Jump to content

Search the Community

Showing results for tags 'delta-search'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 2 results

  1. My version of Google Chrome seems to have been hi-jacked and every time I start it up I get www2.delta-search.com instead of my home page - when I check the settings my correct homepage is there and if I click on home it does take me to my homepage. I have googled for information about this delta-search and it seems that it is an invasive malware: www2.delta-search.com is categorized as a browser hijacker as similar as www1.delta-search.com hijacker which can perform many corrupted actions on the infected computer, it includes: downloading other malicious programs, creating a backdoor in your PC security and creating advertisements. Being as a redirect virus, it is very disturbing and will continuously redirect your web searches to some fake web sites. It aims to hijack web browsers such as Safari, IE, FireFox, Chrome, modify the DNS and redirect search results in Google, Yahoo and Bing to a multiple undesirable websites. If this is the case can you please tell me why Malwarebytes does not find it? I have found various instructions for manual removal but have still not managed to get rid of it. To my mind that is what I paid for Malwarebytes for so it should remove this automatically but it does not. I have followed your instructions in the topic 'I'm infected - What do I do now?' and the two files I created are attached below: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 26/04/2012 15:28:35 System Uptime: 07/05/2013 08:36:01 (5 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8Z68-V LX Processor: Intel® Core i5-2300 CPU @ 2.80GHz | LGA1155 | 2801/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 380.391 GiB free. D: is FIXED (NTFS) - 932 GiB total, 820.107 GiB free. E: is CDROM () H: is FIXED (FAT32) - 466 GiB total, 27.169 GiB free. I: is Removable J: is Removable K: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP177: 01/05/2013 15:53:09 - Installed AVG PC TuneUp RP178: 02/05/2013 08:38:34 - Removed AVG PC TuneUp RP179: 02/05/2013 08:41:28 - Removed AVG PC TuneUp Language Pack (en-US) RP180: 02/05/2013 16:54:19 - Wunderlist RP181: 03/05/2013 12:00:33 - Windows Backup RP182: 03/05/2013 14:39:56 - Windows Update . ==== Installed Programs ====================== . Adobe Acrobat 9 Standard Adobe Acrobat 9.5.4 - CPSID_83708 Adobe AIR Adobe Digital Editions 2.0 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Android SDK Tools Apple Application Support Apple Software Update Asmedia ASM104x USB 3.0 Host Controller Driver Audacity 2.0.2 AVG 2013 Bonjour BRAdmin Professional 3 CDMenuPro V6 CutePDF Writer 2.8 DefaultTab Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dropbox eFax Messenger Express Scribe Facebook Messenger 2.1.4814.0 FileZilla Client 3.6.0.2 Free M4a to MP3 Converter 7.2 Free YouTube to MP3 Converter Studio 7.3 Google Chrome GuardedID HTC BMP USB Driver HTC Driver Installer iCloud Intel® Processor Graphics Java 7 Update 17 Java 7 Update 7 (64-bit) Java Auto Updater Junk Mail filter update KeyBlaze Typing Tutor Kobo Malwarebytes Anti-Malware version 1.75.0.1300 Microangelo Creation Microsoft .NET Framework 4.5 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Mouse and Keyboard Center Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MyTomTom 3.2.0.802 Rapport Reader for PC Reader Library by Sony Realtek Ethernet Controller Driver Security Update for Microsoft .NET Framework 4.5 (KB2737083) Security Update for Microsoft .NET Framework 4.5 (KB2742613) Security Update for Microsoft .NET Framework 4.5 (KB2789648) Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition Serif British Clipart Collection Serif DrawPlus X4 Serif PagePlus X6 Serif PhotoPlus X5 Serif Premium Image Collection 6 Serif WebPlus X6 Sibelius Scorch (Firefox, Opera, Netscape only) TeamViewer 7 Update for Microsoft .NET Framework 4.5 (KB2750147) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Visual Studio C++ 10.0 Runtime Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Wunderlist XNote Stopwatch . ==== Event Viewer Messages From Past Week ======== . 07/05/2013 08:37:50, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. 07/05/2013 08:37:50, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 07/05/2013 08:36:49, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 07/05/2013 08:36:34, Error: Service Control Manager [7000] - The DM1Service service failed to start due to the following error: The system cannot find the file specified. 03/05/2013 12:00:19, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 02/05/2013 15:06:04, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 01/05/2013 08:21:56, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.17.2 Run by Justine at 13:33:57 on 2013-05-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8089.2649 [GMT 1:00] . AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgfws.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Wunderlist2\Wunderlist.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Users\Justine\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe C:\Users\Justine\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Users\Justine\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Users\Justine\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\XNote Stopwatch\xnsw.exe C:\Program Files (x86)\XNote Stopwatch\xnsw.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\SFT\GuardedID\GIDOSKHlpr.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Users\Justine\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\PROGRA~2\Serif\PagePlus\X6\Program\PagePlus.exe C:\Windows\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www2.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=5A1CC86000D3BBC9 mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: GuardedID: {983EB3A5-F9EE-4fe2-B3C3-E64A32F6305D} - C:\Program Files (x86)\SFT\GuardedID\GIDTB.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R uRun: [Facebook Update] "C:\Users\Justine\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [Wunderlist] "C:\Program Files (x86)\Wunderlist2\Wunderlist.exe" /silent uRun: [Google Update] "C:\Users\Justine\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s StartupFolder: C:\Users\Justine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Justine\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Justine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe StartupFolder: C:\Users\Justine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Justine\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{08101BF9-5B78-4AA9-8EB5-0983D033FBC9} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{F0DFAEEB-718B-4F58-9744-10717FD78C83} : DHCPNameServer = 192.168.42.129 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {FF2761B5-B139-4F8D-9380-3126FB419629}-1Reg - C:\Windows\SysWOW64\regsvr32.exe /s /n /i "C:\Program Files (x86)\SFT\GuardedID\gidtb.dll" mASetup: {FF2761B5-B139-4F8D-9380-3126FB419629}-2Help - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /hs mASetup: {FF2761B5-B139-4F8D-9380-3126FB419629}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file> x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\ FF - prefs.js: browser.startup.homepage - hxxp://benhodgson.easysearch.org.uk/|https://www.angryhosting.com/roundcube/?_task=mail&_mbox=INBOX FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?q= FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Justine\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll FF - plugin: C:\Users\Justine\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-04-19 13:09; guardedid@sftnj.com; C:\Program Files (x86)\Mozilla Firefox\extensions\guardedid@sftnj.com FF - ExtSQL: 2013-04-25 13:27; langpack-en-GB@firefox.mozilla.org; C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\vkdng1cu.default-1352389564022\extensions\langpack-en-GB@firefox.mozilla.org.xpi FF - ExtSQL: 2013-04-30 12:00; {650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}; C:\Program Files (x86)\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} . ---- FIREFOX POLICIES ---- . FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 5a1cfc0e000000000000c86000d3bbc9 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15825 FF - user.js: extensions.delta.vrsn - 1.8.16.16 FF - user.js: extensions.delta.vrsni - 1.8.16.16 FF - user.js: extensions.delta.vrsnTs - 1.8.16.169:50:04 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . . . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 50296] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 GIDv2;GIDv2;C:\Windows\System32\drivers\gidv2.sys [2013-4-19 28592] R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-4-2 586072] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-2 228600] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2012-4-29 65536] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-12 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-12 701512] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-2 1124184] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-31 2754984] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-12 25928] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-26 1492992] R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2013-2-20 175352] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-26 646248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-4-29 236248] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-25 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-26 1255736] . =============== Created Last 30 ================ . 2013-05-02 16:02:52 -------- d-----w- C:\Program Files (x86)\Wunderlist2 2013-05-02 15:54:32 -------- d-----w- C:\ProgramData\Package Cache 2013-04-30 11:00:04 -------- d-----w- C:\Program Files (x86)\DnsBasic 2013-04-30 08:54:50 -------- d-----w- C:\Users\Justine\AppData\Roaming\player 2013-04-30 08:50:33 -------- d-----w- C:\Users\Justine\AppData\Local\Supreme Savings 2013-04-30 08:49:38 -------- d-----w- C:\ProgramData\Babylon 2013-04-30 08:49:37 -------- d-----w- C:\Users\Justine\AppData\Roaming\Babylon 2013-04-26 07:22:31 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll 2013-04-24 06:56:42 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-23 13:59:49 -------- d-----w- C:\Users\Justine\AppData\Local\6_Wunderkinder_GmbH 2013-04-23 07:54:04 362600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\guardedid@sftnj.com\components\gidconnect20.dll 2013-04-19 12:10:02 28592 ------w- C:\Windows\System32\drivers\gidv2.sys 2013-04-18 10:30:24 -------- d-----w- C:\Users\Justine\AppData\Roaming\AVG 2013-04-18 10:29:46 -------- d-----w- C:\ProgramData\AVG 2013-04-18 10:29:39 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-04-16 09:41:22 52568 ----a-w- C:\Windows\System32\AdobePDF.dll 2013-04-11 07:24:48 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-11 07:24:47 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-04-11 07:24:44 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-11 07:24:42 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-11 07:24:42 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-11 07:24:42 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-11 07:24:42 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-11 07:24:42 112640 ----a-w- C:\Windows\System32\smss.exe . ==================== Find3M ==================== . 2013-04-18 10:03:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-18 10:03:57 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-04 10:49:59 77312 ----a-w- C:\Windows\System32\tdc.ocx 2013-04-02 13:44:28 65128 ------w- C:\Windows\System32\GIDLogonCP64.dll 2013-04-02 13:44:26 65128 ----a-w- C:\Windows\SysWow64\SysEventMenu.dll 2013-04-02 13:44:18 470112 ------w- C:\Windows\System32\GIDHOOK64.DLL 2013-04-02 13:44:16 448104 ------w- C:\Windows\System32\GIDHookLogon64.dll 2013-04-02 13:44:12 400472 ----a-w- C:\Windows\SysWow64\GIDHook.dll 2013-04-02 13:44:08 101976 ------w- C:\Windows\System32\GIDBIN3.DLL 2013-04-02 13:44:06 101976 ----a-w- C:\Windows\SysWow64\GIDBIN3.dll 2013-04-02 13:44:04 206936 ------w- C:\Windows\System32\GIDBIN1.DLL 2013-04-02 13:44:00 174168 ----a-w- C:\Windows\SysWow64\GIDBIN1.dll 2013-04-02 12:16:10 236248 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys 2013-03-15 16:15:23 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-15 16:15:23 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-15 16:15:23 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:06 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 13:34:23.65 ===============
  2. I've managed to pick up some new Malware which isint being picked up by any of the scanners. I have some experience with malware removal in a sandbox; but as this is on my core system, and seems relatively new, I decided not to fiddle. I'll be awaiting instructions... Sorry about all the junk programs.... maybe its about time I re-install lol. I have the both DDS.txt and Attach.txt scans (in safe more), should I upload these?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.