ComboFix >> Windows Installer Won't Run

Luna_McSniffles · May 28, 2013

Thanks for being here for this kind of troubleshooting. Working on a friend's laptop.

It was very slow, and Vista would not update to SP1. Ran MBAM in safe mode and found malware files, then ran ComboFix. Rebooted after that, and attempted to install TuneUp Utilities. At that point, got an error message that Windows Installer could not be accessed.

Relevant Log Files below - MBAM, ComboFix, and DDS.

MBAM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.27.07

Windows Vista x86 NTFS (Safe Mode/Networking)

Internet Explorer 7.0.6000.17037

Mad Fad :: MADFAD-PC [administrator]

Protection: Disabled

5/27/2013 5:14:08 PM

mbam-log-2013-05-27 (17-14-08).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options disabled: P2P

Objects scanned: 390173

Time elapsed: 1 hour(s), 10 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKCR\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.

HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VwOrOo (Trojan.Agent.CPL) -> Data: rundll32.exe shell32.dll,Control_RunDLL "C:\ProgramData\r4Bmi7waQJy9\gnm64yj0sIc5L7fB\1Fcu1csu5lCT\mWIpDSfo.dat", -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\ProgramData\r4Bmi7waQJy9\gnm64yj0sIc5L7fB\1Fcu1csu5lCT\mWIpDSfo.dat (Trojan.Agent.CPL) -> Quarantined and deleted successfully.

C:\ProgramData\N3JvdBTbsOBQ.cpl (Trojan.BanLoad) -> Quarantined and deleted successfully.

C:\Users\Mad Fad\AppData\Local\VirtualStore\ProgramData\Gatmo2Ob12Yb\LNIkrbFKQMf1jbq\AZNPDApZzgXp0\verj2L6HTwzz9\nyvgU3dXIynhm\yORIpPqgz.dat (Trojan.Agent.CPL) -> Quarantined and deleted successfully.

C:\Users\Mad Fad\AppData\Local\VirtualStore\ProgramData\ke2rHens1vGSjShW\ZiAI9lEXPtyA2y\6FiOr2aSTe8ujHP\a1WKZ8YZ0tMvDRn\rgjNL4YgoeGVAr\c99YqN.dat (Trojan.Agent.CPL) -> Quarantined and deleted successfully.

C:\Users\Mad Fad\AppData\Local\VirtualStore\ProgramData\r4Bmi7waQJy9\gnm64yj0sIc5L7fB\1Fcu1csu5lCT\mWIpDSfo.dat (Trojan.Agent.CPL) -> Quarantined and deleted successfully.

C:\ProgramData\jupdate.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

ComboFix

ComboFix 13-05-27.02 - Mad Fad 05/27/2013 22:16:46.1.2 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1495 [GMT -4:00]

Running from: c:\users\Mad Fad\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Common Files\Uninstall

c:\programdata\5hWcTrW0KEO.ico

c:\programdata\e7310cafebc550d4108bb4ab0ec38a1e5b33f1e3

c:\programdata\EDUtt04cjXg0.ico

c:\programdata\expCFJrX5p.ico

c:\programdata\g5vpNioNA.ico

c:\programdata\IFzuuDcSPB.ico

c:\programdata\KvAQf23w57P.ico

c:\programdata\ntuser.dat

c:\programdata\R0EwWApQ.ico

c:\programdata\ScDBcQwvTNci.ico

c:\programdata\SPL37A4.tmp

c:\programdata\SPL4A99.tmp

c:\programdata\SPL5984.tmp

c:\programdata\SPL6078.tmp

c:\programdata\SPL9212.tmp

c:\programdata\SPLA88E.tmp

c:\programdata\SPLB08B.tmp

c:\programdata\SPLE917.tmp

c:\programdata\SPLFB51.tmp

c:\programdata\VLd8PeCXl.ico

c:\users\Mad Fad\~WRL0001.tmp

c:\users\Mad Fad\AppData\Roaming\BabMaint.exe

c:\users\Mad Fad\Documents\~WRL0005.tmp

c:\users\Mad Fad\Firefox_Setup_20.0.exe

c:\users\Mad Fad\SoftonicDownloader_for_photomerge.exe

c:\users\Mad Fad\TLP_Moods.exe

c:\windows\system32\KBL.LOG

c:\windows\system32\SET26B9.tmp

c:\windows\system32\SET3CDA.tmp

c:\windows\system32\SET3E85.tmp

c:\windows\system32\SET43C1.tmp

c:\windows\system32\SET455B.tmp

c:\windows\system32\SETA43A.tmp

c:\windows\system32\SETB8D3.tmp

c:\windows\system32\SETB9CB.tmp

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 )))))))))))))))))))))))))))))))

.

2013-05-27 21:12 . 2013-05-27 21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-27 21:12 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-27 20:47 . 2013-05-27 20:47 -------- d-----w- c:\progra~2\85829C~1

2013-05-27 19:23 . 2009-07-14 01:19 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-05-27 19:23 . 2009-07-14 01:19 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-05-27 19:17 . 2013-05-27 19:17 -------- d-----w- c:\windows\system32\searchplugins

2013-05-27 19:17 . 2013-05-27 19:17 -------- d-----w- c:\windows\system32\Extensions

2013-05-27 19:04 . 2013-05-27 19:04 -------- d-----w- c:\progra~2\85C39C~1

2013-05-27 18:34 . 2013-05-27 18:34 -------- d-----w- c:\progra~2\8520-1~4

2013-05-27 16:58 . 2013-05-27 16:58 -------- d-----w- c:\progra~2\!!8520~1

2013-05-27 16:50 . 2013-05-27 16:50 -------- d-----w- c:\progra~2\8520-1~3

2013-05-27 14:40 . 2013-05-14 05:49 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8088063B-AFF1-4A39-95AE-4D303913C9AE}\mpengine.dll

2013-05-23 03:31 . 2013-05-23 03:31 -------- d-----w- c:\progra~2\8520-1~2

2013-05-12 16:34 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-05-12 16:34 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-05-12 16:34 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-05-12 16:34 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-05-12 16:34 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-05-12 16:34 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-05-12 16:34 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-12 16:34 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-12 16:34 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe

2013-05-12 16:33 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr

2013-05-12 16:31 . 2013-05-12 16:31 -------- d-----w- c:\program files\AVAST Software

2013-05-12 16:30 . 2013-05-12 16:31 -------- d-----w- c:\programdata\AVAST Software

2013-05-12 16:09 . 2013-05-12 16:09 -------- d-----w- c:\progra~2\PD1C3~1

2013-05-12 16:09 . 2013-05-12 16:09 -------- d-----w- c:\progra~2\8520-1~1

2013-05-11 13:50 . 2013-05-11 13:50 -------- d-sh--w- c:\programdata\r4Bmi7waQJy9

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-23 03:28 . 2013-04-20 13:29 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-05-02 06:06 . 2010-12-04 23:22 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-03-06 03:46 . 2013-03-06 03:46 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-06 03:46 . 2013-03-06 03:46 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-05-23 03:28 1991344 ----a-w- c:\program files\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll" [2013-05-23 1991344]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Mad Fad\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Mad Fad\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Mad Fad\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-11 1232896]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

"Yontoo Desktop"="c:\users\Mad Fad\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-04-17 42784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-17 185872]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2013-04-04 887432]

"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-18 152392]

"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-05-23 1226928]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]

.

c:\users\Mad Fad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Mad Fad\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1178580412-3150187080-1603977272-1000Core.job

- c:\users\Mad Fad\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 22:18]

.

2013-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1178580412-3150187080-1603977272-1000UA.job

- c:\users\Mad Fad\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 22:18]

.

2013-05-27 c:\windows\Tasks\User_Feed_Synchronization-{D38B8088-739A-4735-9EB6-2B7ECD876F8E}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

HKLM-Run-lxddmon.exe - c:\program files\Lexmark 2500 Series\lxddmon.exe

HKLM-Run-lxddamon - c:\program files\Lexmark 2500 Series\lxddamon.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-27 22:28

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1896)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

Completion time: 2013-05-27 22:30:48

ComboFix-quarantined-files.txt 2013-05-28 02:30

.

Pre-Run: 146,892,460,032 bytes free

Post-Run: 148,622,766,080 bytes free

.

- - End Of File - - A0200E24FD74DDF67777FC0860DECD90

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 10.7.2

Run by Mad Fad at 7:49:30 on 2013-05-28

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1267 [GMT -4:00]

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Mad Fad\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Yontoo Desktop] "c:\users\mad fad\appdata\roaming\yontoo\YontooDesktop.exe"

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\madfad~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\mad fad\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\madfad~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{924D4EAF-CC8A-4222-831E-68F8B6F5E82F} : DHCPNameServer = 192.168.1.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll

AppInit_DLLs= c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-4-20 37664]

S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-12 49376]

S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-12 174664]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-12 765736]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-12 368944]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-12 29816]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-12 66336]

S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-12 46808]

S2 BrowserProtect;BrowserProtect;c:\programdata\browserprotect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-4-26 2787280]

S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-27 418376]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-27 701512]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-11 24652]

S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-22 1015984]

S2 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2013-4-4 109064]

S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\yontoo\Y2Desktop.Updater.exe [2013-4-26 23552]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-27 22856]

S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\3.0.318\mcchsvc.exe" --> c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [?]

.

=============== Created Last 30 ================

.

2013-05-28 02:42:00 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2013-05-28 02:30:50 -------- d-----w- c:\users\mad fad\appdata\local\temp

2013-05-28 02:29:57 -------- d-sh--w- C:\$RECYCLE.BIN

2013-05-28 02:13:44 98816 ----a-w- c:\windows\sed.exe

2013-05-28 02:13:44 256000 ----a-w- c:\windows\PEV.exe

2013-05-28 02:13:44 208896 ----a-w- c:\windows\MBR.exe

2013-05-27 21:12:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-27 21:12:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-27 20:50:56 -------- d-----w- c:\windows\pss

2013-05-27 20:47:36 -------- d-----w- c:\programdata\????8520-1533-40C5-AD09-953C574F14BCÄ???

2013-05-27 19:23:20 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-05-27 19:23:19 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-05-27 19:17:14 -------- d-----w- c:\windows\system32\searchplugins

2013-05-27 19:17:14 -------- d-----w- c:\windows\system32\Extensions

2013-05-27 19:04:55 -------- d-----w- c:\programdata\????8520-1533-40C5-AD09-953C574F14BCÄ???

2013-05-27 18:34:03 -------- d-----w- c:\programdata\????8520-1533-40C5-AD09-953C574F14BCÄ???

2013-05-27 16:58:35 -------- d-----w- c:\programdata\?!?!8520-1533-40C5-AD09-953C574F14BCÄ!?!

2013-05-27 16:50:00 -------- d-----w- c:\programdata\????8520-1533-40C5-AD09-953C574F14BCÄ???

2013-05-27 14:40:25 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8088063b-aff1-4a39-95ae-4d303913c9ae}\mpengine.dll

2013-05-23 03:31:48 -------- d-----w- c:\programdata\????8520-1533-40C5-AD09-953C574F14BCÄ???

2013-05-12 16:34:39 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-05-12 16:34:37 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-05-12 16:34:33 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-12 16:34:29 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-12 16:33:29 41664 ----a-w- c:\windows\avastSS.scr

2013-05-12 16:31:09 -------- d-----w- c:\program files\AVAST Software

2013-05-12 16:30:03 -------- d-----w- c:\programdata\AVAST Software

2013-05-12 16:09:09 -------- d-----w- c:\programdata\?ù?ù????????????????????p???????

2013-05-12 16:09:08 -------- d-----w- c:\programdata\????8520-1533-40C5-AD09-953C574F14BCÄ???

2013-05-11 13:50:09 -------- d-sh--w- c:\programdata\r4Bmi7waQJy9

.

==================== Find3M ====================

.

2013-05-23 03:28:38 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-03-06 03:46:28 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-06 03:46:28 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

============= FINISH: 7:51:46.28 ===============

Maniac · May 28, 2013

Hello Luna_McSniffles and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please do not run ComboFix without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Next, post the content of Attach.txt (generated from DDS).

Luna_McSniffles · May 28, 2013

Thanks for your reply.

Ugh, already ran ComboFix without instructions from you guys. So it goes.

Including attach.txt as a zip file, per the instructions in the file itself.

attach.zip

Maniac · May 28, 2013

Step 1

Please uninstall the following applications:

Viewpoint Media Player

Wajam

Yontoo 2.052

Step 2

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

Please download AdwCleaner from here and save it on your Desktop.

Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

In your next reply, post the following log files:

Junkware Removal Tool log
Malwarebytes' Anti-Malware log
AdwCleaner log

Luna_McSniffles · May 28, 2013

Junkware found a bad module, which required rebooting.

MBAM found no errors, and seemingly did not generate a log.

ADW

Log contents below.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista Home Premium x86

Ran by Mad Fad on Tue 05/28/2013 at 13:40:50.06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{66F00777-E2CA-4B62-B7A4-84C1ECB19796}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d0508e03-1e5b-4c84-9fd6-6117bdb1490e}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{66F00777-E2CA-4B62-B7A4-84C1ECB19796}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\browserprotect"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\ProgramData\viewpoint"

Successfully deleted: [Folder] "C:\Users\Mad Fad\AppData\Roaming\babsolution"

Successfully deleted: [Folder] "C:\Users\Mad Fad\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\Mad Fad\AppData\Roaming\delta"

Successfully deleted: [Folder] "C:\Users\Mad Fad\appdata\locallow\babylontoolbar"

Successfully deleted: [Folder] "C:\Users\Mad Fad\appdata\locallow\delta"

Successfully deleted: [Folder] "C:\Program Files\delta"

Successfully deleted: [Folder] "C:\Program Files\tencent"

Successfully deleted: [Folder] "C:\Program Files\viewpoint"

Successfully deleted: [Folder] "C:\Users\Mad Fad\AppData\Roaming\microsoft\windows\start menu\programs\BrowserProtect"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 05/28/2013 at 13:45:06.66

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 15:44:29

# Updated 16/05/2013 by Xplode

# Operating system : Windows Vista Home Premium (32 bits)

# User : Mad Fad - MADFAD-PC

# Boot Mode : Normal

# Running from : C:\Users\Mad Fad\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

File Found : C:\Users\Mad Fad\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

File Found : C:\Users\Mad Fad\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

File Found : C:\Users\Mad Fad\AppData\Roaming\Mozilla\Firefox\Profiles\bgpdlo4n.default\bprotector_extensions.sqlite

File Found : C:\Users\Mad Fad\AppData\Roaming\Mozilla\Firefox\Profiles\bgpdlo4n.default\bprotector_prefs.js

File Found : C:\Users\Mad Fad\AppData\Roaming\Mozilla\Firefox\Profiles\bgpdlo4n.default\searchplugins\delta.xml

Folder Found : C:\Program Files\Common Files\AVG Secure Search

Folder Found : C:\Users\Mad Fad\AppData\Roaming\Mozilla\Firefox\Profiles\bgpdlo4n.default\extensions\ffxtlbr@delta.com

***** [Registry] *****

Key Found : HKCU\Software\5955dadeb239e815

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Delta

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\TENCENT

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\5955dadeb239e815

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\Software\Delta

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\Software\TENCENT

Key Found : HKLM\Software\Viewpoint

Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17037

[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www2.delta-search.com/?affID=121846&babsrc=HP_ss&mntrId=2C47001E68085C02

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www2.delta-search.com/?affID=121846&babsrc=NT_ss&mntrId=2C47001E68085C02

-\\ Mozilla Firefox v [unable to get version]

File : C:\Users\Mad Fad\AppData\Roaming\Mozilla\Firefox\Profiles\bgpdlo4n.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Mad Fad\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.29] : keyword = "babylon.com",

Found [l.33] : search_url = "hxxp://www2.delta-search.com/?q={searchTerms}&affID=121846&babsrc=SP_ss&mntrId=2C47001E68085C02",

*************************

AdwCleaner[R1].txt - [10642 octets] - [28/05/2013 15:44:29]

########## EOF - C:\AdwCleaner[R1].txt - [10703 octets] ##########

Maniac · May 29, 2013

Please re-run AdwCleaner
Click on Delete button.
Confirm each time with OK.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Luna_McSniffles · May 29, 2013

Ok, here you go. What's next, and does this look to be progressing well?

Key will be getting the Vista updates in place once the Windows Installer is working again (haven't re-tried that yet).

Thanks

# AdwCleaner v2.301 - Logfile created 05/29/2013 at 06:28:38

# Updated 16/05/2013 by Xplode

# Operating system : Windows Vista Home Premium (32 bits)

# User : Mad Fad - MADFAD-PC

# Boot Mode : Normal

# Running from : C:\Users\Mad Fad\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

File Deleted : C:\Users\Mad Fad\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

File Deleted : C:\Users\Mad Fad\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

File Deleted : C:\Users\Mad Fad\AppData\Roaming\Mozilla\Firefox\Profiles\bgpdlo4n.default\bprotector_extensions.sqlite

File Deleted : C:\Users\Mad Fad\AppData\Roaming\Mozilla\Firefox\Profiles\bgpdlo4n.default\bprotector_prefs.js

File Deleted : C:\Users\Mad Fad\AppData\Roaming\Mozilla\Firefox\Profiles\bgpdlo4n.default\searchplugins\delta.xml

Folder Deleted : C:\Users\Mad Fad\AppData\Roaming\Mozilla\Firefox\Profiles\bgpdlo4n.default\extensions\ffxtlbr@delta.com

***** [Registry] *****

Key Deleted : HKCU\Software\5955dadeb239e815

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\TENCENT

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\5955dadeb239e815

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\Software\Delta

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\Software\TENCENT

Key Deleted : HKLM\Software\Viewpoint

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17037

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www2.delta-search.com/?affID=121846&babsrc=NT_ss&mntrId=2C47001E68085C02 --> hxxp://www.google.com

-\\ Mozilla Firefox v [unable to get version]

File : C:\Users\Mad Fad\AppData\Roaming\Mozilla\Firefox\Profiles\bgpdlo4n.default\prefs.js

C:\Users\Mad Fad\AppData\Roaming\Mozilla\Firefox\Profiles\bgpdlo4n.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Mad Fad\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.34] : keyword = "babylon.com",

Deleted [l.38] : search_url = "hxxp://www2.delta-search.com/?q={searchTerms}&affID=121846&babsrc=SP_ss&mntrId=[...]

*************************

AdwCleaner[R1].txt - [10773 octets] - [28/05/2013 15:44:29]

AdwCleaner[s1].txt - [10894 octets] - [29/05/2013 06:28:38]

########## EOF - C:\AdwCleaner[s1].txt - [10955 octets] ##########

Maniac · May 29, 2013

Step 1

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download on the desktop RogueKiller
Quit all programs
Start RogueKiller.exe
Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
RogueKiller log

Luna_McSniffles · May 29, 2013

Here you go:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.29.04

Windows Vista x86 NTFS

Internet Explorer 7.0.6000.17037

Mad Fad :: MADFAD-PC [administrator]

Protection: Enabled

5/29/2013 9:55:47 AM

mbam-log-2013-05-29 (09-55-47).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options disabled: P2P

Objects scanned: 374157

Time elapsed: 2 hour(s), 34 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6000 ) 32 bits version

Started in : Normal mode

User : Mad Fad [Admin rights]

Mode : Scan -- Date : 05/29/2013 13:15:55

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[TASK][sUSP PATH] EPUpdater : C:\Users\MADFAD~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-60UST0 ATA Device +++++

--- User ---

[MBR] ede058bdf452fdc9beca1c99d11acaba

[bSP] 1c18e065a470aef3f4ccaa97422a5411 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 226251 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463362795 | Size: 12221 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05292013_02d1315.txt >>

RKreport[1]_S_05292013_02d1315.txt

Maniac · May 29, 2013

Please manually delete your ComboFix copy. Then:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Luna_McSniffles · May 30, 2013

Here you go, Maniac.

ComboFix 13-05-30.01 - Mad Fad 05/29/2013 21:56:04.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1176 [GMT -4:00]

Running from: c:\users\Mad Fad\Downloads\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-30 )))))))))))))))))))))))))))))))

.

2013-05-30 02:06 . 2013-05-30 02:06 -------- d-----w- c:\users\Mad Fad\AppData\Local\temp

2013-05-30 02:06 . 2013-05-30 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-29 10:28 . 2013-05-29 10:29 115 ----a-w- c:\windows\DeleteOnReboot.bat

2013-05-28 17:49 . 2013-05-14 05:49 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15C99DC4-3574-4ED9-A77C-23A18B603B2C}\mpengine.dll

2013-05-28 17:29 . 2013-05-28 17:29 -------- d-----w- c:\windows\ERUNT

2013-05-28 17:28 . 2013-05-28 17:40 -------- d-----w- C:\JRT

2013-05-28 02:42 . 2013-05-28 02:42 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}