Jump to content

jaygee1969

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Posts posted by jaygee1969

    delta-search

    in Resolved Malware Removal Logs

    Posted

    Results of screen317's Security Check version 0.99.63

    Windows 7 Service Pack 1 x64 (UAC is enabled)

    Internet Explorer 9

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Firewall Disabled!

    AVG Internet Security 2013

    Antivirus up to date!

    `````````Anti-malware/Other Utilities Check:`````````

    Malwarebytes Anti-Malware version 1.75.0.1300

    Java 7 Update 21

    Adobe Flash Player 11.7.700.169

    Adobe Reader XI

    Mozilla Firefox (Firefox,. Firefox out of Date!

    Google Chrome 26.0.1410.43

    Google Chrome 26.0.1410.64

    ````````Process Check: objlist.exe by Laurent````````

    Malwarebytes Anti-Malware mbamservice.exe

    Malwarebytes Anti-Malware mbamgui.exe

    AVG avgwdsvc.exe

    Malwarebytes' Anti-Malware mbamscheduler.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: 1%

    ````````````````````End of Log``````````````````````

    delta-search

    in Resolved Malware Removal Logs

    Posted

    Results of screen317's Security Check version 0.99.63

    Windows 7 Service Pack 1 x64 (UAC is enabled)

    Internet Explorer 9

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Firewall Disabled!

    AVG Internet Security 2013

    Antivirus up to date!

    `````````Anti-malware/Other Utilities Check:`````````

    Malwarebytes Anti-Malware version 1.75.0.1300

    Java 7 Update 17

    Java version out of Date!

    Adobe Flash Player 11.7.700.169

    Adobe Reader 10.1.6 Adobe Reader out of Date!

    Mozilla Firefox (Firefox,. Firefox out of Date!

    Google Chrome 26.0.1410.43

    Google Chrome 26.0.1410.64

    ````````Process Check: objlist.exe by Laurent````````

    Malwarebytes Anti-Malware mbamservice.exe

    Malwarebytes Anti-Malware mbamgui.exe

    AVG avgwdsvc.exe

    Malwarebytes' Anti-Malware mbamscheduler.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: 1%

    ````````````````````End of Log``````````````````````

    delta-search

    in Resolved Malware Removal Logs

    Posted

    # AdwCleaner v2.300 - Logfile created 05/08/2013 at 15:33:52

    # Updated 28/04/2013 by Xplode

    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

    # User : Justine - HCS173W7

    # Boot Mode : Normal

    # Running from : C:\Users\Justine\Downloads\adwcleaner.exe

    # Option [Delete]

    ***** [services] *****

    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

    File Deleted : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\extensions\addon@defaulttab.com.xpi

    File Deleted : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\searchplugins\delta.xml

    File Deleted : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\searchplugins\search-here.xml

    Folder Deleted : C:\ProgramData\Babylon

    Folder Deleted : C:\ProgramData\Tarma Installer

    Folder Deleted : C:\Users\Justine\AppData\Local\Supreme Savings

    Folder Deleted : C:\Users\Justine\AppData\Roaming\Babylon

    Folder Deleted : C:\Users\Justine\AppData\Roaming\DefaultTab

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP

    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

    Key Deleted : HKCU\Software\BabylonToolbar

    Key Deleted : HKCU\Software\Conduit

    Key Deleted : HKCU\Software\Cr_Installer

    Key Deleted : HKCU\Software\DataMngr

    Key Deleted : HKCU\Software\DataMngr_Toolbar

    Key Deleted : HKCU\Software\Default Tab

    Key Deleted : HKCU\Software\delta LTD

    Key Deleted : HKCU\Software\Softonic

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

    Key Deleted : HKLM\Software\AVG Secure Search

    Key Deleted : HKLM\Software\Babylon

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

    Key Deleted : HKLM\Software\Conduit

    Key Deleted : HKLM\Software\DataMngr

    Key Deleted : HKLM\Software\Default Tab

    Key Deleted : HKLM\Software\PIP

    Key Deleted : HKLM\Software\Supreme Savings

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\5e57df8ae26fec14

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    Key Deleted : HKLM\SOFTWARE\Tarma Installer

    ***** [internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16537

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=5A1CC86000D3BBC9 --> hxxp://www.google.com

    -\\ Mozilla Firefox v20.0.1 (en-US)

    File : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\prefs.js

    C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\user.js ... Deleted !

    Deleted : user_pref("browser.startup.homepage", "hxxp://benhodgson.easysearch.org.uk/|hxxps://www.angryhosting[...]

    Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]

    Deleted : user_pref("extensions.delta.admin", false);

    Deleted : user_pref("extensions.delta.aflt", "babsst");

    Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

    Deleted : user_pref("extensions.delta.autoRvrt", "false");

    Deleted : user_pref("extensions.delta.dfltLng", "en");

    Deleted : user_pref("extensions.delta.excTlbr", false);

    Deleted : user_pref("extensions.delta.ffxUnstlRst", true);

    Deleted : user_pref("extensions.delta.id", "5a1cfc0e000000000000c86000d3bbc9");

    Deleted : user_pref("extensions.delta.instlDay", "15825");

    Deleted : user_pref("extensions.delta.instlRef", "sst");

    Deleted : user_pref("extensions.delta.newTab", false);

    Deleted : user_pref("extensions.delta.prdct", "delta");

    Deleted : user_pref("extensions.delta.prtnrId", "delta");

    Deleted : user_pref("extensions.delta.rvrt", "false");

    Deleted : user_pref("extensions.delta.smplGrp", "none");

    Deleted : user_pref("extensions.delta.tlbrId", "base");

    Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");

    Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");

    Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.169:50:04");

    Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");

    -\\ Google Chrome v26.0.1410.64

    File : C:\Users\Justine\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.2195] : homepage = "hxxps://www.google.com/calendar/render?tab=mc&pli=1|hxxps://mail.google.com/mail/?sh[...]

    Deleted [l.2448] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=120519&babsrc=HP_ss&mntrI[...]

    *************************

    AdwCleaner[R1].txt - [5018 octets] - [08/05/2013 14:40:12]

    AdwCleaner[R2].txt - [5078 octets] - [08/05/2013 15:33:40]

    AdwCleaner[s1].txt - [4967 octets] - [08/05/2013 15:33:52]

    ########## EOF - C:\AdwCleaner[s1].txt - [5027 octets] ##########

    delta-search

    in Resolved Malware Removal Logs

    Posted

    # AdwCleaner v2.300 - Logfile created 05/08/2013 at 14:40:12

    # Updated 28/04/2013 by Xplode

    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

    # User : Justine - HCS173W7

    # Boot Mode : Normal

    # Running from : C:\Users\Justine\Downloads\adwcleaner.exe

    # Option [search]

    ***** [services] *****

    ***** [Files / Folders] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

    File Found : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\extensions\addon@defaulttab.com.xpi

    File Found : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\extensions\addon@defaulttab.com.xpi

    File Found : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\searchplugins\delta.xml

    File Found : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\searchplugins\search-here.xml

    Folder Found : C:\ProgramData\Babylon

    Folder Found : C:\ProgramData\Tarma Installer

    Folder Found : C:\Users\Justine\AppData\Local\Supreme Savings

    Folder Found : C:\Users\Justine\AppData\Roaming\Babylon

    Folder Found : C:\Users\Justine\AppData\Roaming\DefaultTab

    ***** [Registry] *****

    Key Found : HKCU\Software\APN PIP

    Key Found : HKCU\Software\AppDataLow\Software\Crossrider

    Key Found : HKCU\Software\BabylonToolbar

    Key Found : HKCU\Software\Conduit

    Key Found : HKCU\Software\Cr_Installer

    Key Found : HKCU\Software\DataMngr

    Key Found : HKCU\Software\DataMngr_Toolbar

    Key Found : HKCU\Software\Default Tab

    Key Found : HKCU\Software\delta LTD

    Key Found : HKCU\Software\Softonic

    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

    Key Found : HKLM\Software\AVG Secure Search

    Key Found : HKLM\Software\Babylon

    Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

    Key Found : HKLM\SOFTWARE\Classes\Prod.cap

    Key Found : HKLM\Software\Conduit

    Key Found : HKLM\Software\DataMngr

    Key Found : HKLM\Software\Default Tab

    Key Found : HKLM\Software\PIP

    Key Found : HKLM\Software\Supreme Savings

    Key Found : HKLM\SOFTWARE\Wow6432Node\5e57df8ae26fec14

    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    Key Found : HKLM\SOFTWARE\Tarma Installer

    Key Found : HKU\S-1-5-21-3335359776-2643304888-4147450880-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

    ***** [internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16537

    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=5A1CC86000D3BBC9

    -\\ Mozilla Firefox v20.0.1 (en-US)

    File : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\prefs.js

    Found : user_pref("browser.startup.homepage", "hxxp://benhodgson.easysearch.org.uk/|hxxps://www.angryhosting[...]

    Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]

    Found : user_pref("extensions.delta.admin", false);

    Found : user_pref("extensions.delta.aflt", "babsst");

    Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

    Found : user_pref("extensions.delta.autoRvrt", "false");

    Found : user_pref("extensions.delta.dfltLng", "en");

    Found : user_pref("extensions.delta.excTlbr", false);

    Found : user_pref("extensions.delta.ffxUnstlRst", true);

    Found : user_pref("extensions.delta.id", "5a1cfc0e000000000000c86000d3bbc9");

    Found : user_pref("extensions.delta.instlDay", "15825");

    Found : user_pref("extensions.delta.instlRef", "sst");

    Found : user_pref("extensions.delta.newTab", false);

    Found : user_pref("extensions.delta.prdct", "delta");

    Found : user_pref("extensions.delta.prtnrId", "delta");

    Found : user_pref("extensions.delta.rvrt", "false");

    Found : user_pref("extensions.delta.smplGrp", "none");

    Found : user_pref("extensions.delta.tlbrId", "base");

    Found : user_pref("extensions.delta.tlbrSrchUrl", "");

    Found : user_pref("extensions.delta.vrsn", "1.8.16.16");

    Found : user_pref("extensions.delta.vrsnTs", "1.8.16.169:50:04");

    Found : user_pref("extensions.delta.vrsni", "1.8.16.16");

    -\\ Google Chrome v26.0.1410.64

    File : C:\Users\Justine\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Found [l.2195] : homepage = "hxxps://www.google.com/calendar/render?tab=mc&pli=1|hxxps://mail.google.com/mail/?shva=1#inbox",

    Found [l.2448] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=5A1CC86000D3BBC9" ]

    *************************

    AdwCleaner[R1].txt - [4895 octets] - [08/05/2013 14:40:12]

    ########## EOF - C:\AdwCleaner[R1].txt - [4955 octets] ##########

    delta-search

    in Resolved Malware Removal Logs

    Posted

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Justine [Admin rights]

    Mode : Scan -- Date : 05/08/2013 08:46:22

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤

    [TASK][sUSP PATH] Test TimeTrigger : C:\Users\Justine\AppData\Local\Temp\Runner.exe C:\Users\Justine\AppData\Local\Temp\DNS.exe [-] -> FOUND

    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++

    --- User ---

    [MBR] 3cd76c0104370e16ab52637119987bef

    [bSP] 915851f8a1b10e6996ed19e95510cb90 : Windows 7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST31000524AS ATA Device +++++

    --- User ---

    [MBR] 4c1a18d89fd96a36242f519730fe9040

    [bSP] 035b85cfae3a9e93a8565834877ca0a9 : Windows 7/8 MBR Code

    Partition table:

    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1]_S_05082013_02d0846.txt >>

    RKreport[1]_S_05082013_02d0846.txt

    delta-search

    in Resolved Malware Removal Logs

    Posted

    My version of Google Chrome seems to have been hi-jacked and every time I start it up I get www2.delta-search.com instead of my home page - when I check the settings my correct homepage is there and if I click on home it does take me to my homepage. I have googled for information about this delta-search and it seems that it is an invasive malware: www2.delta-search.com is categorized as a browser hijacker as similar as www1.delta-search.com hijacker which can perform many corrupted actions on the infected computer, it includes: downloading other malicious programs, creating a backdoor in your PC security and creating advertisements. Being as a redirect virus, it is very disturbing and will continuously redirect your web searches to some fake web sites. It aims to hijack web browsers such as Safari, IE, FireFox, Chrome, modify the DNS and redirect search results in Google, Yahoo and Bing to a multiple undesirable websites.

    If this is the case can you please tell me why Malwarebytes does not find it? I have found various instructions for manual removal but have still not managed to get rid of it. To my mind that is what I paid for Malwarebytes for so it should remove this automatically but it does not.

    I have followed your instructions in the topic 'I'm infected - What do I do now?' and the two files I created are attached below:

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 26/04/2012 15:28:35

    System Uptime: 07/05/2013 08:36:01 (5 hours ago)

    .

    Motherboard: ASUSTeK Computer INC. | | P8Z68-V LX

    Processor: Intel® Core i5-2300 CPU @ 2.80GHz | LGA1155 | 2801/100mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 466 GiB total, 380.391 GiB free.

    D: is FIXED (NTFS) - 932 GiB total, 820.107 GiB free.

    E: is CDROM ()

    H: is FIXED (FAT32) - 466 GiB total, 27.169 GiB free.

    I: is Removable

    J: is Removable

    K: is Removable

    L: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP177: 01/05/2013 15:53:09 - Installed AVG PC TuneUp

    RP178: 02/05/2013 08:38:34 - Removed AVG PC TuneUp

    RP179: 02/05/2013 08:41:28 - Removed AVG PC TuneUp Language Pack (en-US)

    RP180: 02/05/2013 16:54:19 - Wunderlist

    RP181: 03/05/2013 12:00:33 - Windows Backup

    RP182: 03/05/2013 14:39:56 - Windows Update

    .

    ==== Installed Programs ======================

    .

    Adobe Acrobat 9 Standard

    Adobe Acrobat 9.5.4 - CPSID_83708

    Adobe AIR

    Adobe Digital Editions 2.0

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader X (10.1.6)

    Android SDK Tools

    Apple Application Support

    Apple Software Update

    Asmedia ASM104x USB 3.0 Host Controller Driver

    Audacity 2.0.2

    AVG 2013

    Bonjour

    BRAdmin Professional 3

    CDMenuPro V6

    CutePDF Writer 2.8

    DefaultTab

    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

    Dropbox

    eFax Messenger

    Express Scribe

    Facebook Messenger 2.1.4814.0

    FileZilla Client 3.6.0.2

    Free M4a to MP3 Converter 7.2

    Free YouTube to MP3 Converter Studio 7.3

    Google Chrome

    GuardedID

    HTC BMP USB Driver

    HTC Driver Installer

    iCloud

    Intel® Processor Graphics

    Java 7 Update 17

    Java 7 Update 7 (64-bit)

    Java Auto Updater

    Junk Mail filter update

    KeyBlaze Typing Tutor

    Kobo

    Malwarebytes Anti-Malware version 1.75.0.1300

    Microangelo Creation

    Microsoft .NET Framework 4.5

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Mouse and Keyboard Center

    Microsoft Office 2010 Service Pack 1 (SP1)

    Microsoft Office Access MUI (English) 2010

    Microsoft Office Access Setup Metadata MUI (English) 2010

    Microsoft Office Excel MUI (English) 2010

    Microsoft Office Groove MUI (English) 2010

    Microsoft Office InfoPath MUI (English) 2010

    Microsoft Office Office 32-bit Components 2010

    Microsoft Office OneNote MUI (English) 2010

    Microsoft Office Outlook MUI (English) 2010

    Microsoft Office PowerPoint MUI (English) 2010

    Microsoft Office Professional Plus 2010

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (French) 2010

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (English) 2010

    Microsoft Office Publisher MUI (English) 2010

    Microsoft Office Shared 32-bit MUI (English) 2010

    Microsoft Office Shared MUI (English) 2010

    Microsoft Office Shared Setup Metadata MUI (English) 2010

    Microsoft Office Word MUI (English) 2010

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    Mozilla Firefox 20.0.1 (x86 en-US)

    Mozilla Maintenance Service

    MSVCRT

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MSXML 4.0 SP3 Parser

    MSXML 4.0 SP3 Parser (KB2721691)

    MSXML 4.0 SP3 Parser (KB2758694)

    MyTomTom 3.2.0.802

    Rapport

    Reader for PC

    Reader Library by Sony

    Realtek Ethernet Controller Driver

    Security Update for Microsoft .NET Framework 4.5 (KB2737083)

    Security Update for Microsoft .NET Framework 4.5 (KB2742613)

    Security Update for Microsoft .NET Framework 4.5 (KB2789648)

    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

    Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition

    Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition

    Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553091)

    Security Update for Microsoft Office 2010 (KB2553096)

    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

    Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition

    Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition

    Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition

    Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

    Serif British Clipart Collection

    Serif DrawPlus X4

    Serif PagePlus X6

    Serif PhotoPlus X5

    Serif Premium Image Collection 6

    Serif WebPlus X6

    Sibelius Scorch (Firefox, Opera, Netscape only)

    TeamViewer 7

    Update for Microsoft .NET Framework 4.5 (KB2750147)

    Update for Microsoft Office 2010 (KB2553065)

    Update for Microsoft Office 2010 (KB2553092)

    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2566458)

    Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

    Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

    Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

    Visual Studio 2008 x64 Redistributables

    Visual Studio 2010 x64 Redistributables

    Visual Studio C++ 10.0 Runtime

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Mail

    Windows Live Messenger

    Windows Live Movie Maker

    Windows Live Photo Gallery

    Windows Live Sign-in Assistant

    Windows Live Sync

    Windows Live Upload Tool

    Windows Live Writer

    Wunderlist

    XNote Stopwatch

    .

    ==== Event Viewer Messages From Past Week ========

    .

    07/05/2013 08:37:50, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

    07/05/2013 08:37:50, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    07/05/2013 08:36:49, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

    07/05/2013 08:36:34, Error: Service Control Manager [7000] - The DM1Service service failed to start due to the following error: The system cannot find the file specified.

    03/05/2013 12:00:19, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    02/05/2013 15:06:04, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

    01/05/2013 08:21:56, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    .

    ==== End Of File ===========================

    DDS (Ver_2012-11-20.01) - NTFS_AMD64

    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.17.2

    Run by Justine at 13:33:57 on 2013-05-07

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8089.2649 [GMT 1:00]

    .

    AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

    FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

    .

    ============== Running Processes ===============

    .

    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\System32\WUDFHost.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\System32\WUDFHost.exe

    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

    C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe

    C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe

    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files (x86)\Wunderlist2\Wunderlist.exe

    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

    C:\Users\Justine\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe

    C:\Users\Justine\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

    C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

    C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

    C:\Users\Justine\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe

    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

    C:\Program Files (x86)\AVG\AVG2013\avgui.exe

    C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

    C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Users\Justine\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Program Files (x86)\XNote Stopwatch\xnsw.exe

    C:\Program Files (x86)\XNote Stopwatch\xnsw.exe

    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    C:\Program Files (x86)\SFT\GuardedID\GIDOSKHlpr.exe

    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

    C:\Windows\system32\svchost.exe -k SDRSVC

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

    C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

    C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

    C:\PROGRA~2\Serif\PagePlus\X6\Program\PagePlus.exe

    C:\Windows\notepad.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www2.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=5A1CC86000D3BBC9

    mWinlogon: Userinit = userinit.exe,

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>

    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    TB: GuardedID: {983EB3A5-F9EE-4fe2-B3C3-E64A32F6305D} - C:\Program Files (x86)\SFT\GuardedID\GIDTB.dll

    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

    uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"

    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

    uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R

    uRun: [Facebook Update] "C:\Users\Justine\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

    uRun: [Wunderlist] "C:\Program Files (x86)\Wunderlist2\Wunderlist.exe" /silent

    uRun: [Google Update] "C:\Users\Justine\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

    mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

    mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe

    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s

    StartupFolder: C:\Users\Justine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Justine\AppData\Roaming\Dropbox\bin\Dropbox.exe

    StartupFolder: C:\Users\Justine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe

    StartupFolder: C:\Users\Justine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Justine\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

    mPolicies-Explorer: NoActiveDesktop = dword:1

    mPolicies-Explorer: NoActiveDesktopChanges = dword:1

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableUIADesktopToggle = dword:0

    IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

    IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

    TCP: NameServer = 192.168.1.1

    TCP: Interfaces\{08101BF9-5B78-4AA9-8EB5-0983D033FBC9} : DHCPNameServer = 192.168.1.1

    TCP: Interfaces\{F0DFAEEB-718B-4F58-9744-10717FD78C83} : DHCPNameServer = 192.168.42.129

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

    SSODL: WebCheck - <orphaned>

    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

    mASetup: {FF2761B5-B139-4F8D-9380-3126FB419629}-1Reg - C:\Windows\SysWOW64\regsvr32.exe /s /n /i "C:\Program Files (x86)\SFT\GuardedID\gidtb.dll"

    mASetup: {FF2761B5-B139-4F8D-9380-3126FB419629}-2Help - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /hs

    mASetup: {FF2761B5-B139-4F8D-9380-3126FB419629}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v

    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>

    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

    x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

    x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

    x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

    x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

    x64-Notify: igfxcui - igfxdev.dll

    x64-SSODL: WebCheck - <orphaned>

    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\

    FF - prefs.js: browser.startup.homepage - hxxp://benhodgson.easysearch.org.uk/|https://www.angryhosting.com/roundcube/?_task=mail&_mbox=INBOX

    FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?q=

    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll

    FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\Users\Justine\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll

    FF - plugin: C:\Users\Justine\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

    FF - ExtSQL: 2013-04-19 13:09; guardedid@sftnj.com; C:\Program Files (x86)\Mozilla Firefox\extensions\guardedid@sftnj.com

    FF - ExtSQL: 2013-04-25 13:27; langpack-en-GB@firefox.mozilla.org; C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\extensions\langpack-en-GB@firefox.mozilla.org.xpi

    FF - ExtSQL: 2013-04-30 12:00; {650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}; C:\Program Files (x86)\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}

    .

    ---- FIREFOX POLICIES ----

    .

    FF - user.js: extensions.delta.tlbrSrchUrl -

    FF - user.js: extensions.delta.id - 5a1cfc0e000000000000c86000d3bbc9

    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

    FF - user.js: extensions.delta.instlDay - 15825

    FF - user.js: extensions.delta.vrsn - 1.8.16.16

    FF - user.js: extensions.delta.vrsni - 1.8.16.16

    FF - user.js: extensions.delta.vrsnTs - 1.8.16.169:50:04

    FF - user.js: extensions.delta.prtnrId - delta

    FF - user.js: extensions.delta.prdct - delta

    FF - user.js: extensions.delta.aflt - babsst

    FF - user.js: extensions.delta.smplGrp - none

    FF - user.js: extensions.delta.tlbrId - base

    FF - user.js: extensions.delta.instlRef - sst

    FF - user.js: extensions.delta.dfltLng - en

    FF - user.js: extensions.delta.excTlbr - false

    FF - user.js: extensions.delta.ffxUnstlRst - true

    FF - user.js: extensions.delta.admin - false

    FF - user.js: extensions.delta.autoRvrt - false

    FF - user.js: extensions.delta.rvrt - false

    FF - user.js: extensions.delta.newTab - false

    .

    .

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]

    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 50296]

    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

    R1 GIDv2;GIDv2;C:\Windows\System32\drivers\gidv2.sys [2013-4-19 28592]

    R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-4-2 586072]

    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-2 228600]

    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]

    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]

    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

    R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2012-4-29 65536]

    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-12 418376]

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-12 701512]

    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]

    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-2 1124184]

    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-31 2754984]

    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-12 25928]

    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-26 1492992]

    R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2013-2-20 175352]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-26 646248]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]

    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]

    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]

    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

    S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-4-29 236248]

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]

    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-25 30208]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-26 1255736]

    .

    =============== Created Last 30 ================

    .

    2013-05-02 16:02:52 -------- d-----w- C:\Program Files (x86)\Wunderlist2

    2013-05-02 15:54:32 -------- d-----w- C:\ProgramData\Package Cache

    2013-04-30 11:00:04 -------- d-----w- C:\Program Files (x86)\DnsBasic

    2013-04-30 08:54:50 -------- d-----w- C:\Users\Justine\AppData\Roaming\player

    2013-04-30 08:50:33 -------- d-----w- C:\Users\Justine\AppData\Local\Supreme Savings

    2013-04-30 08:49:38 -------- d-----w- C:\ProgramData\Babylon

    2013-04-30 08:49:37 -------- d-----w- C:\Users\Justine\AppData\Roaming\Babylon

    2013-04-26 07:22:31 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

    2013-04-24 06:56:42 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

    2013-04-23 13:59:49 -------- d-----w- C:\Users\Justine\AppData\Local\6_Wunderkinder_GmbH

    2013-04-23 07:54:04 362600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\guardedid@sftnj.com\components\gidconnect20.dll

    2013-04-19 12:10:02 28592 ------w- C:\Windows\System32\drivers\gidv2.sys

    2013-04-18 10:30:24 -------- d-----w- C:\Users\Justine\AppData\Roaming\AVG

    2013-04-18 10:29:46 -------- d-----w- C:\ProgramData\AVG

    2013-04-18 10:29:39 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

    2013-04-16 09:41:22 52568 ----a-w- C:\Windows\System32\AdobePDF.dll

    2013-04-11 07:24:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

    2013-04-11 07:24:47 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

    2013-04-11 07:24:44 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

    2013-04-11 07:24:42 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

    2013-04-11 07:24:42 43520 ----a-w- C:\Windows\System32\csrsrv.dll

    2013-04-11 07:24:42 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

    2013-04-11 07:24:42 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

    2013-04-11 07:24:42 112640 ----a-w- C:\Windows\System32\smss.exe

    .

    ==================== Find3M ====================

    .

    2013-04-18 10:03:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-04-18 10:03:57 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2013-04-04 10:49:59 77312 ----a-w- C:\Windows\System32\tdc.ocx

    2013-04-02 13:44:28 65128 ------w- C:\Windows\System32\GIDLogonCP64.dll

    2013-04-02 13:44:26 65128 ----a-w- C:\Windows\SysWow64\SysEventMenu.dll

    2013-04-02 13:44:18 470112 ------w- C:\Windows\System32\GIDHOOK64.DLL

    2013-04-02 13:44:16 448104 ------w- C:\Windows\System32\GIDHookLogon64.dll

    2013-04-02 13:44:12 400472 ----a-w- C:\Windows\SysWow64\GIDHook.dll

    2013-04-02 13:44:08 101976 ------w- C:\Windows\System32\GIDBIN3.DLL

    2013-04-02 13:44:06 101976 ----a-w- C:\Windows\SysWow64\GIDBIN3.dll

    2013-04-02 13:44:04 206936 ------w- C:\Windows\System32\GIDBIN1.DLL

    2013-04-02 13:44:00 174168 ----a-w- C:\Windows\SysWow64\GIDBIN1.dll

    2013-04-02 12:16:10 236248 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys

    2013-03-15 16:15:23 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

    2013-03-15 16:15:23 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

    2013-03-15 16:15:23 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

    2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

    2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

    2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll

    2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll

    2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll

    2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll

    2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

    2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

    2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

    2013-02-12 04:12:06 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys

    2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

    .

    ============= FINISH: 13:34:23.65 ===============

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.