Jump to content

jaygee1969

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Everything posted by jaygee1969

  1. jaygee1969
    Thank you so much for all your help, all sorted now I think.
  2. jaygee1969
    I am running on Firefox 20.0.1 which appears to be the latest version despite what it says above.
  3. jaygee1969
    Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG Internet Security 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.7.700.169 Adobe Reader XI Mozilla Firefox (Firefox,. Firefox out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  4. jaygee1969
    Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG Internet Security 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 17 Java version out of Date! Adobe Flash Player 11.7.700.169 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (Firefox,. Firefox out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  5. jaygee1969
    That seems to have sorted it. Thank you so much for your help. Can I just ask why Malwarebytes did not find the problem?
  6. jaygee1969
    I have just tried to open up Google Chrome and got the message: Your preferences file is corrupt or invalid. Google Chrome is unable to recover your settings.
  7. jaygee1969
    # AdwCleaner v2.300 - Logfile created 05/08/2013 at 15:33:52 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Justine - HCS173W7 # Boot Mode : Normal # Running from : C:\Users\Justine\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\extensions\addon@defaulttab.com.xpi File Deleted : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\searchplugins\delta.xml File Deleted : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\searchplugins\search-here.xml Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Justine\AppData\Local\Supreme Savings Folder Deleted : C:\Users\Justine\AppData\Roaming\Babylon Folder Deleted : C:\Users\Justine\AppData\Roaming\DefaultTab ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\delta LTD Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\Supreme Savings Key Deleted : HKLM\SOFTWARE\Wow6432Node\5e57df8ae26fec14 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=5A1CC86000D3BBC9 --> hxxp://www.google.com -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\prefs.js C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\user.js ... Deleted ! Deleted : user_pref("browser.startup.homepage", "hxxp://benhodgson.easysearch.org.uk/|hxxps://www.angryhosting[...] Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...] Deleted : user_pref("extensions.delta.admin", false); Deleted : user_pref("extensions.delta.aflt", "babsst"); Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Deleted : user_pref("extensions.delta.autoRvrt", "false"); Deleted : user_pref("extensions.delta.dfltLng", "en"); Deleted : user_pref("extensions.delta.excTlbr", false); Deleted : user_pref("extensions.delta.ffxUnstlRst", true); Deleted : user_pref("extensions.delta.id", "5a1cfc0e000000000000c86000d3bbc9"); Deleted : user_pref("extensions.delta.instlDay", "15825"); Deleted : user_pref("extensions.delta.instlRef", "sst"); Deleted : user_pref("extensions.delta.newTab", false); Deleted : user_pref("extensions.delta.prdct", "delta"); Deleted : user_pref("extensions.delta.prtnrId", "delta"); Deleted : user_pref("extensions.delta.rvrt", "false"); Deleted : user_pref("extensions.delta.smplGrp", "none"); Deleted : user_pref("extensions.delta.tlbrId", "base"); Deleted : user_pref("extensions.delta.tlbrSrchUrl", ""); Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16"); Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.169:50:04"); Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16"); -\\ Google Chrome v26.0.1410.64 File : C:\Users\Justine\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.2195] : homepage = "hxxps://www.google.com/calendar/render?tab=mc&pli=1|hxxps://mail.google.com/mail/?sh[...] Deleted [l.2448] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=120519&babsrc=HP_ss&mntrI[...] ************************* AdwCleaner[R1].txt - [5018 octets] - [08/05/2013 14:40:12] AdwCleaner[R2].txt - [5078 octets] - [08/05/2013 15:33:40] AdwCleaner[s1].txt - [4967 octets] - [08/05/2013 15:33:52] ########## EOF - C:\AdwCleaner[s1].txt - [5027 octets] ##########
  8. jaygee1969
    # AdwCleaner v2.300 - Logfile created 05/08/2013 at 14:40:12 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Justine - HCS173W7 # Boot Mode : Normal # Running from : C:\Users\Justine\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\extensions\addon@defaulttab.com.xpi File Found : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\extensions\addon@defaulttab.com.xpi File Found : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\searchplugins\delta.xml File Found : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\searchplugins\search-here.xml Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Justine\AppData\Local\Supreme Savings Folder Found : C:\Users\Justine\AppData\Roaming\Babylon Folder Found : C:\Users\Justine\AppData\Roaming\DefaultTab ***** [Registry] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\Default Tab Key Found : HKCU\Software\delta LTD Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\DataMngr Key Found : HKLM\Software\Default Tab Key Found : HKLM\Software\PIP Key Found : HKLM\Software\Supreme Savings Key Found : HKLM\SOFTWARE\Wow6432Node\5e57df8ae26fec14 Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Tarma Installer Key Found : HKU\S-1-5-21-3335359776-2643304888-4147450880-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=5A1CC86000D3BBC9 -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\prefs.js Found : user_pref("browser.startup.homepage", "hxxp://benhodgson.easysearch.org.uk/|hxxps://www.angryhosting[...] Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...] Found : user_pref("extensions.delta.admin", false); Found : user_pref("extensions.delta.aflt", "babsst"); Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Found : user_pref("extensions.delta.autoRvrt", "false"); Found : user_pref("extensions.delta.dfltLng", "en"); Found : user_pref("extensions.delta.excTlbr", false); Found : user_pref("extensions.delta.ffxUnstlRst", true); Found : user_pref("extensions.delta.id", "5a1cfc0e000000000000c86000d3bbc9"); Found : user_pref("extensions.delta.instlDay", "15825"); Found : user_pref("extensions.delta.instlRef", "sst"); Found : user_pref("extensions.delta.newTab", false); Found : user_pref("extensions.delta.prdct", "delta"); Found : user_pref("extensions.delta.prtnrId", "delta"); Found : user_pref("extensions.delta.rvrt", "false"); Found : user_pref("extensions.delta.smplGrp", "none"); Found : user_pref("extensions.delta.tlbrId", "base"); Found : user_pref("extensions.delta.tlbrSrchUrl", ""); Found : user_pref("extensions.delta.vrsn", "1.8.16.16"); Found : user_pref("extensions.delta.vrsnTs", "1.8.16.169:50:04"); Found : user_pref("extensions.delta.vrsni", "1.8.16.16"); -\\ Google Chrome v26.0.1410.64 File : C:\Users\Justine\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.2195] : homepage = "hxxps://www.google.com/calendar/render?tab=mc&pli=1|hxxps://mail.google.com/mail/?shva=1#inbox", Found [l.2448] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=5A1CC86000D3BBC9" ] ************************* AdwCleaner[R1].txt - [4895 octets] - [08/05/2013 14:40:12] ########## EOF - C:\AdwCleaner[R1].txt - [4955 octets] ##########
  9. jaygee1969
    The scan says that I have No Malware Present, but I am still getting the delta-search page coming up every time I open Google Chrome. system-log.txt mbar-log-2013-05-08 (13-56-54).txt
  10. jaygee1969
    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Justine [Admin rights] Mode : Scan -- Date : 05/08/2013 08:46:22 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][sUSP PATH] Test TimeTrigger : C:\Users\Justine\AppData\Local\Temp\Runner.exe C:\Users\Justine\AppData\Local\Temp\DNS.exe [-] -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++ --- User --- [MBR] 3cd76c0104370e16ab52637119987bef [bSP] 915851f8a1b10e6996ed19e95510cb90 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST31000524AS ATA Device +++++ --- User --- [MBR] 4c1a18d89fd96a36242f519730fe9040 [bSP] 035b85cfae3a9e93a8565834877ca0a9 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05082013_02d0846.txt >> RKreport[1]_S_05082013_02d0846.txt
  11. jaygee1969
    My version of Google Chrome seems to have been hi-jacked and every time I start it up I get www2.delta-search.com instead of my home page - when I check the settings my correct homepage is there and if I click on home it does take me to my homepage. I have googled for information about this delta-search and it seems that it is an invasive malware: www2.delta-search.com is categorized as a browser hijacker as similar as www1.delta-search.com hijacker which can perform many corrupted actions on the infected computer, it includes: downloading other malicious programs, creating a backdoor in your PC security and creating advertisements. Being as a redirect virus, it is very disturbing and will continuously redirect your web searches to some fake web sites. It aims to hijack web browsers such as Safari, IE, FireFox, Chrome, modify the DNS and redirect search results in Google, Yahoo and Bing to a multiple undesirable websites. If this is the case can you please tell me why Malwarebytes does not find it? I have found various instructions for manual removal but have still not managed to get rid of it. To my mind that is what I paid for Malwarebytes for so it should remove this automatically but it does not. I have followed your instructions in the topic 'I'm infected - What do I do now?' and the two files I created are attached below: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 26/04/2012 15:28:35 System Uptime: 07/05/2013 08:36:01 (5 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8Z68-V LX Processor: Intel® Core i5-2300 CPU @ 2.80GHz | LGA1155 | 2801/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 380.391 GiB free. D: is FIXED (NTFS) - 932 GiB total, 820.107 GiB free. E: is CDROM () H: is FIXED (FAT32) - 466 GiB total, 27.169 GiB free. I: is Removable J: is Removable K: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP177: 01/05/2013 15:53:09 - Installed AVG PC TuneUp RP178: 02/05/2013 08:38:34 - Removed AVG PC TuneUp RP179: 02/05/2013 08:41:28 - Removed AVG PC TuneUp Language Pack (en-US) RP180: 02/05/2013 16:54:19 - Wunderlist RP181: 03/05/2013 12:00:33 - Windows Backup RP182: 03/05/2013 14:39:56 - Windows Update . ==== Installed Programs ====================== . Adobe Acrobat 9 Standard Adobe Acrobat 9.5.4 - CPSID_83708 Adobe AIR Adobe Digital Editions 2.0 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Android SDK Tools Apple Application Support Apple Software Update Asmedia ASM104x USB 3.0 Host Controller Driver Audacity 2.0.2 AVG 2013 Bonjour BRAdmin Professional 3 CDMenuPro V6 CutePDF Writer 2.8 DefaultTab Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dropbox eFax Messenger Express Scribe Facebook Messenger 2.1.4814.0 FileZilla Client 3.6.0.2 Free M4a to MP3 Converter 7.2 Free YouTube to MP3 Converter Studio 7.3 Google Chrome GuardedID HTC BMP USB Driver HTC Driver Installer iCloud Intel® Processor Graphics Java 7 Update 17 Java 7 Update 7 (64-bit) Java Auto Updater Junk Mail filter update KeyBlaze Typing Tutor Kobo Malwarebytes Anti-Malware version 1.75.0.1300 Microangelo Creation Microsoft .NET Framework 4.5 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Mouse and Keyboard Center Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MyTomTom 3.2.0.802 Rapport Reader for PC Reader Library by Sony Realtek Ethernet Controller Driver Security Update for Microsoft .NET Framework 4.5 (KB2737083) Security Update for Microsoft .NET Framework 4.5 (KB2742613) Security Update for Microsoft .NET Framework 4.5 (KB2789648) Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition Serif British Clipart Collection Serif DrawPlus X4 Serif PagePlus X6 Serif PhotoPlus X5 Serif Premium Image Collection 6 Serif WebPlus X6 Sibelius Scorch (Firefox, Opera, Netscape only) TeamViewer 7 Update for Microsoft .NET Framework 4.5 (KB2750147) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Visual Studio C++ 10.0 Runtime Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Wunderlist XNote Stopwatch . ==== Event Viewer Messages From Past Week ======== . 07/05/2013 08:37:50, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. 07/05/2013 08:37:50, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 07/05/2013 08:36:49, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 07/05/2013 08:36:34, Error: Service Control Manager [7000] - The DM1Service service failed to start due to the following error: The system cannot find the file specified. 03/05/2013 12:00:19, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 02/05/2013 15:06:04, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 01/05/2013 08:21:56, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.17.2 Run by Justine at 13:33:57 on 2013-05-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8089.2649 [GMT 1:00] . AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgfws.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Wunderlist2\Wunderlist.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Users\Justine\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe C:\Users\Justine\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Users\Justine\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Users\Justine\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\XNote Stopwatch\xnsw.exe C:\Program Files (x86)\XNote Stopwatch\xnsw.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\SFT\GuardedID\GIDOSKHlpr.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\PROGRA~2\Serif\PagePlus\X6\Program\PagePlus.exe C:\Windows\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www2.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=5A1CC86000D3BBC9 mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: GuardedID: {983EB3A5-F9EE-4fe2-B3C3-E64A32F6305D} - C:\Program Files (x86)\SFT\GuardedID\GIDTB.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R uRun: [Facebook Update] "C:\Users\Justine\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [Wunderlist] "C:\Program Files (x86)\Wunderlist2\Wunderlist.exe" /silent uRun: [Google Update] "C:\Users\Justine\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s StartupFolder: C:\Users\Justine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Justine\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Justine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe StartupFolder: C:\Users\Justine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Justine\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{08101BF9-5B78-4AA9-8EB5-0983D033FBC9} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{F0DFAEEB-718B-4F58-9744-10717FD78C83} : DHCPNameServer = 192.168.42.129 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {FF2761B5-B139-4F8D-9380-3126FB419629}-1Reg - C:\Windows\SysWOW64\regsvr32.exe /s /n /i "C:\Program Files (x86)\SFT\GuardedID\gidtb.dll" mASetup: {FF2761B5-B139-4F8D-9380-3126FB419629}-2Help - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /hs mASetup: {FF2761B5-B139-4F8D-9380-3126FB419629}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file> x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\ FF - prefs.js: browser.startup.homepage - hxxp://benhodgson.easysearch.org.uk/|https://www.angryhosting.com/roundcube/?_task=mail&_mbox=INBOX FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?q= FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Justine\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll FF - plugin: C:\Users\Justine\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-04-19 13:09; guardedid@sftnj.com; C:\Program Files (x86)\Mozilla Firefox\extensions\guardedid@sftnj.com FF - ExtSQL: 2013-04-25 13:27; langpack-en-GB@firefox.mozilla.org; C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\extensions\langpack-en-GB@firefox.mozilla.org.xpi FF - ExtSQL: 2013-04-30 12:00; {650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}; C:\Program Files (x86)\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} . ---- FIREFOX POLICIES ---- . FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 5a1cfc0e000000000000c86000d3bbc9 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15825 FF - user.js: extensions.delta.vrsn - 1.8.16.16 FF - user.js: extensions.delta.vrsni - 1.8.16.16 FF - user.js: extensions.delta.vrsnTs - 1.8.16.169:50:04 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . . . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 50296] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 GIDv2;GIDv2;C:\Windows\System32\drivers\gidv2.sys [2013-4-19 28592] R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-4-2 586072] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-2 228600] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2012-4-29 65536] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-12 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-12 701512] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-2 1124184] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-31 2754984] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-12 25928] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-26 1492992] R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2013-2-20 175352] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-26 646248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-4-29 236248] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-25 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-26 1255736] . =============== Created Last 30 ================ . 2013-05-02 16:02:52 -------- d-----w- C:\Program Files (x86)\Wunderlist2 2013-05-02 15:54:32 -------- d-----w- C:\ProgramData\Package Cache 2013-04-30 11:00:04 -------- d-----w- C:\Program Files (x86)\DnsBasic 2013-04-30 08:54:50 -------- d-----w- C:\Users\Justine\AppData\Roaming\player 2013-04-30 08:50:33 -------- d-----w- C:\Users\Justine\AppData\Local\Supreme Savings 2013-04-30 08:49:38 -------- d-----w- C:\ProgramData\Babylon 2013-04-30 08:49:37 -------- d-----w- C:\Users\Justine\AppData\Roaming\Babylon 2013-04-26 07:22:31 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll 2013-04-24 06:56:42 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-23 13:59:49 -------- d-----w- C:\Users\Justine\AppData\Local\6_Wunderkinder_GmbH 2013-04-23 07:54:04 362600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\guardedid@sftnj.com\components\gidconnect20.dll 2013-04-19 12:10:02 28592 ------w- C:\Windows\System32\drivers\gidv2.sys 2013-04-18 10:30:24 -------- d-----w- C:\Users\Justine\AppData\Roaming\AVG 2013-04-18 10:29:46 -------- d-----w- C:\ProgramData\AVG 2013-04-18 10:29:39 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-04-16 09:41:22 52568 ----a-w- C:\Windows\System32\AdobePDF.dll 2013-04-11 07:24:48 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-11 07:24:47 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-04-11 07:24:44 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-11 07:24:42 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-11 07:24:42 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-11 07:24:42 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-11 07:24:42 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-11 07:24:42 112640 ----a-w- C:\Windows\System32\smss.exe . ==================== Find3M ==================== . 2013-04-18 10:03:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-18 10:03:57 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-04 10:49:59 77312 ----a-w- C:\Windows\System32\tdc.ocx 2013-04-02 13:44:28 65128 ------w- C:\Windows\System32\GIDLogonCP64.dll 2013-04-02 13:44:26 65128 ----a-w- C:\Windows\SysWow64\SysEventMenu.dll 2013-04-02 13:44:18 470112 ------w- C:\Windows\System32\GIDHOOK64.DLL 2013-04-02 13:44:16 448104 ------w- C:\Windows\System32\GIDHookLogon64.dll 2013-04-02 13:44:12 400472 ----a-w- C:\Windows\SysWow64\GIDHook.dll 2013-04-02 13:44:08 101976 ------w- C:\Windows\System32\GIDBIN3.DLL 2013-04-02 13:44:06 101976 ----a-w- C:\Windows\SysWow64\GIDBIN3.dll 2013-04-02 13:44:04 206936 ------w- C:\Windows\System32\GIDBIN1.DLL 2013-04-02 13:44:00 174168 ----a-w- C:\Windows\SysWow64\GIDBIN1.dll 2013-04-02 12:16:10 236248 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys 2013-03-15 16:15:23 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-15 16:15:23 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-15 16:15:23 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:06 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 13:34:23.65 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.