1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Delta Search Removal

Discussion in 'Virus & Other Malware Removal' started by bobber49, Feb 12, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. bobber49

    bobber49 Thread Starter

    Joined:
    Apr 2, 2005
    Messages:
    12
    Delta Search has hit my computer. I cannot manage to get rid of it even after removing it from the program files and trying several solutions suggested on different websites. Everything I can find seems to indicate that it insinuates itself into numerous files and programs. Thank you in advance for your efforts at helping.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 07:44:08 PM, on 2/12/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\soundman.exe
    C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
    C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\Users\user\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=e8af7d150000000000000019db206b9c
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = user\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files (x86)\Kerio\Personal Firewall\persfw.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8633 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by user at 18:08:47 on 2013-02-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.1872 [GMT 2:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\soundman.exe
    C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
    C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=e8af7d150000000000000019db206b9c
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&?a???? st? Microsoft Excel - <no file>
    IE: ?p&?st??? st? OneNote - <no file>
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{A747AE7D-7C8F-4C35-A244-B1326F50D2A9} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [SoundMan] SOUNDMAN.EXE
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ww9s0egc.default\
    FF - prefs.js: browser.search.selectedEngine - Delta Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-01-26 16:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ww9s0egc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e8af7d150000000000000019db206b9c&q=
    FF - user.js: extensions.BabylonToolbar.id - e8af7d150000000000000019db206b9c
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15732
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.223:12:58
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=116987
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar.rvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - e8af7d150000000000000019db206b9c
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15748
    FF - user.js: extensions.delta.vrsn - 1.8.10.0
    FF - user.js: extensions.delta.vrsni - 1.8.10.0
    FF - user.js: extensions.delta.vrsnTs - 1.8.10.014:30:29
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-14 411136]
    R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    .
    =============== Created Last 30 ================
    .
    2013-02-12 12:30:43 -------- d-----w- C:\Program Files (x86)\FilesFrog Update Checker
    2013-02-12 12:30:40 -------- d-----w- C:\ProgramData\BrowserProtect
    2013-02-11 21:58:14 -------- d-----w- C:\Program Files\Microsoft Games
    2013-02-10 10:12:50 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2013-02-10 10:10:28 294912 ----a-w- C:\Windows\System32\browserchoice.exe
    2013-02-10 10:05:30 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2013-02-10 10:05:30 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2013-02-10 10:05:30 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2013-02-10 10:05:30 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2013-02-10 10:05:30 100864 ----a-w- C:\Windows\System32\fontsub.dll
    2013-02-10 10:05:29 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2013-02-10 04:18:12 -------- d-----w- C:\Users\user\AppData\Roaming\Visan
    2013-02-10 04:13:15 -------- d-----w- C:\ProgramData\Visan
    2013-02-10 04:13:15 -------- d-----w- C:\ProgramData\HP Photo Creations
    2013-02-10 04:13:15 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
    2013-02-08 15:32:40 -------- d-sh--w- C:\Windows\ftpcache
    2013-02-08 15:32:19 -------- d-----w- C:\Program Files (x86)\McGraw-Hill
    2013-02-07 11:13:24 -------- d-----w- C:\Users\user\New folder
    2013-02-01 21:16:11 697364 ----a-w- C:\Users\user\AppData\Roaming\unins000.exe
    2013-01-27 21:13:23 -------- d-----w- C:\Users\user\AppData\Roaming\Systweak
    2013-01-27 21:13:20 19896 ----a-w- C:\Windows\System32\roboot64.exe
    2013-01-27 21:12:32 -------- d-----w- C:\Users\user\AppData\Roaming\Babylon
    2013-01-27 21:12:32 -------- d-----w- C:\ProgramData\Babylon
    2013-01-27 21:12:00 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2013-01-25 19:39:12 -------- d-----r- C:\Users\user\Dropbox
    2013-01-25 19:35:56 -------- d-----w- C:\Users\user\AppData\Roaming\Dropbox
    2013-01-24 14:37:45 -------- d-----w- C:\Program Files (x86)\Audacity
    2013-01-24 14:37:22 -------- d-----w- C:\Users\user\AppData\Local\Programs
    2013-01-24 13:28:46 -------- d-----w- C:\Program Files (x86)\Kap.TOEFL
    2013-01-21 20:20:41 -------- d-----w- C:\Users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-01-21 20:15:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2013-01-21 14:48:58 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
    2013-01-19 07:35:44 -------- d-----w- C:\Users\user\AppData\Local\Microsoft Games
    2013-01-19 04:08:40 90112 ----a-w- C:\Windows\unvise32.exe
    2013-01-19 04:07:14 -------- d-----w- C:\Program Files (x86)\The Complete Guide to the TOEFL(R) Test V2
    2013-01-19 00:35:21 -------- d-----w- C:\ms office pro 2010 eng
    2013-01-18 23:56:33 -------- d-----w- C:\backup_outlook
    2013-01-18 23:22:18 -------- d-----w- C:\Windows\PCHEALTH
    2013-01-18 23:19:46 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2013-01-18 22:02:02 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2013-01-18 21:39:19 -------- d-----w- C:\Users\user\AppData\Local\Adobe
    2013-01-18 11:44:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2013-01-18 11:44:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2013-01-18 11:44:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2013-01-18 11:44:36 5120 ----a-w- C:\Windows\System32\wmi.dll
    2013-01-18 11:44:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2013-01-18 11:00:11 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2013-01-18 11:00:09 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-18 11:00:07 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2013-01-18 11:00:07 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2013-01-18 10:58:59 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-18 10:57:59 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-18 10:56:36 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-18 10:55:47 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2013-01-18 10:53:40 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-01-18 10:53:40 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2013-01-18 10:53:32 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2013-01-18 10:53:32 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2013-01-18 10:53:24 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2013-01-18 10:53:24 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2013-01-18 10:53:23 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2013-01-18 10:53:23 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2013-01-18 10:53:23 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2013-01-18 10:51:55 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2013-01-18 10:51:55 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2013-01-18 10:48:13 77312 ----a-w- C:\Windows\System32\packager.dll
    2013-01-18 10:48:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2013-01-18 10:38:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2013-01-18 10:38:51 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2013-01-18 10:38:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2013-01-18 10:38:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2013-01-18 10:02:49 -------- d-----w- C:\Users\user\AppData\Local\Macromedia
    2013-01-18 09:21:31 -------- d-----w- C:\Users\user\AppData\Local\Mozilla
    2013-01-18 08:49:29 -------- dc----w- C:\Users\user\AppData\Local\MigWiz
    2013-01-18 08:08:44 -------- d-----w- C:\Program Files (x86)\Kerio
    2013-01-18 08:08:21 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2013-01-18 08:08:21 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2013-01-18 08:08:21 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2013-01-18 08:08:21 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2013-01-18 08:08:20 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2013-01-18 07:45:13 -------- d-----w- C:\Users\user\AppData\Roaming\DriverCure
    2013-01-18 07:45:12 -------- d-----w- C:\Users\user\AppData\Roaming\ParetoLogic
    2013-01-18 07:44:58 -------- d-----w- C:\ProgramData\ParetoLogic
    2013-01-18 05:48:18 -------- d-----w- C:\Windows\pss
    2013-01-18 05:37:56 -------- d-----w- C:\Users\user\AppData\Local\Microsoft Help
    2013-01-18 05:35:36 -------- d-----w- C:\Users\user\AppData\Roaming\AVG2013
    2013-01-18 05:33:25 -------- d-----w- C:\Users\user\AppData\Roaming\TuneUp Software
    2013-01-18 05:33:13 -------- d--h--w- C:\$AVG
    2013-01-18 05:33:13 -------- d-----w- C:\ProgramData\AVG2013
    2013-01-18 05:32:47 -------- d-----w- C:\Program Files (x86)\AVG
    2013-01-18 05:31:02 -------- d--h--w- C:\ProgramData\Common Files
    2013-01-18 05:31:01 -------- d-----w- C:\Users\user\AppData\Local\MFAData
    2013-01-18 05:31:01 -------- d-----w- C:\Users\user\AppData\Local\Avg2013
    2013-01-18 05:31:01 -------- d-----w- C:\ProgramData\MFAData
    2013-01-18 05:29:23 859552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-01-18 05:29:15 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-18 05:20:33 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-01-18 05:13:25 -------- d-----w- C:\Users\user\AppData\Local\Google
    2013-01-18 05:13:15 -------- d-----w- C:\Users\user\AppData\Local\Deployment
    2013-01-18 05:13:15 -------- d-----w- C:\Users\user\AppData\Local\Apps
    2013-01-18 05:10:56 -------- d-----w- C:\Users\user\AppData\Local\Apple
    2013-01-18 05:10:36 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-18 05:10:36 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-18 05:09:48 -------- d-----r- C:\Program Files (x86)\Skype
    2013-01-18 05:06:53 -------- d-----w- C:\Users\user\AppData\Roaming\OpenOffice.org
    2013-01-18 05:05:26 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
    2013-01-18 05:05:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-01-18 05:00:50 -------- d-----w- C:\Program Files (x86)\uTorrent
    2013-01-18 05:00:31 -------- d-----w- C:\Users\user\AppData\Roaming\uTorrent
    2013-01-18 05:00:07 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2013-01-18 04:59:47 -------- d-----w- C:\Users\user\AppData\Local\Ahead
    2013-01-18 04:58:49 -------- d-----w- C:\ProgramData\Nero
    2013-01-18 04:58:49 -------- d-----w- C:\Program Files (x86)\Nero
    2013-01-18 04:58:24 -------- d-----w- C:\Users\user\AppData\Local\ElevatedDiagnostics
    2013-01-18 04:55:21 -------- d-----w- C:\Intel
    2013-01-18 02:50:55 -------- d-sh--w- C:\Windows\Installer
    2013-01-18 02:41:18 0 ----a-w- C:\Windows\ativpsrm.bin
    2013-01-18 02:39:06 -------- d-----w- C:\Windows\Panther
    2013-01-17 16:50:01 -------- d-----w- C:\drivers
    .
    ==================== Find3M ====================
    .
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-15 21:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    .
    ============= FINISH: 18:09:18.73 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/18/2013 04:45:24 AM
    System Uptime: 2/12/2013 05:40:40 PM (1 hours ago)
    .
    Motherboard: MSI | | MS-7236
    Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | CPU 1 | 2127/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 75.561 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 19 GiB total, 7.614 GiB free.
    F: is FIXED (NTFS) - 466 GiB total, 397.381 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP26: 2/4/2013 10:05:27 AM - Scheduled Checkpoint
    RP27: 2/10/2013 11:42:19 AM - Windows Modules Installer
    RP28: 2/10/2013 11:46:49 AM - Windows Update
    RP29: 2/10/2013 12:01:09 PM - Windows Update
    RP30: 2/11/2013 12:52:37 AM - Windows Update
    RP31: 2/11/2013 11:57:54 PM - Windows Modules Installer
    RP32: 2/12/2013 02:38:11 PM - Removed Delta Chrome Toolbar
    RP33: 2/12/2013 02:49:38 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.01)
    Apple Application Support
    Apple Software Update
    Audacity 2.0.3
    AVG 2013
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dropbox
    FilesFrog Update Checker
    HP Photo Creations
    Internet-based TOEFL
    Java 7 Update 11
    Java Auto Updater
    Java(TM) 6 Update 22
    Kerio Personal Firewall 2.1.5
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XML Parser
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8
    neroxml
    OpenOffice.org 3.3
    QuickTime
    Realtek AC'97 Audio
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Skype Click to Call
    Skype™ 6.1
    Spelling Dictionaries Support For Adobe Reader 9
    The Complete Guide to the TOEFL(R) Test V2
    TOEFL Official Guide 4.0
    UBitMenuES
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    VCRedistSetup
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.5
    VobSub v2.23 (Remove Only)
    WinRAR 4.20 (64-bit)
    WinZip 16.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2013 07:45:11 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.
    2/8/2013 09:50:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff80002a88423, 0xfffff88002ff3e78, 0xfffff88002ff36d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020813-37734-01.
    2/12/2013 05:41:30 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    2/12/2013 05:40:55 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
    2/12/2013 05:38:48 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
    2/12/2013 05:33:30 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    2/10/2013 12:46:02 PM, Error: Service Control Manager [7023] -
    2/10/2013 12:43:32 PM, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-02-12 19:54:04
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3160811AS rev.3.AAE 149.05GB
    Running: zikswtsm.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2584:3312] 000007fefada2a7c
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:1080] 000000006d396454
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:1756] 000000006d395466
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3868] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3292] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3852] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3396] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3740] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:1292] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3780] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3568] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3840] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2732] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3016] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3892] 0000000076ef2e25
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3124] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:336] 00000000707a27e1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2780] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:1016] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3156] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2864] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2836] 00000000725d27c1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3644] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2400] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3736] 00000000706632fb
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:952] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3652] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3884] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3316] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2516] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:960] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4840] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:328] 0000000076ef3e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2360] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3356] 00000000708862ee
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4428] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2292] 0000000076ef3e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4752] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:3484] 0000000076ef3e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4516] 0000000076ef3e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4288] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:4624] 000000007354c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3980:2688] 000000007354c724
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\PROGRA~2\AVG\AVG2013\avgrsa.exe [344] 000007fefeee0000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [2584] 000007fef22d0000

    ---- EOF - GMER 2.0 ----
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  3. bobber49

    bobber49 Thread Starter

    Joined:
    Apr 2, 2005
    Messages:
    12
    # AdwCleaner v2.112 - Logfile created 02/16/2013 at 16:29:33
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : user - USER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\user\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    Folder Found : C:\Program Files (x86)\FilesFrog Update Checker
    Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
    Folder Found : C:\ProgramData\BrowserProtect

    ***** [Registry] *****

    Key Found : HKCU\Software\BabylonToolbar
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\Somoto
    Key Found : HKCU\Software\ee8f8fb368ed44
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Found : HKLM\SOFTWARE\Wow6432Node\ee8f8fb368ed44
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
    Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt
    when it reboots, then

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089207