YKBH76

TornTV, Yontoo causing terribly slowing of pc

11 posts in this topic

I recently download a bittorent software and I think it's a malware, because I found my pc when terribly slow and on a few occasions hanged. I found out that TornTV and Funmoods icons appeared on the desktop and I uninstaled it as well. However my pc remains slow and when I recheck, I found that there is a Yoontoo software appeared in the programme files. I googled and found that its a virus. I tried to scan with malwarebyte software and it detected and help to remove Funmood hidden files but my pc remains slower than ever. I am not good at computer, please help me...

Share this post


Link to post
Share on other sites

Hello YKBH76 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

Share this post


Link to post
Share on other sites

Dear Mr Maniac, I have followed your instruction and the following is my log:

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_31

Run by DELL at 2:18:22 on 2013-02-27

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2033 [GMT 8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Ralink\Common\RaRegistry.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\TeamViewer\Version7\tv_w32.exe

C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe

C:\Windows\vsnp2uvc.exe

C:\Windows\tsnp2uvc.exe

C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe

C:\Program Files\YouSendIt Desktop App\YSIAgent.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Remote Monitoring\SWatch.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Ralink\Common\RaUI.exe

C:\Program Files\TruDirect\TruDirectTray.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Memeo\AutoBackup\InstantBackup.exe

C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wermgr.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k swprv

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sp/*http://www.yahoo.com

mStart Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com

BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\users\dell\appdata\roaming\complitly\Complitly.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - c:\program files\searchpredict\SearchPredict.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [sWatch] c:\program files\remote monitoring\SWatch.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Google Pinyin 3 Autoupdater] "c:\program files\google\google pinyin 3\GooglePinyinDaemon.exe"

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe

mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [Yousendit Sync Agent] "c:\program files\yousendit desktop app\YSIAgent.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

StartupFolder: c:\users\dell\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\dell\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellto~1.lnk - c:\program files\dell touch zone\fingertapps.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\trudir~1.lnk - c:\program files\trudirect\TruDirectTray.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: c:\program files\speedbit video accelerator\SBLSP.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{4EA947F1-A681-45DB-B559-C08D62AB96D0}\B67716E6764756F60457E6966696 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{50CF9583-3BD1-47CF-81C8-001C4B6BC7F6} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{5B9C5F34-47E6-4E4D-8F13-89FA3D1128C2} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5B9C5F34-47E6-4E4D-8F13-89FA3D1128C2}\033323933414 : DHCPNameServer = 122.255.99.228 122.255.99.236

TCP: Interfaces\{CE3F99D3-C880-4B71-BF95-418AD90D1DFB} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\dell\appdata\roaming\mozilla\firefox\profiles\pby1gvco.default\

FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q=

FF - prefs.js: browser.search.selectedEngine - SpeedBit Search

FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=115

FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=115&q=

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\internet explorer\pplite\plugin\npplugin2.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\programdata\visan\plugins\npRLSecurePluginLayer.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 41bdcba8-6173-4a64-a746-da2f026e34a4

FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers

.

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - 6ab32309000000000000bcaec59b168e

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15758

FF - user.js: extensions.delta.vrsn - 1.8.10.0

FF - user.js: extensions.delta.vrsni - 1.8.10.0

FF - user.js: extensions.delta.vrsnTs - 1.8.10.09:03:48

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]

R1 MpKsl5a0921a9;MpKsl5a0921a9;c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\MpKsl5a0921a9.sys [2013-2-27 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-12 116608]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 374704]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-10-18 47640]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-25 25824]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2011-4-4 185632]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-2 14088]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]

R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-31 2754984]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-3-10 594976]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-7 161384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-1 183560]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-16 80824]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-5 39272]

S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2011-4-4 807936]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-2-16 181432]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-5 1343400]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== File Associations ===============

.

FileExt: .chm: chm.file="c:\windows\hh.exe" %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-02-26 18:13:30 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\MpKsl5a0921a9.sys

2013-02-26 04:04:10 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\mpengine.dll

2013-02-24 16:41:38 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-02-24 16:07:00 -------- d-----w- c:\users\dell\appdata\roaming\SUPERAntiSpyware.com

2013-02-24 16:06:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-02-24 16:06:47 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-02-24 12:50:51 -------- d-----w- c:\users\dell\appdata\roaming\Malwarebytes

2013-02-24 12:50:20 -------- d-----w- c:\programdata\Malwarebytes

2013-02-24 12:50:18 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-24 12:50:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-02-24 12:49:56 -------- d-----w- c:\users\dell\appdata\local\Programs

2013-02-22 01:49:58 -------- d-----w- c:\users\dell\appdata\roaming\TuneUp Software

2013-02-22 01:49:41 -------- d-----w- c:\programdata\TuneUp Software

2013-02-22 01:49:21 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2013-02-22 01:49:21 -------- d--h--w- c:\programdata\Common Files

2013-02-22 01:49:08 -------- d-----w- c:\users\dell\appdata\roaming\Complitly

2013-02-22 01:49:08 -------- d-----w- c:\program files\Complitly

2013-02-22 01:48:09 893560 ----a-w- c:\program files\common files\AutoCompletePro.exe

2013-02-22 01:48:05 -------- d-----w- c:\users\dell\appdata\roaming\OpenCandy

2013-02-22 01:48:05 -------- d-----w- c:\program files\Free YouTube Downloader

2013-02-22 01:03:11 -------- d-----w- c:\programdata\Babylon

2013-02-22 01:03:10 -------- d-----w- c:\users\dell\appdata\roaming\Babylon

2013-02-18 23:41:49 -------- d-----w- c:\users\dell\appdata\roaming\Funmoods

2013-02-18 23:41:28 -------- d-----w- c:\program files\Yontoo

2013-02-18 23:41:19 -------- d-----w- c:\programdata\Tarma Installer

2013-02-18 23:41:07 -------- d-----w- c:\program files\TornTV.com

2013-02-18 06:45:25 -------- d-----w- c:\users\dell\appdata\roaming\BitTorrent

2013-02-14 19:10:49 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2013-02-08 08:23:35 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-02-04 08:39:46 24576 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ssb3mpc.dll

2013-01-31 02:42:40 5999736 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2013-02-08 08:23:40 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-08 08:23:40 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-01-05 05:02:17 3957608 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-05 05:02:17 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-04 04:55:21 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-04 04:55:09 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-01-04 04:50:40 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:46:33 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-04 03:00:30 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:59:29 271360 ----a-w- c:\windows\system32\conhost.exe

2013-01-04 02:43:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 02:43:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-01-04 02:43:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 02:43:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-12-16 14:25:27 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:25:19 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-07 05:04:20 308736 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 04:57:38 2576384 ----a-w- c:\windows\system32\gameux.dll

.

============= FINISH: 2:18:31.04 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 4/4/2011 2:43:35 AM

System Uptime: 2/25/2013 11:49:08 AM (39 hours ago)

.

Motherboard: Dell Inc. | | 0N826N

Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2933/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 27.521 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 12.211 GiB free.

E: is FIXED (NTFS) - 15 GiB total, 5.828 GiB free.

F: is FIXED (NTFS) - 10 GiB total, 9.674 GiB free.

G: is FIXED (NTFS) - 95 GiB total, 87.727 GiB free.

H: is FIXED (NTFS) - 15 GiB total, 8.463 GiB free.

I: is CDROM ()

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP425: 2/23/2013 6:25:18 AM - Windows Update

RP426: 2/26/2013 12:02:21 PM - Windows Update

.

==== Installed Programs ======================

.

??????? 3.0

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Asus 802.11n Network Adapter

Bing Bar

Bonjour

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Complitly

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Support Center

Dell Touch Zone

Delta Chrome Toolbar

DolbyFiles

Download Accelerator Plus (DAP)

Dropbox

DVDFab 8.2.1.0 (07/09/2012) Qt

Free YouTube Downloader 3.5.134

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

HP Photo Creations

IBM SPSS Statistics 20

iCloud

ImagXpress

InCD Help

iTunes

Java Auto Updater

Java 6 Update 31

K-Lite Mega Codec Pack 7.0.0

LogMeIn

Malwarebytes Anti-Malware version 1.70.0.1100

Memeo Instant Backup

Menu Templates - Starter Kit

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Movie Templates - Starter Kit

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Photo Creations (Photobookmart Edition)

Nero 10 Movie ThemePack Basic

Nero 9 Essentials

Nero BurnRights

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero BurnRights Help

Nero Control Center 10

Nero ControlCenter

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscCopy Gadget 10

Nero DiscCopyGadget 10 Help (CHM)

Nero DiscSpeed

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express 10

Nero Express 10 Help (CHM)

Nero Express Help

Nero InfoTool

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero InfoTool Help

Nero Installer

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10 Essentials

Nero Online Upgrade

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero ShowTime

Nero StartSmart

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero StartSmart Help

Nero StartSmart OEM

Nero Update

Nero Vision

Nero Vision Help

Nero WaveEditor

NeroBurningROM

NeroExpress

neroxml

Photobook Designer

Picasa 3

PIXAJOY Editor

QuickTime

Ralink RT2870 Wireless LAN Card

Remote Monitoring Version 1.4

Safari

Seagate Dashboard

SecuExpress 2

SecuExpress 2 Remote

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype Click to Call

Skype™ 6.2

SoundTrax

SpeedBit Video Accelerator

SpeedBit Video Downloader

SUPERAntiSpyware

TeamViewer 7

TruDirect

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

USB Video Device

VLC media player 2.0.1

Vprint Creator

Windows Live Communications Platform

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

WinRAR 4.00 (32-bit)

Yahoo! Toolbar

Yontoo 1.12.02

YouSendIt Desktop App

.

==== Event Viewer Messages From Past Week ========

.

2/24/2013 7:38:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

2/24/2013 7:36:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/24/2013 7:36:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/24/2013 7:36:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/24/2013 7:36:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/24/2013 7:36:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/24/2013 7:36:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

2/24/2013 7:26:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.304.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

2/24/2013 7:26:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.304.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

2/22/2013 11:26:53 AM, Error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

.

==== End Of File ===========================

Please help me. Thanks.

Share this post


Link to post
Share on other sites

Step 1

Please uninstall the following applications:

Ask Toolbar

Delta Chrome Toolbar

Yontoo 1.12.02

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Share this post


Link to post
Share on other sites

Dear Mr Maniac, I have followed your instruction except I can't find Ask toolbar in my programme list hence didn't uninstall it, here are all the logs:

  • Junkware Removal Tool log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.5 (02.18.2013:1)

OS: Windows 7 Home Premium x86

Ran by DELL on Wed 02/27/2013 at 20:25:11.72

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{0329e7d6-6f54-462d-93f6-f5c3118badf2}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{0329e7d6-6f54-462d-93f6-f5c3118badf2}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2109891866-211909989-2525062061-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon

Successfully deleted: [Registry Key] hkey_current_user\software\baidu

Successfully deleted: [Registry Key] hkey_current_user\software\complitly

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Failed to delete: [Registry Key] hkey_current_user\software\datamngr

Failed to delete: [Registry Key] hkey_local_machine\software\datamngr

Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar

Successfully deleted: [Registry Key] hkey_local_machine\software\funmoods

Successfully deleted: [Registry Key] hkey_current_user\software\softonic

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\complitly.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\suggestmeyes.suggestmeyesbho

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\suggestmeyes.suggestmeyesbho.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook.1

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0329e7d6-6f54-462d-93f6-f5c3118badf2}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0fb6a909-6086-458f-bd92-1f8ee10042a0}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0fb6a909-6086-458f-bd92-1f8ee10042a0}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"

Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"

Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar"

~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\baidu"

Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\complitly"

Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\funmoods"

Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\systweak"

Successfully deleted: [Folder] "C:\Users\DELL\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\DELL\appdata\local\tempdir"

Successfully deleted: [Folder] "C:\Users\DELL\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\DELL\appdata\locallow\delta"

Successfully deleted: [Folder] "C:\Users\DELL\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Users\DELL\appdata\locallow\toolbar4"

Failed to delete: [Folder] "C:\Program Files\complitly"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Program Files\free youtube downloader"

Successfully deleted: [Folder] "C:\Program Files\ask.com"

Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\user.js

Successfully deleted: [File] C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\searchplugins\delta.xml

Successfully deleted: [Folder] C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\extensions\ffxtlbr@babylon.com

Successfully deleted: [Folder] C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\extensions\toolbar@ask.com

Successfully deleted: [Folder] C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}

Successfully deleted the following from C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\prefs.js

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=6ab32309000000000000bcaec59b168e");

user_pref("browser.search.defaulturl", "hxxp://home.speedbit.com/search.aspx?aff=115&q=");

user_pref("browser.startup.homepage", "hxxp://home.speedbit.com/?aff=115");

user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?aff=115");

user_pref("keyword.URL", "hxxp://home.speedbit.com/search.aspx?aff=115&q=");

Emptied folder: C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\pby1gvco.default\minidumps [1 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\DELL\appdata\local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlfienamagdnkekbbbocojppncdambda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 02/27/2013 at 20:27:14.95

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Malwarebytes' Anti-Malware log:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.27.07

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

DELL :: DELL-PC [administrator]

2/27/2013 8:32:54 PM

mbam-log-2013-02-27 (20-32-54).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206308

Time elapsed: 10 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

  • a new fresh DDS log:

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_31

Run by DELL at 20:45:34 on 2013-02-27

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2003 [GMT 8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Ralink\Common\RaRegistry.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\TeamViewer\Version7\tv_w32.exe

C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe

C:\Windows\vsnp2uvc.exe

C:\Windows\tsnp2uvc.exe

C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe

C:\Program Files\YouSendIt Desktop App\YSIAgent.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Remote Monitoring\SWatch.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Ralink\Common\RaUI.exe

C:\Program Files\TruDirect\TruDirectTray.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Memeo\AutoBackup\InstantBackup.exe

C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wermgr.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe

C:\Windows\system32\notepad.exe

C:\Users\DELL\Desktop\JRT.exe

C:\Windows\system32\conhost.exe

C:\Windows\explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sp/*http://www.yahoo.com

mStart Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - c:\program files\searchpredict\SearchPredict.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [sWatch] c:\program files\remote monitoring\SWatch.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Google Pinyin 3 Autoupdater] "c:\program files\google\google pinyin 3\GooglePinyinDaemon.exe"

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe

mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [Yousendit Sync Agent] "c:\program files\yousendit desktop app\YSIAgent.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

StartupFolder: c:\users\dell\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\dell\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellto~1.lnk - c:\program files\dell touch zone\fingertapps.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\trudir~1.lnk - c:\program files\trudirect\TruDirectTray.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: c:\program files\speedbit video accelerator\SBLSP.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{4EA947F1-A681-45DB-B559-C08D62AB96D0}\B67716E6764756F60457E6966696 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{50CF9583-3BD1-47CF-81C8-001C4B6BC7F6} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{5B9C5F34-47E6-4E4D-8F13-89FA3D1128C2} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5B9C5F34-47E6-4E4D-8F13-89FA3D1128C2}\033323933414 : DHCPNameServer = 122.255.99.228 122.255.99.236

TCP: Interfaces\{CE3F99D3-C880-4B71-BF95-418AD90D1DFB} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\dell\appdata\roaming\mozilla\firefox\profiles\pby1gvco.default\

FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q=

FF - prefs.js: browser.search.selectedEngine - SpeedBit Search

FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=115

FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=115&q=

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\internet explorer\pplite\plugin\npplugin2.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\programdata\visan\plugins\npRLSecurePluginLayer.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]

R1 MpKsl5a0921a9;MpKsl5a0921a9;c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\MpKsl5a0921a9.sys [2013-2-27 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-12 116608]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 374704]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-10-18 47640]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-25 25824]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2011-4-4 185632]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-2 14088]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]

R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-31 2754984]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-2-27 40776]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-3-10 594976]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-7 161384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-1 183560]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-16 80824]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-5 39272]

S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2011-4-4 807936]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-2-16 181432]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-5 1343400]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== File Associations ===============

.

FileExt: .chm: chm.file="c:\windows\hh.exe" %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-02-27 12:32:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-02-27 12:25:06 -------- d-----w- c:\windows\ERUNT

2013-02-27 12:24:22 -------- d-----w- C:\JRT

2013-02-26 18:13:30 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\MpKsl5a0921a9.sys

2013-02-26 04:04:10 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd16697f-79ad-4400-96c0-f64c249cb52a}\mpengine.dll

2013-02-24 16:41:38 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-02-24 16:07:00 -------- d-----w- c:\users\dell\appdata\roaming\SUPERAntiSpyware.com

2013-02-24 16:06:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-02-24 16:06:47 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-02-24 12:50:51 -------- d-----w- c:\users\dell\appdata\roaming\Malwarebytes

2013-02-24 12:50:20 -------- d-----w- c:\programdata\Malwarebytes

2013-02-24 12:50:18 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-24 12:50:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-02-24 12:49:56 -------- d-----w- c:\users\dell\appdata\local\Programs

2013-02-22 01:49:58 -------- d-----w- c:\users\dell\appdata\roaming\TuneUp Software

2013-02-22 01:49:41 -------- d-----w- c:\programdata\TuneUp Software

2013-02-22 01:49:21 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2013-02-22 01:49:21 -------- d--h--w- c:\programdata\Common Files

2013-02-22 01:49:08 -------- d-----w- c:\program files\Complitly

2013-02-22 01:48:09 893560 ----a-w- c:\program files\common files\AutoCompletePro.exe

2013-02-18 23:41:07 -------- d-----w- c:\program files\TornTV.com

2013-02-18 06:45:25 -------- d-----w- c:\users\dell\appdata\roaming\BitTorrent

2013-02-14 19:10:49 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2013-02-08 08:23:35 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-02-04 08:39:46 24576 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ssb3mpc.dll

2013-01-31 02:42:40 5999736 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2013-02-08 08:23:40 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-08 08:23:40 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-01-05 05:02:17 3957608 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-05 05:02:17 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-04 04:55:21 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-04 04:55:09 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-01-04 04:50:40 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:46:33 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-04 03:00:30 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:59:29 271360 ----a-w- c:\windows\system32\conhost.exe

2013-01-04 02:43:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 02:43:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-01-04 02:43:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 02:43:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-12-16 14:25:27 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:25:19 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-07 05:04:20 308736 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 04:57:38 2576384 ----a-w- c:\windows\system32\gameux.dll

.

============= FINISH: 20:47:20.96 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 4/4/2011 2:43:35 AM

System Uptime: 2/25/2013 11:49:08 AM (57 hours ago)

.

Motherboard: Dell Inc. | | 0N826N

Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2933/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 30.236 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 12.211 GiB free.

E: is FIXED (NTFS) - 15 GiB total, 5.535 GiB free.

F: is FIXED (NTFS) - 10 GiB total, 9.674 GiB free.

G: is FIXED (NTFS) - 95 GiB total, 87.727 GiB free.

H: is FIXED (NTFS) - 15 GiB total, 8.463 GiB free.

I: is CDROM ()

J: is CDROM ()

K: is FIXED (NTFS) - 932 GiB total, 477.159 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP426: 2/26/2013 12:02:21 PM - Windows Update

RP427: 2/27/2013 8:11:15 PM - Removed Delta Chrome Toolbar

.

==== Installed Programs ======================

.

??????? 3.0

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Asus 802.11n Network Adapter

Bing Bar

Bonjour

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Complitly

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Support Center

Dell Touch Zone

DolbyFiles

Download Accelerator Plus (DAP)

Dropbox

DVDFab 8.2.1.0 (07/09/2012) Qt

Free YouTube Downloader 3.5.134

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

HP Photo Creations

IBM SPSS Statistics 20

iCloud

ImagXpress

InCD Help

iTunes

Java Auto Updater

Java 6 Update 31

K-Lite Mega Codec Pack 7.0.0

LogMeIn

Malwarebytes Anti-Malware version 1.70.0.1100

Memeo Instant Backup

Menu Templates - Starter Kit

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Movie Templates - Starter Kit

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Photo Creations (Photobookmart Edition)

Nero 10 Movie ThemePack Basic

Nero 9 Essentials

Nero BurnRights

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero BurnRights Help

Nero Control Center 10

Nero ControlCenter

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscCopy Gadget 10

Nero DiscCopyGadget 10 Help (CHM)

Nero DiscSpeed

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express 10

Nero Express 10 Help (CHM)

Nero Express Help

Nero InfoTool

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero InfoTool Help

Nero Installer

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10 Essentials

Nero Online Upgrade

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero ShowTime

Nero StartSmart

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero StartSmart Help

Nero StartSmart OEM

Nero Update

Nero Vision

Nero Vision Help

Nero WaveEditor

NeroBurningROM

NeroExpress

neroxml

Photobook Designer

Picasa 3

PIXAJOY Editor

QuickTime

Ralink RT2870 Wireless LAN Card

Remote Monitoring Version 1.4

Safari

Seagate Dashboard

SecuExpress 2

SecuExpress 2 Remote

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype Click to Call

Skype™ 6.2

SoundTrax

SpeedBit Video Accelerator

SpeedBit Video Downloader

SUPERAntiSpyware

TeamViewer 7

TruDirect

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

USB Video Device

VLC media player 2.0.1

Vprint Creator

Windows Live Communications Platform

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

WinRAR 4.00 (32-bit)

Yahoo! Toolbar

YouSendIt Desktop App

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Good!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Dear Mr Maniac, following is the ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=ee9b98c2feb5c94b9eb0a0121ac18e80

# engine=13257

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-02-28 01:16:41

# local_time=2013-02-28 09:16:41 (+0800, Malay Peninsula Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5893 16776574 100 94 27716296 113688592 0 0

# scanned=831924

# found=19

# cleaned=10

# scan_time=22827

sh=69EFEFD3E494654888514AF528A1252BF56FC447 ft=1 fh=0cd696aee04eb69d vn="Win32/SpeedUpMyPC application" ac=I fn="C:\Users\All Users\SpeedBit\DAP\Offers\speedupmypc.exe"

sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\AppData\Local\Temp\NERO1005263\unit_app_75\Toolbar.exe"

sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\AppData\Local\Temp\NERO13390\Toolbar.exe"

sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\Local Settings\Temp\NERO1005263\unit_app_75\Toolbar.exe"

sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\Local Settings\Temp\NERO13390\Toolbar.exe"

sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Users\ANG YIAW KIAN\AppData\Local\Temp\NERO1005263\unit_app_75\Toolbar.exe"

sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Users\ANG YIAW KIAN\AppData\Local\Temp\NERO13390\Toolbar.exe"

sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Users\ANG YIAW KIAN\Local Settings\Temp\NERO1005263\unit_app_75\Toolbar.exe"

sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Windows.old\Users\ANG YIAW KIAN\Local Settings\Temp\NERO13390\Toolbar.exe"

sh=87B5B577B696425B814A5BE4A60867CC83165E5F ft=1 fh=9e637136d803ebab vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2109891866-211909989-2525062061-1000\$RJUS3SM\TuneUp_BitTorrent_PC_2.4.6_CMPID_397.exe"

sh=69EFEFD3E494654888514AF528A1252BF56FC447 ft=1 fh=0cd696aee04eb69d vn="Win32/SpeedUpMyPC application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\SpeedBit\DAP\Offers\speedupmypc.exe"

sh=593C4496AA0E938E8AADB18CAAE5EB68E278810E ft=1 fh=20406d1dbfb52871 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\DELL\AppData\Local\Temp\580C.tmp"

sh=A426A9F68A91311842231DA736BDB0D98C563C78 ft=1 fh=07695b25355574b4 vn="a variant of Win32/Toolbar.Babylon.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\DELL\AppData\Local\Temp\DeltaTB.exe"

sh=3451A1ACDB9D6C4520923E732A6D7993E8197383 ft=1 fh=ed2a770def16c842 vn="a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\DELL\Downloads\FreeYouTubeDownloaderInstaller (1).exe"

sh=3451A1ACDB9D6C4520923E732A6D7993E8197383 ft=1 fh=ed2a770def16c842 vn="a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\DELL\Downloads\FreeYouTubeDownloaderInstaller.exe"

sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\AppData\Local\Application Data\Temp\NERO1005263\unit_app_75\Toolbar.exe"

sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\ANG YIAW KIAN\AppData\Local\Application Data\Temp\NERO13390\Toolbar.exe"

sh=844949940EDFA51D38C5FA3294892B92C8D3CF8E ft=1 fh=c71c00116efa4a17 vn="Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL"

sh=B4403810C1DB8482C5A26B418499A8643E4A6410 ft=1 fh=08d890e1afeefad5 vn="Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL"

Share this post


Link to post
Share on other sites

Dear Mr Maniac, Thanks for your help, my pc now runs smoother, just that there are files at desktop that occurs spontaneously without me locate them there, eg. desktop.ini, ~$dified letter to ...doc, ~$dified letter.doc, ~WRL0077.tmp, ~WRL2684.tmp, are these files noraml? How to git rid, can i just delete them manually?

Share this post


Link to post
Share on other sites

Yes, you could manually delete them.

Let's clean these tools:

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, uninstall ESET Online Scanner.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.