Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pc infected with PUP.bProtector

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Pc infected with PUP.bProtector

Unread postby junior » September 7th, 2013, 4:35 pm

SuperAntiSpyware has indicated that my pc is infected with PUP.bProtector. Even when this is removed by this program it keeps reappearing.
Up until a few days age the pc was functioning without any problems but now I am having all sorts of problems.
The whole system has slowed down, files and folders are slow to open, both Internet explorer and Firefox take ages to open and I sometimes get the message that they are failing to respond. Few if any folders open with a double click - have to right click and use open! Web pages again take ages to open. Links in e-mails do not work.
It would be appreciated if someone could advise me on how to remove this.

Here are my DDS logs

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by george at 21:01:07.28 on 07/09/2013
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.298 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1519.191\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WebConnect\updateWebConnect.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1519.191\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\george\Local Settings\Temporary Internet Files\Content.IE5\C01TLZ4F\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.uk/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: WebConnect: {2316c625-b487-4410-a1a5-ff040b65245f} - c:\program files\webconnect\WebConnectbho.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: delta Helper Object: {c1af5fa5-852c-4c90-812e-a7f75e011d87} - c:\program files\delta\delta\1.8.24.6\bh\delta.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Delta Toolbar: {82e1477c-b154-48d3-9891-33d83c26bcd3} - c:\program files\delta\delta\1.8.24.6\deltaTlbr.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NTRedirect] c:\windows\system32\rundll32.exe "c:\documents and settings\george\application data\babsolution\shared\enhancedNT.dll",Run
mRun: [EPSON Stylus Photo RX620 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
mRun: [EPSON Stylus Photo RX620 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9HE.EXE /P40 "EPSON Stylus Photo RX620 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo RX620"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: mozilla.org\support
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/wind ... 8970662495
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 8970871933
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261519~1.191\{c16c1~1\browse~1.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\george\applic~1\mozilla\firefox\profiles\ug8y6gp3.default-1377121043937\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\motive\npMotiveRequest.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 70bad2bd0000000000002cb05d6be148
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15951
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.620:41:08
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=4994
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-2-19 565888]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2013-2-19 91640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 BrowserDefendert;BrowserDefendert;c:\documents and settings\all users\application data\browserdefender\2.6.1519.191\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-9-3 2845664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2013-9-7 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2013-9-7 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2013-9-7 167784]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2013-9-7 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2013-9-7 203840]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-9-7 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-9-7 172416]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2013-8-18 376144]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-9-7 60920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-13 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-9-7 235264]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-9-7 363080]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2013-9-7 84904]
R3 WNA3100M;NETGEAR WNA3100M N300 Wireless Mini USB Adapter;c:\windows\system32\drivers\WNA3100M.sys [2013-8-16 1323880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2013-5-31 116648]
S2 MBAMScheduler;MBAMScheduler;"c:\program files\malwarebytes' anti-malware\mbamscheduler.exe" --> c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [?]
S2 MBAMService;MBAMService;"c:\program files\malwarebytes' anti-malware\mbamservice.exe" --> c:\program files\malwarebytes' anti-malware\mbamservice.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2013-9-4 257416]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys --> c:\windows\system32\drivers\bcmwlhigh5.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2013-5-31 116648]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-9-7 146872]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-7-13 35144]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-9-7 65928]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2013-9-7 84904]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-9-7 92632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2013-9-5 117656]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-8-17 27064]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2013-5-22 1266464]
.
=============== Created Last 30 ================
.
2013-09-07 16:23:08 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-09-07 16:22:01 84904 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2013-09-07 16:21:55 10088 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-09-07 16:21:45 92632 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-09-07 16:21:44 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-09-07 16:21:44 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-09-07 16:21:44 363080 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-09-07 16:21:44 235264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-09-07 16:21:36 -------- d-----w- c:\program files\common files\Mcafee
2013-09-07 16:21:30 -------- d-----w- c:\program files\McAfee.com
2013-09-07 16:05:07 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-09-05 21:53:25 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-09-04 21:11:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-04 21:11:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-03 19:38:18 -------- d-----w- c:\program files\Delta
2013-09-03 19:38:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\BrowserDefender
2013-09-03 19:38:09 -------- d-----w- c:\docume~1\george\applic~1\Delta
2013-09-03 19:37:52 -------- d-----w- c:\docume~1\george\applic~1\BabSolution
2013-09-03 19:37:46 -------- d-----w- c:\program files\WebConnect
2013-09-01 13:50:48 -------- d-----w- c:\docume~1\george\applic~1\Mediaparts Interactive
2013-09-01 13:50:40 -------- d-----w- c:\docume~1\george\locals~1\applic~1\Mediaparts_Interactive
2013-09-01 13:47:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Mediaparts Interactive
2013-09-01 13:26:48 -------- d-----w- c:\docume~1\george\locals~1\applic~1\Deployment
2013-08-24 17:39:43 -------- d-----w- c:\docume~1\george\applic~1\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-23 21:23:54 -------- d-----w- c:\program files\Tweaking.com
2013-08-18 14:19:38 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-08-17 22:17:26 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-08-17 22:17:23 -------- d-----w- c:\program files\VS Revo Group
2013-08-17 21:09:05 -------- d-----w- c:\docume~1\george\locals~1\applic~1\VS Revo Group
2013-08-17 21:08:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\VS Revo Group
2013-08-17 18:09:39 -------- dc-h--w- c:\windows\ie8
2013-08-17 18:05:33 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-08-17 12:16:41 -------- d-----w- c:\docume~1\george\applic~1\SpeedyPC Software
2013-08-17 12:16:32 -------- d-----w- c:\program files\common files\SpeedyPC Software
2013-08-17 12:16:28 -------- d-----w- c:\program files\SpeedyPC Software
2013-08-17 12:16:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\SpeedyPC Software
2013-08-16 15:32:02 -------- d-----w- c:\windows\system32\MRT
2013-08-16 13:17:07 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2013-08-16 13:17:06 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2013-08-16 13:17:03 1323880 ----a-w- c:\windows\system32\drivers\WNA3100M.sys
2013-08-16 11:49:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-08-16 11:49:44 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-16 10:50:18 -------- d-----w- c:\program files\DriverTuner
2013-08-16 10:47:59 -------- d-----w- c:\program files\CCleaner
2013-08-16 10:24:46 -------- d-----w- c:\docume~1\george\applic~1\Babylon
2013-08-16 00:12:07 -------- d-----w- c:\program files\NETGEAR(5)
2013-08-15 16:19:04 -------- d-----w- c:\program files\NETGEAR(4)
2013-08-14 22:55:39 -------- d-----w- c:\docume~1\george\applic~1\Xirrus
2013-08-14 10:46:40 2400 ----a-w- c:\windows\system32\ASOROSet.bin
2013-08-14 10:11:04 4774272 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-08-14 10:11:04 4774272 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-08-13 15:41:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-13 14:31:20 -------- d-----w- c:\program files\NETGEAR(3)
2013-08-11 21:51:37 413696 ----a-w- c:\windows\system32\msvcfed8.rra
2013-08-11 20:37:39 413696 ----a-w- c:\windows\system32\msvcf348.rra
2013-08-11 18:54:28 -------- d-----w- c:\program files\Mozilla Firefox(3).bak
2013-08-11 17:04:31 -------- d-----w- c:\program files\NETGEAR(2)
2013-08-11 15:36:30 413696 ----a-w- c:\windows\system32\msvcf7c1.rra
2013-08-11 15:13:08 1034240 ----a-w- c:\windows\system32\drivers\OLD43.tmp
2013-08-11 15:04:04 413696 ----a-w- c:\windows\system32\msvc4651.rra
2013-08-11 14:36:31 413696 ----a-w- c:\windows\system32\msvcf4c.rra
2013-08-11 11:32:41 413696 ----a-w- c:\windows\system32\msvce1bb.rra
2013-08-11 10:53:06 413696 ----a-w- c:\windows\system32\msvca4e0.rra
2013-08-10 19:24:44 -------- d-----w- c:\program files\common files\Motive
2013-08-10 19:24:13 -------- d-----w- c:\program files\BT Broadband Desktop Help
2013-08-10 10:37:56 -------- d-----w- c:\docume~1\george\locals~1\applic~1\SlimWare Utilities Inc
2013-08-10 10:29:16 -------- d-----w- c:\program files\Xirrus
2013-08-09 12:43:18 -------- d-----w- c:\docume~1\george\applic~1\HTNetMeter
.
==================== Find3M ====================
.
2013-07-31 21:52:44 901808 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-25 21:26:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 21:26:42 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 21:26:42 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-25 21:26:41 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 21:05:20.60 ===============
Attach.zip
You do not have the required permissions to view the files attached to this post.
junior
Active Member
 
Posts: 14
Joined: September 7th, 2013, 3:52 pm
Advertisement
Register to Remove

Re: Pc infected with PUP.bProtector

Unread postby Gary R » September 8th, 2013, 1:24 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Pc infected with PUP.bProtector

Unread postby Gary R » September 8th, 2013, 1:36 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Junior

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are clear signs of infection in your DDS logs, but DDS does not show everything that this infection installs, so before we start to remove them I'd like to run some further scans to ensure we get a more complete picture of all that we need to remove.

First ...

  • Please download ... ADWCleaner to your Desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
  • Close your browser and double click on this icon to launch ADWCleaner ... Image
  • Click on the Scan button, accept any prompts that appear, and allow it to run. It may take several minutes to complete.
  • When it is done click on the Report button and a report log will open on your Desktop.
  • Please post the log in your next reply.

Next ...

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next ...

Please download SystemLook from the link below and save it to your Desktop.

For 32 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    *BabSolution*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    *BabSolution*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    BabSolution
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • OTL.txt
  • Extras.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Pc infected with PUP.bProtector

Unread postby junior » September 8th, 2013, 7:57 am

Thanks very much GaryR for you promp attention.
I am now fowarding the logs you requested. However I have to tell you that last night I downloaded Combofix to my desktop and accidently ran it but did not delete anything. Would this have affected your recommendations?
Well here is AdwaCleaner log

# AdwCleaner v3.003 - Report created 08/09/2013 at 11:07:04
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : george - LIZZIE
# Running from : C:\Documents and Settings\george\Local Settings\Temporary Internet Files\Content.IE5\NQMKNM37\AdwCleaner[2].exe
# Option : Scan

***** [ Services ] *****

Service Found : PCSUService

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\2gdkromp.default-1009857850953\Extensions\firefox@webconnect.co.xpi
File Found : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\8y4tvm51(2).default\Extensions\firefox@webconnect.co.xpi
File Found : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\bprotector_extensions.sqlite
File Found : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\bprotector_prefs.js
File Found : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\Extensions\firefox@webconnect.co.xpi
File Found : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\user.js
File Found : C:\Documents and Settings\george\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Documents and Settings\george\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Documents and Settings\george\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Found : C:\WINDOWS\Tasks\EPUpdater.job
File Found : C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
Folder Found : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\Extensions\ffxtlbr@delta.com
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Found C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found C:\Documents and Settings\All Users\Application Data\Systweak
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\pc speed up
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\pc speed up
Folder Found C:\Documents and Settings\george\Application Data\BabSolution
Folder Found C:\Documents and Settings\george\Application Data\Babylon
Folder Found C:\Documents and Settings\george\Application Data\delta
Folder Found C:\Documents and Settings\george\Application Data\DriverCure
Folder Found C:\Documents and Settings\george\Application Data\Systweak
Folder Found C:\Documents and Settings\george\IECompatCache
Folder Found C:\Documents and Settings\george\My Documents\PCSpeedUp
Folder Found C:\Documents and Settings\george\Start Menu\Programs\BrowserDefender
Folder Found C:\Program Files\delta
Folder Found C:\Program Files\pc speed up
Folder Found C:\Program Files\WebConnect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\5c68c88e03ebe15
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\5c68c88e03ebe15
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Delta
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Found : HKLM\Software\systweak
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\2gdkromp.default-1009857850953\prefs.js ]


[ File : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\8y4tvm51(2).default\prefs.js ]


[ File : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=70BA2CB05D6BE148&affID=119357&tsp=4994");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "70bad2bd0000000000002cb05d6be148");
Line Found : user_pref("extensions.delta.instlDay", "15951");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.620:41:08");
Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4994");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v

[ File : C:\Documents and Settings\george\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [11858 octets] - [08/09/2013 11:07:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11919 octets] ##########
junior
Active Member
 
Posts: 14
Joined: September 7th, 2013, 3:52 pm

Re: Pc infected with PUP.bProtector

Unread postby junior » September 8th, 2013, 7:58 am

OTL. text log
OTL logfile created on: 08/09/2013 11:56:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\george\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.29 Mb Total Physical Memory | 575.42 Mb Available Physical Memory | 56.23% Memory free
2.41 Gb Paging File | 1.79 Gb Available in Paging File | 74.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 180.38 Gb Free Space | 77.46% Space Free | Partition Type: NTFS

Computer Name: LIZZIE | User Name: george | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/08 11:55:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\george\Desktop\OTL.exe
PRC - [2013/08/30 03:16:32 | 000,206,632 | ---- | M] (WebConnect) -- C:\Program Files\WebConnect\updateWebConnect.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/12 15:07:03 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/25 22:26:42 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/23 21:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/03 17:54:50 | 000,388,912 | ---- | M] () -- C:\Program Files\PC Speed Up\PCSUService.exe
PRC - [2013/03/13 18:40:08 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2013/02/19 14:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2013/02/19 14:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/02/19 14:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/19 19:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9HE.EXE


========== Modules (No Company Name) ==========

MOD - [2013/08/16 17:42:43 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/16 17:42:30 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll
MOD - [2013/08/16 16:39:50 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll
MOD - [2013/08/16 16:36:42 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/16 16:29:45 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/17 07:49:00 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/05/03 17:55:00 | 000,585,608 | ---- | M] () -- C:\Program Files\PC Speed Up\Sqlite3.dll
MOD - [2013/05/03 17:54:50 | 000,388,912 | ---- | M] () -- C:\Program Files\PC Speed Up\PCSUService.exe
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/02 07:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/05 21:10:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 03:16:32 | 000,206,632 | ---- | M] (WebConnect) [Auto | Running] -- C:\Program Files\WebConnect\updateWebConnect.exe -- (Update WebConnect)
SRV - [2013/08/14 18:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/25 22:26:42 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/05/23 21:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/19 18:31:07 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2013/05/03 17:54:50 | 000,388,912 | ---- | M] () [Auto | Running] -- C:\Program Files\PC Speed Up\PCSUService.exe -- (PCSUService)
SRV - [2013/03/15 06:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/25 23:02:14 | 000,279,488 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2013/02/19 14:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2013/02/19 14:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/02/19 14:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2013/07/13 16:33:33 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/06/12 10:21:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2013/06/12 10:21:08 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/19 14:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/02/19 14:11:42 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2013/02/19 14:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/19 14:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 14:09:10 | 000,084,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2013/02/19 14:09:10 | 000,084,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2013/02/19 14:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/02/19 14:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/02/19 14:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/02/19 14:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2011/12/30 07:23:16 | 001,323,880 | ---- | M] (NETGEAR Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WNA3100M.sys -- (WNA3100M)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/17 08:37:06 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/04/07 23:29:42 | 000,028,800 | ---- | M] (Ideazon) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OmniUsb.sys -- (OmniUsb)
DRV - [2005/03/23 16:08:52 | 002,547,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/03/04 12:10:26 | 000,074,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/10/27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/07/27 01:27:50 | 000,009,696 | ---- | M] (Ideazon) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OmniUsbl.sys -- (OmniUsbl)
DRV - [2003/11/13 19:19:48 | 000,210,304 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/13 19:18:36 | 000,679,808 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 19:17:00 | 001,042,816 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\..\SearchScopes,DefaultScope = {599B3FE4-6C40-470A-8471-B41E707B1317}
IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=70BA2CB05D6BE148&affID=119357&tsp=4994
IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\..\SearchScopes\{599B3FE4-6C40-470A-8471-B41E707B1317}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_enGB539
IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\..\SearchScopes\9C1BD06E6E9D4BC0AFE07D910B0EFCD4: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=70BA2CB05D6BE148&affID=119357&tsp=4994
IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/09/08 10:45:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/21 23:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/21 23:47:23 | 000,000,000 | ---D | M]

[2013/05/19 15:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Extensions
[2013/09/03 20:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\2gdkromp.default-1009857850953\extensions
[2013/09/03 20:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\8y4tvm51(2).default\extensions
[2013/09/03 20:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\extensions
[2013/09/03 20:38:46 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\extensions\ffxtlbr@delta.com
[2013/08/30 03:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\2gdkromp.default-1009857850953\extensions\firefox@webconnect.co.xpi
[2013/08/30 03:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\8y4tvm51(2).default\extensions\firefox@webconnect.co.xpi
[2013/08/30 03:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\extensions\firefox@webconnect.co.xpi
[2013/09/03 20:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/03 21:06:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/03 20:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2013/08/21 23:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/03 21:06:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/05 22:53:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www2.delta-search.com/?babsrc=HP ... 7&tsp=4994
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www2.delta-search.com/?babsrc=HP ... 7&tsp=4994
CHR - Extension: No name found = C:\Documents and Settings\george\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2\
CHR - Extension: No name found = C:\Documents and Settings\george\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2\

O1 HOSTS File: ([2013/09/07 22:52:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-606747145-448539723-682003330-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-606747145-448539723-682003330-1005\..\Toolbar\WebBrowser: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo RX620 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-606747145-448539723-682003330-1005..\Run: [PCSpeedUp] C:\Program Files\PC Speed Up\PCSUNotifier.exe ()
O4 - Startup: C:\Documents and Settings\george\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-448539723-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606747145-448539723-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-606747145-448539723-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-606747145-448539723-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-606747145-448539723-682003330-1005\..Trusted Domains: mozilla.org ([support] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 8970662495 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 8970871933 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92441761-14FB-42CA-ADE1-E279BB94C781}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/19 12:08:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/08 11:55:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\george\Desktop\OTL.exe
[2013/09/08 11:06:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/08 11:03:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/09/08 11:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\My Documents\PCSpeedUp
[2013/09/08 11:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Speed Up
[2013/09/08 11:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\PC Speed Up
[2013/09/08 11:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/09/08 11:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/09/08 10:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2013/09/08 10:39:52 | 001,081,496 | ---- | C] (InstallManager) -- C:\Documents and Settings\george\Desktop\Setup.exe
[2013/09/08 10:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/09/08 10:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/09/08 10:36:27 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\george\Desktop\erunt-setup.exe
[2013/09/07 22:24:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/07 22:19:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/07 22:19:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/07 22:19:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/07 22:19:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/07 22:14:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/07 22:12:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/07 22:03:13 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\george\Desktop\rkill.com
[2013/09/07 22:00:29 | 002,748,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\george\Desktop\tdsskiller.exe
[2013/09/07 21:58:39 | 005,120,615 | R--- | C] (Swearware) -- C:\Documents and Settings\george\Desktop\ComboFix.exe
[2013/09/07 17:23:08 | 000,146,872 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\HipShieldK.sys
[2013/09/07 17:22:01 | 000,084,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2013/09/07 17:21:55 | 000,010,088 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2013/09/07 17:21:45 | 000,092,632 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2013/09/07 17:21:44 | 000,363,080 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2013/09/07 17:21:44 | 000,235,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2013/09/07 17:21:44 | 000,065,928 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2013/09/07 17:21:44 | 000,060,920 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2013/09/07 17:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2013/09/07 17:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2013/09/07 17:05:07 | 000,172,416 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2013/09/07 16:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/09/07 10:32:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\george\Recent
[2013/09/05 23:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Desktop\test
[2013/09/05 22:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/09/04 22:11:27 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/04 22:11:27 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/03 21:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/09/03 21:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/09/03 20:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Start Menu\Programs\BrowserDefender
[2013/09/03 20:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/09/03 20:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\Delta
[2013/09/03 20:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\BabSolution
[2013/09/03 20:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\WebConnect
[2013/09/01 14:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Desktop\sdmf
[2013/09/01 14:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\Mediaparts Interactive
[2013/09/01 14:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Local Settings\Application Data\Mediaparts_Interactive
[2013/09/01 14:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\My Documents\FlippingBook Publisher
[2013/09/01 14:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mediaparts Interactive
[2013/09/01 14:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Local Settings\Application Data\Deployment
[2013/09/01 11:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Desktop\draft2
[2013/08/26 14:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Desktop\colin
[2013/08/24 18:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/08/23 22:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Desktop\haus
[2013/08/23 22:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/08/23 22:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/08/22 17:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Desktop\office 2012
[2013/08/21 23:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/18 15:19:38 | 008,610,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/08/18 12:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BT Desktop Help
[2013/08/17 23:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2013/08/17 23:17:26 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013/08/17 23:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/08/17 22:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Local Settings\Application Data\VS Revo Group
[2013/08/17 22:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2013/08/17 19:09:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/08/17 13:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\SpeedyPC Software
[2013/08/17 13:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Start Menu\Programs\SpeedyPC Software
[2013/08/17 13:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2013/08/17 13:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2013/08/17 13:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2013/08/16 22:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2013/08/16 16:32:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/16 15:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2013/08/16 14:17:03 | 001,323,880 | ---- | C] (NETGEAR Corporation ) -- C:\WINDOWS\System32\drivers\WNA3100M.sys
[2013/08/16 12:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\InstallShield
[2013/08/16 11:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/08/16 11:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverTuner
[2013/08/16 11:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\DriverTuner
[2013/08/16 11:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/08/16 11:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\Babylon
[2013/08/16 01:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR(5)
[2013/08/15 17:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR(4)
[2013/08/14 23:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\Xirrus
[2013/08/14 19:14:33 | 023,951,136 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\george\My Documents\WNA3100_v1.1.2.16_Setupaa.exe
[2013/08/13 16:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/13 15:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR(3)
[2013/08/11 22:51:37 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcfed8.rra
[2013/08/11 21:37:39 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcf348.rra
[2013/08/11 19:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(3).bak
[2013/08/11 18:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR(2)
[2013/08/11 16:36:30 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcf7c1.rra
[2013/08/11 16:04:04 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvc4651.rra
[2013/08/11 15:36:31 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcf4c.rra
[2013/08/11 12:32:41 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvce1bb.rra
[2013/08/11 11:53:06 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvca4e0.rra
[2013/08/10 20:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\Motive
[2013/08/10 20:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2013/08/10 20:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2013/08/10 20:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\BT Broadband Desktop Help
[2013/08/10 11:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Local Settings\Application Data\SlimWare Utilities Inc
[2013/08/10 11:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2013/08/10 11:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2013/08/10 11:20:12 | 022,224,144 | ---- | C] (Xirrus) -- C:\Documents and Settings\george\My Documents\WiFiInspector-Setup-1.2.1.4.exe
[2013/08/09 13:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\HTNetMeter
[2013/08/09 13:41:25 | 000,392,000 | ---- | C] (Softonic ) -- C:\Documents and Settings\george\My Documents\SoftonicDownloader_for_net-meter.exe
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/08 12:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/08 12:04:22 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\PC SpeedUp Service Deactivator.job
[2013/09/08 11:58:37 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\george\Desktop\SystemLook.exe
[2013/09/08 11:55:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\george\Desktop\OTL.exe
[2013/09/08 11:52:44 | 000,010,844 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/09/08 10:48:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce7f091c2df932.job
[2013/09/08 10:48:58 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/09/08 10:48:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/08 10:40:00 | 001,081,496 | ---- | M] (InstallManager) -- C:\Documents and Settings\george\Desktop\Setup.exe
[2013/09/08 10:37:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\george\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/09/08 10:37:09 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\george\Desktop\NTREGOPT.lnk
[2013/09/08 10:37:09 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\george\Desktop\ERUNT.lnk
[2013/09/08 10:36:34 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\george\Desktop\erunt-setup.exe
[2013/09/07 22:52:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/07 22:24:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/09/07 22:03:26 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\george\Desktop\rkill.com
[2013/09/07 22:00:38 | 002,748,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\george\Desktop\tdsskiller.exe
[2013/09/07 21:58:39 | 005,120,615 | R--- | M] (Swearware) -- C:\Documents and Settings\george\Desktop\ComboFix.exe
[2013/09/07 21:31:41 | 000,005,914 | ---- | M] () -- C:\Documents and Settings\george\Desktop\Attach.zip
[2013/09/07 20:35:50 | 002,675,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/07 16:50:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/07 16:27:46 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\george\Desktop\Dreamweaver.lnk
[2013/09/07 13:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/06 17:03:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/09/05 22:53:42 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\george\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/09/05 22:53:28 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/09/05 21:10:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/05 21:10:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/05 18:03:25 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/09/03 20:41:21 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\EPUpdater.job
[2013/09/03 14:44:34 | 000,512,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/03 14:44:34 | 000,092,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/26 11:32:35 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\george\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2013/08/24 18:46:28 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\george\Application Data\Adobe GIF Format CS5 Prefs
[2013/08/23 22:26:00 | 005,373,340 | ---- | M] () -- C:\Documents and Settings\george\My Documents\tweaking.com_windows_repair_aio_setup.exe
[2013/08/22 22:31:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\george\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/21 11:48:55 | 000,108,423 | ---- | M] () -- C:\Documents and Settings\george\My Documents\img025.jpg
[2013/08/21 11:22:01 | 000,010,507 | ---- | M] () -- C:\Documents and Settings\george\My Documents\img024.jpg
[2013/08/18 15:19:39 | 008,610,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/08/18 14:58:40 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2013/08/18 14:58:39 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2013/08/18 12:11:40 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT Help.lnk
[2013/08/17 23:39:21 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\george\Local Settings\Application Data\recently-used.xbel
[2013/08/17 23:17:28 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\george\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/08/17 19:11:59 | 000,000,923 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2013/08/17 13:16:47 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2013/08/16 22:39:23 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT email.LNK
[2013/08/16 22:39:23 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My BT.LNK
[2013/08/16 14:17:06 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2013/08/16 13:11:13 | 109,493,020 | ---- | M] () -- C:\Documents and Settings\george\My Documents\august11x.reg
[2013/08/15 10:36:58 | 110,308,944 | ---- | M] () -- C:\Documents and Settings\george\My Documents\reg august 2013.reg
[2013/08/14 22:07:20 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\george\Desktop\yahoo.url
[2013/08/14 19:14:34 | 023,951,136 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\george\My Documents\WNA3100_v1.1.2.16_Setupaa.exe
[2013/08/14 11:50:56 | 000,002,400 | ---- | M] () -- C:\WINDOWS\System32\ASOROSet.bin
[2013/08/13 22:55:19 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/08/13 11:58:54 | 000,002,108 | ---- | M] () -- C:\Documents and Settings\george\My Documents\20130813115815.ns1
[2013/08/11 16:32:46 | 036,524,491 | ---- | M] () -- C:\Documents and Settings\george\My Documents\WNA3100 Software Version 2.0.zip
[2013/08/10 11:20:13 | 022,224,144 | ---- | M] (Xirrus) -- C:\Documents and Settings\george\My Documents\WiFiInspector-Setup-1.2.1.4.exe
[2013/08/09 13:41:32 | 000,392,000 | ---- | M] (Softonic ) -- C:\Documents and Settings\george\My Documents\SoftonicDownloader_for_net-meter.exe
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/08 11:58:37 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\george\Desktop\SystemLook.exe
[2013/09/08 11:02:24 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\PC SpeedUp Service Deactivator.job
[2013/09/08 10:37:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\george\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/09/08 10:37:09 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\george\Desktop\NTREGOPT.lnk
[2013/09/08 10:37:09 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\george\Desktop\ERUNT.lnk
[2013/09/07 22:24:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/09/07 22:24:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/09/07 22:19:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/07 22:19:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/07 22:19:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/07 22:19:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/07 22:19:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/07 21:31:41 | 000,005,914 | ---- | C] () -- C:\Documents and Settings\george\Desktop\Attach.zip
[2013/09/05 22:53:28 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/09/03 21:05:30 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/09/03 20:37:55 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\EPUpdater.job
[2013/09/01 22:14:38 | 000,293,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/26 11:32:35 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\george\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2013/08/24 18:46:28 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\george\Application Data\Adobe GIF Format CS5 Prefs
[2013/08/23 22:26:00 | 005,373,340 | ---- | C] () -- C:\Documents and Settings\george\My Documents\tweaking.com_windows_repair_aio_setup.exe
[2013/08/21 11:46:06 | 000,108,423 | ---- | C] () -- C:\Documents and Settings\george\My Documents\img025.jpg
[2013/08/21 11:19:52 | 000,010,507 | ---- | C] () -- C:\Documents and Settings\george\My Documents\img024.jpg
[2013/08/18 12:11:40 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT Help.lnk
[2013/08/17 23:39:21 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\george\Local Settings\Application Data\recently-used.xbel
[2013/08/17 23:17:28 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\george\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/08/17 13:16:47 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2013/08/17 13:16:34 | 000,000,494 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/08/17 13:16:34 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2013/08/17 13:16:33 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2013/08/16 22:39:23 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT email.LNK
[2013/08/16 22:39:23 | 000,001,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My BT.LNK
[2013/08/16 14:17:06 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2013/08/16 13:10:55 | 109,493,020 | ---- | C] () -- C:\Documents and Settings\george\My Documents\august11x.reg
[2013/08/15 10:36:39 | 110,308,944 | ---- | C] () -- C:\Documents and Settings\george\My Documents\reg august 2013.reg
[2013/08/14 11:46:40 | 000,002,400 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2013/08/13 22:55:19 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/08/13 11:58:54 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\george\My Documents\20130813115815.ns1
[2013/08/11 16:32:29 | 036,524,491 | ---- | C] () -- C:\Documents and Settings\george\My Documents\WNA3100 Software Version 2.0.zip
[2013/07/13 18:39:07 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/07/13 17:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/07/13 16:33:33 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/06/23 23:05:15 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\george\Application Data\Adobe PNG Format CS5 Prefs
[2013/06/10 11:14:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2013/06/09 13:45:16 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2013/06/09 13:45:16 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2013/06/09 13:45:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2013/05/22 20:03:36 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\george\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/22 12:58:44 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2013/05/22 11:37:56 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2013/05/22 10:58:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Winlognotif.dll
[2013/05/22 10:57:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2013/05/22 10:51:38 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/05/22 10:47:31 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/05/22 10:47:31 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/05/22 10:47:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/05/22 10:46:32 | 002,288,632 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/05/22 08:53:00 | 000,026,384 | ---- | C] () -- C:\WINDOWS\System32\PteVideo.dll
[2013/05/21 14:45:18 | 000,038,028 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2013/05/21 14:45:18 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2013/05/21 14:45:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2013/05/21 14:07:18 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE RX620EI.ini
[2013/05/19 23:13:27 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\george\Application Data\wklnhst.dat
[2013/05/19 22:38:16 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/19 12:57:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/05/19 12:54:20 | 002,675,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/19 12:13:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/05/19 12:11:35 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2013/05/19 12:05:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2013/05/19 12:10:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/12 10:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/05/28 22:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/05/28 22:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Foresight Software
[2013/09/01 14:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mediaparts Interactive
[2013/06/01 23:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/05/21 21:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2013/08/17 13:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2013/08/05 17:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2013/05/21 14:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2013/08/17 22:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2013/08/28 14:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\.minecraft
[2013/09/03 20:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\BabSolution
[2013/09/03 20:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\Babylon
[2013/05/30 12:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\Canon
[2013/08/24 18:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/05/21 10:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/09/03 20:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\Delta
[2013/05/28 22:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\DriverCure
[2013/05/25 11:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\DriverFinder
[2013/08/17 12:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\ElevatedDiagnostics
[2013/07/14 17:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\EurekaLab s.a.s
[2013/05/28 22:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\Foresight Software
[2013/08/09 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\HTNetMeter
[2013/07/14 17:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\Ideazon
[2013/09/01 14:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\Mediaparts Interactive
[2013/08/17 13:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\SpeedyPC Software
[2013/09/07 16:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\Systweak
[2013/05/19 23:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\Template
[2013/05/28 22:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\URSoft
[2013/08/16 11:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\Xirrus

========== Purity Check ==========



< End of report >
junior
Active Member
 
Posts: 14
Joined: September 7th, 2013, 3:52 pm

Re: Pc infected with PUP.bProtector

Unread postby junior » September 8th, 2013, 8:00 am

extras log

OTL Extras logfile created on: 08/09/2013 11:56:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\george\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.29 Mb Total Physical Memory | 575.42 Mb Available Physical Memory | 56.23% Memory free
2.41 Gb Paging File | 1.79 Gb Available in Paging File | 74.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 180.38 Gb Free Space | 77.46% Space Free | Partition Type: NTFS

Computer Name: LIZZIE | User Name: george | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Desktop Help Notifier -- (Alcatel-Lucent)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}" = SmartSound Premiere Elements 10 Plugin
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{340C0246-975B-420F-8ADD-DEA69B16FDEE}" = Adobe Premiere Elements 10 Content 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{4F29521F-7338-4D15-8691-8FEEB987780C}" = Adobe Premiere Elements 10 HD Content 3
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5D037ECA-B00A-466F-848C-D21B4DB69DEA}" = Adobe Premiere Elements 10 HD Content 1
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{99C7D73D-E201-4D03-B8A4-5EDBA529B505}" = Adobe Premiere Elements 10 Content 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C8D1290-0A4C-446C-AD86-0590812660CC}" = Adobe Premiere Elements 10 Content
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A254D625} PicturesToExe 7.5_is1" = PicturesToExe 7.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A433AE09-2126-4dad-9CBD-C1B05DC42787}" = Windows Messenger 5.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4DEA2-5A69-4819-9BB2-BF3D540F9024}" = Adobe Premiere Elements 10
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BBAB8CE2-6AE2-497C-A745-67A61134E72C}" = PIF DESIGNER2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE1F2DF3-5836-4A27-A3FE-6717492DDE5E}" = PRE10STIInstaller
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1CE6204-061A-43B5-830F-6A8A35C4E0C6}" = Adobe Premiere Elements 10 HD Content 2
"{D66A42BA-3747-4628-9CE4-9E7C18C3ED95}" = Adobe Premiere Elements 10 Content 2
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"0D1EC8C098410CAFE85D1071184DB179AA0C5B30" = Windows Driver Package - Intel USB (10/05/2012 9.1.9.1002)
"5394CDFA2BDA136A47E0AD3B0649491E4BF0775C" = Windows Driver Package - Intel System (10/05/2012 9.1.9.1002)
"64A4C14F7BE3030FF4E9D0D18265D36EA120B146" = Windows Driver Package - Intel hdc (10/05/2012 9.1.9.1002)
"74C9AF1769B4962F037AF21AE1EA73C42753E3D4" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/28/2012 5.10.0.6813)
"7649DD4EEEFCC431F21653B24812C272F97B114D" = Windows Driver Package - CXT (winachsf) Modem (12/12/2005 7.32.00.00)
"99384DC7A73D4A1912DFD6CEF0D996D685137527" = Windows Driver Package - Intel hdc (10/05/2012 9.1.9.1002)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS5 Extended" = Adobe Photoshop CS5 Extended
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Premiere Elements 10 Content" = Adobe Premiere Elements 10 Content
"Adobe Premiere Elements 10 Content 1" = Adobe Premiere Elements 10 Content 1
"Adobe Premiere Elements 10 Content 2" = Adobe Premiere Elements 10 Content 2
"Adobe Premiere Elements 10 Content 3" = Adobe Premiere Elements 10 Content 3
"Adobe Premiere Elements 10 HD Content 1" = Adobe Premiere Elements 10 HD Content 1
"Adobe Premiere Elements 10 HD Content 2" = Adobe Premiere Elements 10 HD Content 2
"Adobe Premiere Elements 10 HD Content 3" = Adobe Premiere Elements 10 HD Content 3
"BT Desktop Help" = BT Desktop Help
"BTHomeHub" = BTHomeHub
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CBDE5DDE1941356F18001E36717D3D60AEBBC5CC" = Windows Driver Package - Intel System (10/05/2012 9.1.9.1002)
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESPRX620 Series Reference Guide" = ESPRX620 Series Reference Guide
"ESPRX620 Software Guide" = ESPRX620 Software Guide
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = BT NetProtect Plus
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PCSU-SL_is1" = PC Speed Up
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PremElem100" = Adobe Premiere Elements 10
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"WebConnect" = WebConnect 3.0.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = BT Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27/08/2013 16:20:43 | Computer Name = LIZZIE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 28/08/2013 05:12:23 | Computer Name = LIZZIE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 28/08/2013 05:12:23 | Computer Name = LIZZIE | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 28/08/2013 05:12:50 | Computer Name = LIZZIE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 28/08/2013 08:24:29 | Computer Name = LIZZIE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 28/08/2013 08:24:29 | Computer Name = LIZZIE | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 28/08/2013 08:24:46 | Computer Name = LIZZIE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 28/08/2013 12:55:09 | Computer Name = LIZZIE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 28/08/2013 12:55:09 | Computer Name = LIZZIE | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 28/08/2013 12:55:32 | Computer Name = LIZZIE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 08/09/2013 05:45:52 | Computer Name = LIZZIE | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1058

Error - 08/09/2013 05:48:42 | Computer Name = LIZZIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 08/09/2013 05:48:42 | Computer Name = LIZZIE | Source = Service Control Manager | ID = 7001
Description = The Wired AutoConfig service depends on the Extensible Authentication
Protocol Service service which failed to start because of the following error:
%%1058

Error - 08/09/2013 05:48:42 | Computer Name = LIZZIE | Source = Service Control Manager | ID = 7001
Description = The Net Logon service depends on the Workstation service which failed
to start because of the following error: %%1058

Error - 08/09/2013 05:48:42 | Computer Name = LIZZIE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 08/09/2013 05:48:42 | Computer Name = LIZZIE | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
%%2

Error - 08/09/2013 05:48:42 | Computer Name = LIZZIE | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 08/09/2013 05:48:42 | Computer Name = LIZZIE | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1058

Error - 08/09/2013 05:49:09 | Computer Name = LIZZIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 08/09/2013 05:49:18 | Computer Name = LIZZIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
junior
Active Member
 
Posts: 14
Joined: September 7th, 2013, 3:52 pm

Re: Pc infected with PUP.bProtector

Unread postby junior » September 8th, 2013, 8:01 am

systems look log

SystemLook 04.09.10 by jpshortstuff
Log created at 12:35 on 08/09/2013 by george
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Documents and Settings\george\My Documents\iLividSetup-r390-n-bi.exe --a---- 1488280 bytes [15:36 12/06/2013] [15:36 12/06/2013] 468BBE0DC83496CAD49597A47341C786

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
No files found.

Searching for "*conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1207392 bytes [11:43 06/12/2012] [11:43 06/12/2012] C963B2DECF0872C4A79D4E5E97062E8C

Searching for "*BabSolution*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
C:\Documents and Settings\All Users\Application Data\Babylon d------ [21:54 28/05/2013]
C:\Documents and Settings\george\Application Data\Babylon d------ [10:24 16/08/2013]
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com d------ [19:38 03/09/2013]

Searching for "*conduit*"
No folders found.

Searching for "*BabSolution*"
C:\Documents and Settings\george\Application Data\BabSolution d------ [19:37 03/09/2013]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
No data found.

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r390-n-bi.exe]

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\DataMngr_Toolbar]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Trolltech]
[HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_CURRENT_USER\Software\5c68c88e03ebe15\2.6.1519.191]
"SpXmlFN"="babylon.xml"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\9C1BD06E6E9D4BC0AFE07D910B0EFCD4]
"FaviconURL"="search.babylon.com/favicon.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
"FaviconPath"="search.babylon.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client]
[HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\5c68c88e03ebe15\2.6.1519.191]
"SpXmlFN"="babylon.xml"
[HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\9C1BD06E6E9D4BC0AFE07D910B0EFCD4]
"FaviconURL"="search.babylon.com/favicon.ico"
[HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
"FaviconPath"="search.babylon.com/favicon.ico"

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"E0EDA41E3F5764A4785E6296D26D62CE"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

Searching for "BabSolution"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde]
"path"="C:\Documents and Settings\george\Application Data\BabSolution\CR\Delta.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar]
"UninstallString"=""C:\Documents and Settings\george\Application Data\BabSolution\Shared\GUninstaller.exe" -key "Delta Chrome Toolbar" -rmkey -rmbus "Delta Chrome Toolbar" -ask -plgdll enhancedNT -nontfy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar]
"DisplayIcon"="C:\Documents and Settings\george\Application Data\BabSolution\Shared\Delta.ico"

-= EOF =-
junior
Active Member
 
Posts: 14
Joined: September 7th, 2013, 3:52 pm

Re: Pc infected with PUP.bProtector

Unread postby Gary R » September 8th, 2013, 10:25 am

Thanks for letting me know about Combofix. I see you've also run rKill. Neither of those would be effective against the infection you have.

OK, let's get started cleaning your computer up.

First ...

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

J2SE Runtime Environment 5.0
PC Speed Up
SpeedyPC Pro


Old versions of Java can be exploited, even if a later version is installed.

PC "optimisers" are a complete and utter waste of time, and usually cause many more problems than they ever resolve. I've lost count of the number of people I've helped who have used these programs and wished they hadn't afterwards. Windows Registry is extremely tolerant of orphans and can happily run with thousands of them in place without any drop in performance, however remove even one essential entry by mistake, and your PC becomes a very expensive paperweight. The risk vs gain equation is not a good one, so I strongly advise the removal of these type of programs.

Reboot your computer when finished.

Next ....

  • Close your browser and double click on this icon on your desktop ... Image
  • You will then see the screen below ...

    Image
  • Click on the Scan button (as indicated).
  • Accept any prompts that appear and allow it to run. It may take several minutes to complete.
  • When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
  • Upon reboot you will be presented with a "fix" report.
  • Please post the report in your next reply.

Next ....

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
SRV - [2013/08/30 03:16:32 | 000,206,632 | ---- | M] (WebConnect) [Auto | Running] -- C:\Program Files\WebConnect\updateWebConnect.exe -- (Update WebConnect)
SRV - [2013/05/03 17:54:50 | 000,388,912 | ---- | M] () [Auto | Running] -- C:\Program Files\PC Speed Up\PCSUService.exe -- (PCSUService)
IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\..\SearchScopes,DefaultScope = {599B3FE4-6C40-470A-8471-B41E707B1317}
IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q= {searchTerms}&babsrc=SP_ss&mntrId=70BA2CB05D6BE148&affID=119357&tsp=4994
IE - HKU\S-1-5-21-606747145-448539723-682003330-1005\..\SearchScopes\9C1BD06E6E9D4BC0AFE07D910B0EFCD4: "URL" = http://www2.delta-search.com/?q= {searchTerms}&babsrc=SP_ss&mntrId=70BA2CB05D6BE148&affID=119357&tsp=4994
[2013/09/03 20:38:46 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\extensions\ffxtlbr@delta.com
[2013/08/30 03:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\2gdkromp.default-1009857850953\extensions\firefox@webconnect.co.xpi
[2013/08/30 03:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\8y4tvm51(2).default\extensions\firefox@webconnect.co.xpi
[2013/08/30 03:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\extensions\firefox@webconnect.co.xpi
[2013/09/03 20:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
O4 - HKU\S-1-5-21-606747145-448539723-682003330-1005..\Run: [PCSpeedUp] C:\Program Files\PC Speed Up\PCSUNotifier.exe ()
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
[2013/09/08 11:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\My Documents\PCSpeedUp
[2013/09/08 11:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Speed Up
[2013/09/08 11:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\PC Speed Up
[2013/09/03 20:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/09/03 20:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\Delta
[2013/09/03 20:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\BabSolution
[2013/09/03 20:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\WebConnect
[2013/08/17 13:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\SpeedyPC Software
[2013/08/17 13:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Start Menu\Programs\SpeedyPC Software
[2013/08/17 13:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2013/08/17 13:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2013/08/17 13:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2013/08/16 11:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\Babylon
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2013/05/28 22:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/08/17 13:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2013/09/03 20:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\BabSolution
[2013/09/03 20:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\Babylon
[2013/09/03 20:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\Delta
[2013/08/17 13:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george\Application Data\SpeedyPC Software

:Files
C:\Documents and Settings\george\My Documents\iLividSetup
C:\Documents and Settings\All Users\Application Data\Babylon
C:\Documents and Settings\george\Application Data\Babylon
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
C:\Documents and Settings\george\Application Data\BabSolution
ipconfig /flushdns /c

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r390-n-bi.exe]
[-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[-HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\DataMngr_Toolbar]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\5c68c88e03ebe15\2.6.1519.191]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\9C1BD06E6E9D4BC0AFE07D910B0EFCD4]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client]
[-HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\5c68c88e03ebe15\2.6.1519.191]
[-HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\9C1BD06E6E9D4BC0AFE07D910B0EFCD4]
[-HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar]

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next ....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • ADWCleaner fix log
  • OTL fix log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Pc infected with PUP.bProtector

Unread postby junior » September 8th, 2013, 11:50 am

hi Glen,
First of logs requested - rest to follow shortly


Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Systweak
Folder Deleted : C:\Program Files\delta
Folder Deleted : C:\Program Files\WebConnect
Folder Deleted : C:\Documents and Settings\george\IECompatCache
Folder Deleted : C:\Documents and Settings\george\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\george\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\george\Application Data\delta
Folder Deleted : C:\Documents and Settings\george\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\george\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\george\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\Extensions\ffxtlbr@delta.com
File Deleted : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\2gdkromp.default-1009857850953\Extensions\firefox@webconnect.co.xpi
File Deleted : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\8y4tvm51(2).default\Extensions\firefox@webconnect.co.xpi
File Deleted : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\Extensions\firefox@webconnect.co.xpi
File Deleted : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\bprotector_prefs.js
File Deleted : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\user.js
File Deleted : C:\Documents and Settings\george\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\george\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Documents and Settings\george\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\WINDOWS\Tasks\EPUpdater.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5c68c88e03ebe15
Key Deleted : HKLM\SOFTWARE\5c68c88e03ebe15
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\2gdkromp.default-1009857850953\prefs.js ]


[ File : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\8y4tvm51(2).default\prefs.js ]


[ File : C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=70BA2CB05D6BE148&affID=119357&tsp=4994");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "70bad2bd0000000000002cb05d6be148");
Line Deleted : user_pref("extensions.delta.instlDay", "15951");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.620:41:08");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4994");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v

[ File : C:\Documents and Settings\george\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [12000 octets] - [08/09/2013 11:07:04]
AdwCleaner[R1].txt - [11451 octets] - [08/09/2013 16:44:02]
AdwCleaner[S0].txt - [11569 octets] - [08/09/2013 16:45:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11630 octets] ##########
junior
Active Member
 
Posts: 14
Joined: September 7th, 2013, 3:52 pm

Re: Pc infected with PUP.bProtector

Unread postby junior » September 8th, 2013, 12:00 pm

OTL log

All processes killed
========== OTL ==========
Service Update WebConnect stopped successfully!
Service Update WebConnect deleted successfully!
File C:\Program Files\WebConnect\updateWebConnect.exe not found.
Error: No service named PCSUService was found to stop!
Service\Driver key PCSUService not found.
File C:\Program Files\PC Speed Up\PCSUService.exe not found.
HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Folder C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\extensions\ffxtlbr@delta.com\ not found.
File C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\2gdkromp.default-1009857850953\extensions\firefox@webconnect.co.xpi not found.
File C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\8y4tvm51(2).default\extensions\firefox@webconnect.co.xpi not found.
File C:\Documents and Settings\george\Application Data\Mozilla\Firefox\Profiles\ug8y6gp3.default-1377121043937\extensions\firefox@webconnect.co.xpi not found.
Folder C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\ not found.
Registry value HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp not found.
File C:\Program Files\PC Speed Up\PCSUNotifier.exe not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Folder C:\Documents and Settings\george\My Documents\PCSpeedUp\ not found.
Folder C:\Documents and Settings\All Users\Start Menu\Programs\PC Speed Up\ not found.
Folder C:\Program Files\PC Speed Up\ not found.
Folder C:\Program Files\Delta\ not found.
Folder C:\Documents and Settings\george\Application Data\Delta\ not found.
Folder C:\Documents and Settings\george\Application Data\BabSolution\ not found.
Folder C:\Program Files\WebConnect\ not found.
C:\Documents and Settings\george\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Documents and Settings\george\Application Data\SpeedyPC Software folder moved successfully.
Folder C:\Documents and Settings\george\Start Menu\Programs\SpeedyPC Software\ not found.
Folder C:\Program Files\Common Files\SpeedyPC Software\ not found.
Folder C:\Program Files\SpeedyPC Software\ not found.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software folder moved successfully.
Folder C:\Documents and Settings\george\Application Data\Babylon\ not found.
C:\WINDOWS\System32\drivers\OLD43.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
Folder C:\Documents and Settings\All Users\Application Data\Babylon\ not found.
Folder C:\Documents and Settings\All Users\Application Data\SpeedyPC Software\ not found.
Folder C:\Documents and Settings\george\Application Data\BabSolution\ not found.
Folder C:\Documents and Settings\george\Application Data\Babylon\ not found.
Folder C:\Documents and Settings\george\Application Data\Delta\ not found.
Folder C:\Documents and Settings\george\Application Data\SpeedyPC Software\ not found.
========== FILES ==========
File\Folder C:\Documents and Settings\george\My Documents\iLividSetup not found.
File\Folder C:\Documents and Settings\All Users\Application Data\Babylon not found.
File\Folder C:\Documents and Settings\george\Application Data\Babylon not found.
File\Folder C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com not found.
File\Folder C:\Documents and Settings\george\Application Data\BabSolution not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\george\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\george\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r390-n-bi.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\5c68c88e03ebe15\2.6.1519.191\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\9C1BD06E6E9D4BC0AFE07D910B0EFCD4\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client\ not found.
Registry key HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\5c68c88e03ebe15\2.6.1519.191\ not found.
Registry key HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\9C1BD06E6E9D4BC0AFE07D910B0EFCD4\ not found.
Registry key HKEY_USERS\S-1-5-21-606747145-448539723-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 10246320 bytes
->Flash cache emptied: 2840 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: george
->Temp folder emptied: 5309210 bytes
->Temporary Internet Files folder emptied: 45209434 bytes
->FireFox cache emptied: 84678663 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 64524 bytes

User: liz
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 5385777 bytes
RecycleBin emptied: 815440 bytes

Total Files Cleaned = 145.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 09082013_165325

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\george\Local Settings\Temp\~DF3034.tmp not found!
File\Folder C:\Documents and Settings\george\Local Settings\Temp\~DF3044.tmp not found!
File\Folder C:\Documents and Settings\george\Local Settings\Temp\~DF309F.tmp not found!
File\Folder C:\Documents and Settings\george\Local Settings\Temp\~DF30AE.tmp not found!
C:\Documents and Settings\george\Local Settings\Temporary Internet Files\Content.IE5\HEBZJNDG\sh136[1].html moved successfully.
C:\Documents and Settings\george\Local Settings\Temporary Internet Files\Content.IE5\HEBZJNDG\viewtopic[3].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
junior
Active Member
 
Posts: 14
Joined: September 7th, 2013, 3:52 pm

Re: Pc infected with PUP.bProtector

Unread postby junior » September 9th, 2013, 3:54 am

Hi Gary,
Just to let you know I will be away from home for a few days so you need not feel under any pressure to respond.
junior
Active Member
 
Posts: 14
Joined: September 7th, 2013, 3:52 pm

Re: Pc infected with PUP.bProtector

Unread postby Gary R » September 9th, 2013, 4:35 am

Actually I was waiting for the e-set log before I replied, you don't appear to have posted it.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Pc infected with PUP.bProtector

Unread postby junior » September 11th, 2013, 1:48 pm

sorry ,
here is the e-set log

C:\AdwCleaner\Quarantine\C\Documents and Settings\george\Application Data\BabSolution\Shared\BabMaint.exe.vir Win32/Toolbar.Babylon.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WebConnect\updateWebConnect.exe.vir a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WebConnect\WebConnect.Common.dll.vir a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WebConnect\WebConnectBHO.dll.vir probably a variant of Win32/BrowseFox.A application cleaned by deleting - quarantined
C:\Documents and Settings\george\Desktop\Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Documents and Settings\george\My Documents\iLividSetup-r390-n-bi.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Documents and Settings\george\My Documents\SoftonicDownloader_for_net-meter.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll.vir a variant of Win32/Toolbar.Montiera.F application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP236\A0280205.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP237\A0281205.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP237\A0282205.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP238\A0284332.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP238\A0284405.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP239\A0284450.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP240\A0284469.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP240\A0284479.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP240\A0284520.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP240\A0284534.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP240\A0285533.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP240\A0286451.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP240\A0286501.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP241\A0287317.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP243\A0287903.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP243\A0288021.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP243\A0288663.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP243\A0289324.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP243\A0289493.dll a variant of Win32/Toolbar.Montiera.F application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP243\A0289504.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP243\A0290884.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP243\A0291005.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP243\A0291020.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP243\A0293020.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP243\A0293816.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP244\A0294082.dll a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP244\A0294113.exe a variant of MSIL/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP244\A0294115.dll probably a variant of Win32/BrowseFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP244\A0294117.exe Win32/Toolbar.Babylon.I application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F63359F7-CD9C-4D60-B643-AED6EEFDB7C8}\RP244\A0294145.exe a variant of Win32/FirseriaInstaller.A application cleaned by deleting - quarantined
junior
Active Member
 
Posts: 14
Joined: September 7th, 2013, 3:52 pm

Re: Pc infected with PUP.bProtector

Unread postby junior » September 11th, 2013, 6:06 pm

Hi Gary,
Just to let you know I will be away until the 20th Sept.
That's the trouble having to work for a living
junior
Active Member
 
Posts: 14
Joined: September 7th, 2013, 3:52 pm

Re: Pc infected with PUP.bProtector

Unread postby Gary R » September 12th, 2013, 4:43 am

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Documents and Settings\george\Desktop\Setup.exe
C:\Documents and Settings\george\My Documents\iLividSetup-r390-n-bi.exe

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Apart from that, your computer looks clean now, how is it behaving ???


I'll leave this topic open till 20th to give you time to reply, then dependant on the reply you give me, all we really need to do is remove the programs we've been using to clean your computer, and secure it against further infection.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 496 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware