Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Delta Search Removal


(!)

bobber49's Avatar
bobber49 bobber49 is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Apr 2005
12-Feb-2013, 01:03 PM #1
Delta Search Removal
Delta Search has hit my computer. I cannot manage to get rid of it even after removing it from the program files and trying several solutions suggested on different websites. Everything I can find seems to indicate that it insinuates itself into numerous files and programs. Thank you in advance for your efforts at helping.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:44:08 PM, on 2/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\soundman.exe
C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Users\user\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1...000019db206b9c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = user\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files (x86)\Kerio\Personal Firewall\persfw.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8633 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by user at 18:08:47 on 2013-02-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.1872 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\soundman.exe
C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=e8af7d150000000000000019db206b9c
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dr opbox.lnk - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ON ENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&?a???? st? Microsoft Excel - <no file>
IE: ?p&?st??? st? OneNote - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A747AE7D-7C8F-4C35-A244-B1326F50D2A9} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SoundMan] SOUNDMAN.EXE
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ww9s0egc.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-26 16:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ww9s0egc.default\ext ensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e8af7d150000000000000019db206b9c&q=
FF - user.js: extensions.BabylonToolbar.id - e8af7d150000000000000019db206b9c
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15732
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.223:12:58
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=116987
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - e8af7d150000000000000019db206b9c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15748
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.014:30:29
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-14 411136]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-02-12 12:30:43 -------- d-----w- C:\Program Files (x86)\FilesFrog Update Checker
2013-02-12 12:30:40 -------- d-----w- C:\ProgramData\BrowserProtect
2013-02-11 21:58:14 -------- d-----w- C:\Program Files\Microsoft Games
2013-02-10 10:12:50 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-02-10 10:10:28 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-02-10 10:05:30 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-02-10 10:05:30 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-02-10 10:05:30 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-02-10 10:05:30 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-02-10 10:05:30 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-02-10 10:05:29 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-02-10 04:18:12 -------- d-----w- C:\Users\user\AppData\Roaming\Visan
2013-02-10 04:13:15 -------- d-----w- C:\ProgramData\Visan
2013-02-10 04:13:15 -------- d-----w- C:\ProgramData\HP Photo Creations
2013-02-10 04:13:15 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2013-02-08 15:32:40 -------- d-sh--w- C:\Windows\ftpcache
2013-02-08 15:32:19 -------- d-----w- C:\Program Files (x86)\McGraw-Hill
2013-02-07 11:13:24 -------- d-----w- C:\Users\user\New folder
2013-02-01 21:16:11 697364 ----a-w- C:\Users\user\AppData\Roaming\unins000.exe
2013-01-27 21:13:23 -------- d-----w- C:\Users\user\AppData\Roaming\Systweak
2013-01-27 21:13:20 19896 ----a-w- C:\Windows\System32\roboot64.exe
2013-01-27 21:12:32 -------- d-----w- C:\Users\user\AppData\Roaming\Babylon
2013-01-27 21:12:32 -------- d-----w- C:\ProgramData\Babylon
2013-01-27 21:12:00 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-01-25 19:39:12 -------- d-----r- C:\Users\user\Dropbox
2013-01-25 19:35:56 -------- d-----w- C:\Users\user\AppData\Roaming\Dropbox
2013-01-24 14:37:45 -------- d-----w- C:\Program Files (x86)\Audacity
2013-01-24 14:37:22 -------- d-----w- C:\Users\user\AppData\Local\Programs
2013-01-24 13:28:46 -------- d-----w- C:\Program Files (x86)\Kap.TOEFL
2013-01-21 20:20:41 -------- d-----w- C:\Users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B 320485DF8CE.1
2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-21 14:48:58 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2013-01-19 07:35:44 -------- d-----w- C:\Users\user\AppData\Local\Microsoft Games
2013-01-19 04:08:40 90112 ----a-w- C:\Windows\unvise32.exe
2013-01-19 04:07:14 -------- d-----w- C:\Program Files (x86)\The Complete Guide to the TOEFL(R) Test V2
2013-01-19 00:35:21 -------- d-----w- C:\ms office pro 2010 eng
2013-01-18 23:56:33 -------- d-----w- C:\backup_outlook
2013-01-18 23:22:18 -------- d-----w- C:\Windows\PCHEALTH
2013-01-18 23:19:46 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-01-18 22:02:02 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-18 21:39:19 -------- d-----w- C:\Users\user\AppData\Local\Adobe
2013-01-18 11:44:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-01-18 11:44:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-01-18 11:44:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-01-18 11:44:36 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-01-18 11:44:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-01-18 11:00:11 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-01-18 11:00:09 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-18 11:00:07 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2013-01-18 11:00:07 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2013-01-18 10:58:59 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-18 10:57:59 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-18 10:56:36 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-18 10:55:47 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2013-01-18 10:53:40 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-01-18 10:53:40 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-01-18 10:53:32 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2013-01-18 10:53:32 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2013-01-18 10:53:24 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2013-01-18 10:53:24 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2013-01-18 10:53:23 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2013-01-18 10:53:23 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2013-01-18 10:53:23 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2013-01-18 10:51:55 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2013-01-18 10:51:55 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2013-01-18 10:48:13 77312 ----a-w- C:\Windows\System32\packager.dll
2013-01-18 10:48:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-01-18 10:38:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-01-18 10:38:51 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-01-18 10:38:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-01-18 10:38:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-01-18 10:02:49 -------- d-----w- C:\Users\user\AppData\Local\Macromedia
2013-01-18 09:21:31 -------- d-----w- C:\Users\user\AppData\Local\Mozilla
2013-01-18 08:49:29 -------- dc----w- C:\Users\user\AppData\Local\MigWiz
2013-01-18 08:08:44 -------- d-----w- C:\Program Files (x86)\Kerio
2013-01-18 08:08:21 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-01-18 08:08:21 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-01-18 08:08:21 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-01-18 08:08:21 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-01-18 08:08:20 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-01-18 07:45:13 -------- d-----w- C:\Users\user\AppData\Roaming\DriverCure
2013-01-18 07:45:12 -------- d-----w- C:\Users\user\AppData\Roaming\ParetoLogic
2013-01-18 07:44:58 -------- d-----w- C:\ProgramData\ParetoLogic
2013-01-18 05:48:18 -------- d-----w- C:\Windows\pss
2013-01-18 05:37:56 -------- d-----w- C:\Users\user\AppData\Local\Microsoft Help
2013-01-18 05:35:36 -------- d-----w- C:\Users\user\AppData\Roaming\AVG2013
2013-01-18 05:33:25 -------- d-----w- C:\Users\user\AppData\Roaming\TuneUp Software
2013-01-18 05:33:13 -------- d--h--w- C:\$AVG
2013-01-18 05:33:13 -------- d-----w- C:\ProgramData\AVG2013
2013-01-18 05:32:47 -------- d-----w- C:\Program Files (x86)\AVG
2013-01-18 05:31:02 -------- d--h--w- C:\ProgramData\Common Files
2013-01-18 05:31:01 -------- d-----w- C:\Users\user\AppData\Local\MFAData
2013-01-18 05:31:01 -------- d-----w- C:\Users\user\AppData\Local\Avg2013
2013-01-18 05:31:01 -------- d-----w- C:\ProgramData\MFAData
2013-01-18 05:29:23 859552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-01-18 05:29:15 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-18 05:20:33 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-01-18 05:13:25 -------- d-----w- C:\Users\user\AppData\Local\Google
2013-01-18 05:13:15 -------- d-----w- C:\Users\user\AppData\Local\Deployment
2013-01-18 05:13:15 -------- d-----w- C:\Users\user\AppData\Local\Apps
2013-01-18 05:10:56 -------- d-----w- C:\Users\user\AppData\Local\Apple
2013-01-18 05:10:36 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-18 05:10:36 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-18 05:09:48 -------- d-----r- C:\Program Files (x86)\Skype
2013-01-18 05:06:53 -------- d-----w- C:\Users\user\AppData\Roaming\OpenOffice.org
2013-01-18 05:05:26 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2013-01-18 05:05:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-18 05:00:50 -------- d-----w- C:\Program Files (x86)\uTorrent
2013-01-18 05:00:31 -------- d-----w- C:\Users\user\AppData\Roaming\uTorrent
2013-01-18 05:00:07 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-01-18 04:59:47 -------- d-----w- C:\Users\user\AppData\Local\Ahead
2013-01-18 04:58:49 -------- d-----w- C:\ProgramData\Nero
2013-01-18 04:58:49 -------- d-----w- C:\Program Files (x86)\Nero
2013-01-18 04:58:24 -------- d-----w- C:\Users\user\AppData\Local\ElevatedDiagnostics
2013-01-18 04:55:21 -------- d-----w- C:\Intel
2013-01-18 02:50:55 -------- d-sh--w- C:\Windows\Installer
2013-01-18 02:41:18 0 ----a-w- C:\Windows\ativpsrm.bin
2013-01-18 02:39:06 -------- d-----w- C:\Windows\Panther
2013-01-17 16:50:01 -------- d-----w- C:\drivers
.
==================== Find3M ====================
.
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-15 21:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 18:09:18.73 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/18/2013 04:45:24 AM
System Uptime: 2/12/2013 05:40:40 PM (1 hours ago)
.
Motherboard: MSI | | MS-7236
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | CPU 1 | 2127/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 75.561 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 19 GiB total, 7.614 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 397.381 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP26: 2/4/2013 10:05:27 AM - Scheduled Checkpoint
RP27: 2/10/2013 11:42:19 AM - Windows Modules Installer
RP28: 2/10/2013 11:46:49 AM - Windows Update
RP29: 2/10/2013 12:01:09 PM - Windows Update
RP30: 2/11/2013 12:52:37 AM - Windows Update
RP31: 2/11/2013 11:57:54 PM - Windows Modules Installer
RP32: 2/12/2013 02:38:11 PM - Removed Delta Chrome Toolbar
RP33: 2/12/2013 02:49:38 PM - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
Apple Application Support
Apple Software Update
Audacity 2.0.3
AVG 2013
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
FilesFrog Update Checker
HP Photo Creations
Internet-based TOEFL
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 22
Kerio Personal Firewall 2.1.5
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
OpenOffice.org 3.3
QuickTime
Realtek AC'97 Audio
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype™ 6.1
Spelling Dictionaries Support For Adobe Reader 9
The Complete Guide to the TOEFL(R) Test V2
TOEFL Official Guide 4.0
UBitMenuES
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VCRedistSetup
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.5
VobSub v2.23 (Remove Only)
WinRAR 4.20 (64-bit)
WinZip 16.5
.
==== Event Viewer Messages From Past Week ========
.
2/9/2013 07:45:11 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.
2/8/2013 09:50:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff80002a88423, 0xfffff88002ff3e78, 0xfffff88002ff36d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020813-37734-01.
2/12/2013 05:41:30 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
2/12/2013 05:40:55 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
2/12/2013 05:38:48 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
2/12/2013 05:33:30 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
2/10/2013 12:46:02 PM, Error: Service Control Manager [7023] -
2/10/2013 12:43:32 PM, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-02-12 19:54:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3160811AS rev.3.AAE 149.05GB
Running: zikswtsm.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- Threads - GMER 2.0 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2584:3312] 000007fefada2a7c
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:1080] 000000006d396454
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:1756] 000000006d395466
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3868] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3292] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3852] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3396] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3740] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:1292] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3780] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3568] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3840] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2732] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3016] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3892] 0000000076ef2e25
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3124] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:336] 00000000707a27e1
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2780] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:1016] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3156] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2864] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2836] 00000000725d27c1
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3644] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2400] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3736] 00000000706632fb
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:952] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3652] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3884] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3316] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2516] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:960] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4840] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:328] 0000000076ef3e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2360] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3356] 00000000708862ee
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4428] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2292] 0000000076ef3e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4752] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3484] 0000000076ef3e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4516] 0000000076ef3e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4288] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4624] 000000007354c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2688] 000000007354c724
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\PROGRA~2\AVG\AVG2013\avgrsa.exe [344] 000007fefeee0000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [2584] 000007fef22d0000

---- EOF - GMER 2.0 ----
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,928 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
16-Feb-2013, 07:12 AM #2
Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
bobber49's Avatar
bobber49 bobber49 is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Apr 2005
16-Feb-2013, 09:45 AM #3
# AdwCleaner v2.112 - Logfile created 02/16/2013 at 16:29:33
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : user - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Folder Found : C:\Program Files (x86)\FilesFrog Update Checker
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Found : C:\ProgramData\BrowserProtect

***** [Registry] *****

Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Somoto
Key Found : HKCU\Software\ee8f8fb368ed44
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\ee8f8fb368ed44
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesF rog Update Checker
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,928 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
16-Feb-2013, 02:09 PM #4
Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt
when it reboots, then

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑