-6086-458f-bd92-1f8ee10042a0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"
Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar"

~~~ Files
Successfully deleted: [File] "C:\Windows\system32\roboot.exe"

~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\complitly"
Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\funmoods"
Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\DELL\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\DELL\appdata\local\tempdir"
Successfully deleted: [Folder] "C:\Users\DELL\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\DELL\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\DELL\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\DELL\appdata\locallow\toolbar4"
Failed to delete: [Folder] "C:\Program Files\complitly"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ FireFox
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\user.js
Successfully deleted: [File] C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\searchplugins\delta.xml
Successfully deleted: [Folder] C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\extensions\toolbar@ask.com
Successfully deleted: [Folder] C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
Successfully deleted the following from C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\prefs.js
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=6ab32309000000000000bcaec59b168e");
user_pref("browser.search.defaulturl", "hxxp://home.speedbit.com/search.aspx?aff=115&q=");
user_pref("browser.startup.homepage", "hxxp://home.speedbit.com/?aff=115");
user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?aff=115");
user_pref("keyword.URL", "hxxp://home.speedbit.com/search.aspx?aff=115&q=");
Emptied folder: C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\minidumps [1 files]

~~~ Chrome
Successfully deleted: [Folder] C:\Users\DELL\appdata\local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlfienamagdnkekbbbocojppncdambda

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/27/2013 at 20:27:14.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • Malwarebytes' Anti-Malware log:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.27.07
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
DELL :: DELL-PC [administrator]
2/27/2013 8:32:54 PM
mbam-log-2013-02-27 (20-32-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206308
Time elapsed: 10 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

  • a new fresh DDS log:
DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_31
Run by DELL at 20:45:34 on 2013-02-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2003 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\tsnp2uvc.exe
C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe
C:\Program Files\YouSendIt Desktop App\YSIAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Remote Monitoring\SWatch.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\TruDirect\TruDirectTray.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
C:\Windows\system32\notepad.exe
C:\Users\DELL\Desktop\JRT.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sp/*http://www.yahoo.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - c:\program files\searchpredict\SearchPredict.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SWatch] c:\program files\remote monitoring\SWatch.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Google Pinyin 3 Autoupdater] "c:\program files\google\google pinyin 3\GooglePinyinDaemon.exe"
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [Yousendit Sync Agent] "c:\program files\yousendit desktop app\YSIAgent.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
StartupFolder: c:\users\dell\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\dell\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellto~1.lnk - c:\program files\dell touch zone\fingertapps.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\trudir~1.lnk - c:\program files\trudirect\TruDirectTray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4EA947F1-A681-45DB-B559-C08D62AB96D0}\B67716E6764756F60457E6966696 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{50CF9583-3BD1-47CF-81C8-001C4B6BC7F6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5B9C5F34-47E6-4E4D-8F13-89FA3D1128C2} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5B9C5F34-47E6-4E4D-8F13-89FA3D1128C2}\033323933414 : DHCPNameServer = 122.255.99.228 122.255.99.236
TCP: Interfaces\{CE3F99D3-C880-4B71-BF95-418AD90D1DFB} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dell\appdata\roaming\mozilla\firefox\profiles\pby1gvco.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=115
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\internet explorer\pplite\plugin\npplugin2.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 MpKsl5a0921a9;MpKsl5a0921a9;c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\MpKsl5a0921a9.sys [2013-2-27 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-12 116608]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-10-18 47640]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-25 25824]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2011-4-4 185632]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-2 14088]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-31 2754984]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-2-27 40776]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-3-10 594976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-7 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-1 183560]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-16 80824]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-5 39272]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2011-4-4 807936]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-2-16 181432]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-5 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
FileExt: .chm: chm.file="c:\windows\hh.exe" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-27 12:32:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-27 12:25:06 -------- d-----w- c:\windows\ERUNT
2013-02-27 12:24:22 -------- d-----w- C:\JRT
2013-02-26 18:13:30 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\MpKsl5a0921a9.sys
2013-02-26 04:04:10 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\mpengine.dll
2013-02-24 16:41:38 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-02-24 16:07:00 -------- d-----w- c:\users\dell\appdata\roaming\SUPERAntiSpyware.com
2013-02-24 16:06:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-02-24 16:06:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-24 12:50:51 -------- d-----w- c:\users\dell\appdata\roaming\Malwarebytes
2013-02-24 12:50:20 -------- d-----w- c:\programdata\Malwarebytes
2013-02-24 12:50:18 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-24 12:50:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-24 12:49:56 -------- d-----w- c:\users\dell\appdata\local\Programs
2013-02-22 01:49:58 -------- d-----w- c:\users\dell\appdata\roaming\TuneUp Software
2013-02-22 01:49:41 -------- d-----w- c:\programdata\TuneUp Software
2013-02-22 01:49:21 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-22 01:49:21 -------- d--h--w- c:\programdata\Common Files
2013-02-22 01:49:08 -------- d-----w- c:\program files\Complitly
2013-02-22 01:48:09 893560 ----a-w- c:\program files\common files\AutoCompletePro.exe
2013-02-18 23:41:07 -------- d-----w- c:\program files\TornTV.com
2013-02-18 06:45:25 -------- d-----w- c:\users\dell\appdata\roaming\BitTorrent
2013-02-14 19:10:49 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-02-08 08:23:35 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-04 08:39:46 24576 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ssb3mpc.dll
2013-01-31 02:42:40 5999736 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2013-02-08 08:23:40 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 08:23:40 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-05 05:02:17 3957608 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:02:17 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:55:21 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 04:55:09 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 04:50:40 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:46:33 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-04 03:00:30 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:59:29 271360 ----a-w- c:\windows\system32\conhost.exe
2013-01-04 02:43:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-12-16 14:25:27 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25:19 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 05:04:20 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- c:\windows\system32\gameux.dll
.
============= FINISH: 20:47:20.96 ===============





Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/4/2011 2:43:35 AM
System Uptime: 2/25/2013 11:49:08 AM (57 hours ago)
.
Motherboard: Dell Inc. | | 0N826N
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2933/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 30.236 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 12.211 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 5.535 GiB free.
F: is FIXED (NTFS) - 10 GiB total, 9.674 GiB free.
G: is FIXED (NTFS) - 95 GiB total, 87.727 GiB free.
H: is FIXED (NTFS) - 15 GiB total, 8.463 GiB free.
I: is CDROM ()
J: is CDROM ()
K: is FIXED (NTFS) - 932 GiB total, 477.159 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP426: 2/26/2013 12:02:21 PM - Windows Update
RP427: 2/27/2013 8:11:15 PM - Removed Delta Chrome Toolbar
.
==== Installed Programs ======================
.
??????? 3.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Asus 802.11n Network Adapter
Bing Bar
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Complitly
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Support Center
Dell Touch Zone
DolbyFiles
Download Accelerator Plus (DAP)
Dropbox
DVDFab 8.2.1.0 (07/09/2012) Qt
Free YouTube Downloader 3.5.134
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Photo Creations
IBM SPSS Statistics 20
iCloud
ImagXpress
InCD Help
iTunes
Java Auto Updater
Java™ 6 Update 31
K-Lite Mega Codec Pack 7.0.0
LogMeIn
Malwarebytes Anti-Malware version 1.70.0.1100
Memeo Instant Backup
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Templates - Starter Kit
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Photo Creations (Photobookmart Edition)
Nero 10 Movie ThemePack Basic
Nero 9 Essentials
Nero BurnRights
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero BurnRights Help
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express 10
Nero Express 10 Help (CHM)
Nero Express Help
Nero InfoTool
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero InfoTool Help
Nero Installer
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero Online Upgrade
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero StartSmart Help
Nero StartSmart OEM
Nero Update
Nero Vision
Nero Vision Help
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Photobook Designer
Picasa 3
PIXAJOY Editor
QuickTime
Ralink RT2870 Wireless LAN Card
Remote Monitoring Version 1.4
Safari
Seagate Dashboard
SecuExpress 2
SecuExpress 2 Remote
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype™ 6.2
SoundTrax
SpeedBit Video Accelerator
SpeedBit Video Downloader
SUPERAntiSpyware
TeamViewer 7
TruDirect
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
USB Video Device
VLC media player 2.0.1
Vprint Creator
Windows Live Communications Platform
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
WinRAR 4.00 (32-bit)
Yahoo! Toolbar
YouSendIt Desktop App
.
==== End Of File ===========================

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 February 2013 - 05:58 PM

Good!

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 YKBH76

YKBH76

    New Member

  • Members
  • Pip
  • 5 posts

Posted 28 February 2013 - 10:02 AM

Dear Mr Maniac, following is the ESET log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ee9b98c2feb5c94b9eb0a0121ac18e80
# engine=13257
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-28 01:16:41
# local_time=2013-02-28 09:16:41 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 27716296 113688592 0 0
# scanned=831924
# found=19
# cleaned=10
# scan_time=22827
sh=69EFEFD3E494654888514AF528A1252BF56FC447 ft=1 fh=0cd696aee04eb69d vn="Win32/SpeedUpMyPC application" ac=I fn="C:\Users\All Users\SpeedBit\DAP\Offers\speedupmypc.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\AppData\Local\Temp\NERO1005263\unit_app_75\Toolbar.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\AppData\Local\Temp\NERO13390\Toolbar.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\Local Settings\Temp\NERO1005263\unit_app_75\Toolbar.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\Local Settings\Temp\NERO13390\Toolbar.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Users\ANG YIAW KIAN\AppData\Local\Temp\NERO1005263\unit_app_75\Toolbar.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Users\ANG YIAW KIAN\AppData\Local\Temp\NERO13390\Toolbar.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Users\ANG YIAW KIAN\Local Settings\Temp\NERO1005263\unit_app_75\Toolbar.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Users\ANG YIAW KIAN\Local Settings\Temp\NERO13390\Toolbar.exe"
sh=87B5B577B696425B814A5BE4A60867CC83165E5F ft=1 fh=9e637136d803ebab vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2109891866-211909989-2525062061-1000\$RJUS3SM\TuneUp_BitTorrent_PC_2.4.6_CMPID_397.exe"
sh=69EFEFD3E494654888514AF528A1252BF56FC447 ft=1 fh=0cd696aee04eb69d vn="Win32/SpeedUpMyPC application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\SpeedBit\DAP\Offers\speedupmypc.exe"
sh=593C4496AA0E938E8AADB18CAAE5EB68E278810E ft=1 fh=20406d1dbfb52871 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\DELL\AppData\Local\Temp\580C.tmp"
sh=A426A9F68A91311842231DA736BDB0D98C563C78 ft=1 fh=07695b25355574b4 vn="a variant of Win32/Toolbar.Babylon.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\DELL\AppData\Local\Temp\DeltaTB.exe"
sh=3451A1ACDB9D6C4520923E732A6D7993E8197383 ft=1 fh=ed2a770def16c842 vn="a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\DELL\Downloads\FreeYouTubeDownloaderInstaller (1).exe"
sh=3451A1ACDB9D6C4520923E732A6D7993E8197383 ft=1 fh=ed2a770def16c842 vn="a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\DELL\Downloads\FreeYouTubeDownloaderInstaller.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\AppData\Local\Application Data\Temp\NERO1005263\unit_app_75\Toolbar.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\AppData\Local\Application Data\Temp\NERO13390\Toolbar.exe"
sh=844949940EDFA51D38C5FA3294892B92C8D3CF8E ft=1 fh=c71c00116efa4a17 vn="Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL"
sh=B4403810C1DB8482C5A26B418499A8643E4A6410 ft=1 fh=08d890e1afeefad5 vn="Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL"

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 01 March 2013 - 03:47 AM

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 YKBH76

YKBH76

    New Member

  • Members
  • Pip
  • 5 posts

Posted 01 March 2013 - 09:53 AM

Dear Mr Maniac, Thanks for your help, my pc now runs smoother, just that there are files at desktop that occurs spontaneously without me locate them there, eg. desktop.ini, ~$dified letter to ...doc, ~$dified letter.doc, ~WRL0077.tmp, ~WRL2684.tmp, are these files noraml? How to git rid, can i just delete them manually?

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 01 March 2013 - 10:18 AM

Yes, you could manually delete them.

Let's clean these tools:

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, uninstall ESET Online Scanner.

Some malware prevention tips:
users.telenet.be/bluepatchy/miekiemoes/prevention.html


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 03 March 2013 - 11:27 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users