Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BrowserProtect.exe - Unable to remove!


  • This topic is locked This topic is locked
4 replies to this topic

#1 vigge123

vigge123

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 02 March 2013 - 06:55 AM

Hello, i'm very observant of my task manager and checks from time to time
if an unwanted program is running or checking what (new) programs is running there.

I recently stumbled on a program called (BrowserProtect.exe*32) and google
'd it. I found out
that it was some king of Trojan or someting. I searched on fixing the problem and found this 
forum, followed this giude

http://www.bleepingcomputer.com/forums/t/480850/infected-with-system-protector-unable-to-remove/

 

becuase it seemed to be the same problem. But after completing the following steps the program is still there. I think i only have scanned the computer so far but i will catch you up with my actions so far.

1. I have done the Combofix log thing. (I will post it down below)
2. The Security Check
3. And the AdwCleaner

The logs.


ComboFix 13-03-01.01 - Victor 2013-03-02  12:07:34.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.46.1053.18.8189.6791 [GMT 1:00]
Körs från: c:\users\Victor\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Skapade en ny återställningspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((((   Filer skapade från 2013-02-02 till 2013-03-02  ))))))))))))))))))))))))))))))
.
.
2013-03-02 11:11 . 2013-03-02 11:11    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-02 00:34 . 2013-03-02 00:34    --------    d-----w-    c:\windows\SysWow64\searchplugins
2013-03-02 00:34 . 2013-03-02 00:34    --------    d-----w-    c:\windows\SysWow64\Extensions
2013-03-02 00:34 . 2013-03-02 00:34    --------    d-----w-    c:\programdata\BrowserProtect
2013-03-02 00:34 . 2013-03-02 00:34    --------    d-----w-    c:\users\Victor\AppData\Roaming\BabSolution
2013-03-02 00:34 . 2013-03-02 00:34    --------    d-----w-    c:\users\Victor\AppData\Roaming\Delta
2013-03-02 00:34 . 2013-03-02 00:34    --------    d-----w-    c:\program files (x86)\Delta
2013-03-02 00:34 . 2013-03-02 00:34    --------    d-----w-    c:\users\Victor\AppData\Roaming\Babylon
2013-03-02 00:34 . 2013-03-02 00:34    --------    d-----w-    c:\programdata\Babylon
2013-03-01 21:43 . 2013-02-08 00:28    9162192    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFB304D0-A4DE-4A00-B658-0CAEFA23406C}\mpengine.dll
2013-02-28 03:14 . 2013-02-28 03:14    --------    d-----w-    C:\.jagex_cache_32
2013-02-24 16:05 . 2013-02-24 16:05    --------    d-----w-    c:\windows\.jagex_cache_32
2013-02-24 16:02 . 2013-02-24 16:05    --------    d-----w-    c:\users\Victor\jagexcache
2013-02-22 20:54 . 2013-02-22 20:54    14848    ----a-w-    c:\windows\system32\slwga.dll
2013-02-22 20:54 . 2013-02-22 20:54    13824    ----a-w-    c:\windows\SysWow64\slwga.dll
2013-02-20 19:36 . 2013-02-20 19:36    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2013-02-20 19:36 . 2013-02-20 19:36    --------    d-----r-    c:\program files (x86)\Skype
2013-02-18 02:01 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 02:01 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-17 14:14 . 2013-01-05 05:42    5554536    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-09 14:33 . 2013-02-09 14:33    --------    d-----w-    c:\users\Victor\AppData\Roaming\Guitar Pro 6
2013-02-09 14:33 . 2013-02-09 14:33    --------    d-----w-    c:\programdata\Guitar Pro 6
2013-02-03 13:26 . 2013-02-03 13:27    --------    d-----w-    c:\users\Victor\AppData\Roaming\WhatPulse
2013-02-02 16:44 . 2013-02-02 16:44    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-02 16:44 . 2013-02-02 16:44    --------    d-----w-    c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 03:56 . 2012-12-20 23:16    71024    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 03:56 . 2012-12-20 23:16    691568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-22 20:54 . 2010-11-21 03:24    419840    ----a-w-    c:\windows\system32\systemcpl.dll
2013-02-18 02:02 . 2012-12-20 23:40    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-02 16:44 . 2012-12-16 16:58    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-02-02 16:44 . 2012-12-16 16:58    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2010-11-21 03:27    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-17 14:14    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-23 02:10 . 2012-12-23 02:10    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2012-12-23 02:10 . 2012-12-23 02:10    1700352    ----a-w-    c:\windows\SysWow64\gdiplus.dll
2012-12-23 02:10 . 2012-12-23 02:10    1060864    ----a-w-    c:\windows\SysWow64\mfc71.dll
2012-12-21 00:08 . 2012-12-21 00:08    108008    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-21 00:08 . 2012-12-21 00:08    959976    ----a-w-    c:\windows\system32\deployJava1.dll
2012-12-21 00:08 . 2012-12-21 00:08    308200    ----a-w-    c:\windows\system32\javaws.exe
2012-12-21 00:08 . 2012-12-21 00:08    1081320    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-12-21 00:08 . 2012-12-21 00:08    188392    ----a-w-    c:\windows\system32\javaw.exe
2012-12-21 00:08 . 2012-12-21 00:08    188392    ----a-w-    c:\windows\system32\java.exe
2012-12-20 23:00 . 2012-12-20 23:00    283200    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2012-12-19 20:50 . 2012-09-28 02:23    5630200    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2012-12-19 20:48    11278336    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2012-12-19 20:29    23461376    ----a-w-    c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2012-12-19 20:22    70144    ----a-w-    c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19    163840    ----a-w-    c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18    51200    ----a-w-    c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2012-12-19 20:18    46080    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17    44544    ----a-w-    c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2012-12-19 20:17    44032    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2012-12-19 20:17    16082944    ----a-w-    c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2012-12-19 20:13    13703168    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12    18982400    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2012-09-28 01:43    960512    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2012-09-28 01:41    1151488    ----a-w-    c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2012-12-19 20:06    6681088    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2012-12-19 19:59    5087744    ----a-w-    c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-12-19 19:57    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56    550912    ----a-w-    c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2012-12-19 19:56    240640    ----a-w-    c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54    120320    ----a-w-    c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2012-12-19 19:54    21504    ----a-w-    c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54    59392    ----a-w-    c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2012-12-19 19:54    43520    ----a-w-    c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2012-09-28 01:22    7370752    ----a-w-    c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2012-09-28 01:22    4162048    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2012-12-19 19:44    6786560    ----a-w-    c:\windows\system32\atiumd64.dll
2012-12-19 19:33 . 2012-12-19 19:33    56320    ----a-w-    c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2012-12-19 19:33    56320    ----a-w-    c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-12-19 19:33    619008    ----a-w-    c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    56832    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33    56832    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33    421888    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2012-12-19 19:33    17920    ----a-w-    c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    14848    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    14848    ----a-w-    c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    41984    ----a-w-    c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2012-12-19 19:33    33280    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32    552960    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2012-09-28 01:11    130048    ----a-w-    c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2012-12-19 19:31    109568    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2012-12-19 19:31    104448    ----a-w-    c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2012-09-28 01:10    83968    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2012-12-19 14:45 . 2012-12-19 14:45    222720    ----a-w-    c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44    76288    ----a-w-    c:\windows\system32\OpenVideo64.dll
2012-12-19 14:44 . 2012-12-19 14:44    65536    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44    64000    ----a-w-    c:\windows\system32\OVDecode64.dll
2012-12-19 14:44 . 2012-12-19 14:44    56320    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2012-12-19 14:44 . 2012-12-19 14:44    34518016    ----a-w-    c:\windows\system32\amdocl64.dll
2012-12-19 14:38 . 2012-12-19 14:38    28732928    ----a-w-    c:\windows\SysWow64\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34    54784    ----a-w-    c:\windows\system32\OpenCL.dll
2012-12-19 14:34 . 2012-12-19 14:34    50176    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2012-12-16 18:35 . 2012-12-22 02:00    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
2012-12-16 17:34 . 2012-12-22 02:00    100864    ----a-w-    c:\windows\system32\fontsub.dll
2012-12-16 17:32 . 2012-12-22 02:00    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 15:05 . 2012-12-22 02:00    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:44 . 2012-12-22 02:00    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:44 . 2012-12-22 02:00    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-14 02:09 . 2012-12-14 02:09    91648    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2012-12-14 02:09 . 2012-12-14 02:09    89088    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2012-12-14 02:09 . 2012-12-14 02:09    89088    ----a-w-    c:\windows\system32\ie4uinit.exe
2012-12-14 02:09 . 2012-12-14 02:09    86528    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2012-12-14 02:09 . 2012-12-14 02:09    85504    ----a-w-    c:\windows\system32\iesetup.dll
2012-12-14 02:09 . 2012-12-14 02:09    82432    ----a-w-    c:\windows\system32\icardie.dll
2012-12-14 02:09 . 2012-12-14 02:09    76800    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2012-12-14 02:09 . 2012-12-14 02:09    76800    ----a-w-    c:\windows\system32\tdc.ocx
2012-12-14 02:09 . 2012-12-14 02:09    74752    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-12-14 02:09 . 2012-12-14 02:09    74752    ----a-w-    c:\windows\SysWow64\iesetup.dll
2012-12-14 02:09 . 2012-12-14 02:09    65024    ----a-w-    c:\windows\system32\pngfilt.dll
2012-12-14 02:09 . 2012-12-14 02:09    63488    ----a-w-    c:\windows\SysWow64\tdc.ocx
2012-12-14 02:09 . 2012-12-14 02:09    55296    ----a-w-    c:\windows\system32\msfeedsbs.dll
2012-12-14 02:09 . 2012-12-14 02:09    534528    ----a-w-    c:\windows\system32\ieapfltr.dll
2012-12-14 02:09 . 2012-12-14 02:09    49664    ----a-w-    c:\windows\system32\imgutil.dll
2012-12-14 02:09 . 2012-12-14 02:09    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2012-12-14 02:09 . 2012-12-14 02:09    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2012-12-14 02:09 . 2012-12-14 02:09    452608    ----a-w-    c:\windows\system32\dxtmsft.dll
2012-12-14 02:09 . 2012-12-14 02:09    448512    ----a-w-    c:\windows\system32\html.iec
2012-12-14 02:09 . 2012-12-14 02:09    403248    ----a-w-    c:\windows\system32\iedkcs32.dll
2012-12-14 02:09 . 2012-12-14 02:09    39936    ----a-w-    c:\windows\system32\iernonce.dll
2012-12-14 02:09 . 2012-12-14 02:09    3695416    ----a-w-    c:\windows\system32\ieapfltr.dat
2012-12-14 02:09 . 2012-12-14 02:09    367104    ----a-w-    c:\windows\SysWow64\html.iec
2012-12-14 02:09 . 2012-12-14 02:09    35840    ----a-w-    c:\windows\SysWow64\imgutil.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-01-23 12:24    247704    ----a-w-    c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Victor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-12 1199576]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-27 3093624]
"iCloudServices"="c:\program files (x86)\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-07 17706088]
"Spotify"="c:\users\Victor\AppData\Roaming\Spotify\spotify.exe" [2012-12-12 7880664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Victor\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261095~1.52\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-14 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-20 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-02-21 2561488]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-09-25 73728]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-09-25 178688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 05:41    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-20 03:56]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-12 23:30]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-12 23:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50    133400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=119586&babsrc=HP_ss&mntrId=5cd82fec0000000000006cf049547f50
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
Wow6432Node-HKCU-Run-Steam - f:\program files (x86)\Steam\steam.exe
Wow6432Node-HKCU-Run-WhatPulse - f:\program files (x86)\WhatPulse\WhatPulse.exe
AddRemove-Bugdom! - e:\english\Remove.exe
AddRemove-FL Studio 10 - f:\program files (x86)\Image-Line\FL Studio 10\uninstall.exe
AddRemove-Fraps - f:\program files (x86)\Fraps\uninstall.exe
AddRemove-reFX Nexus_is1 - f:\program files (x86)\VstPlugins\Uninstall Nexus\unins000.exe
AddRemove-Steam App 10 - f:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 42910 - f:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 49520 - f:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 570 - f:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 730 - f:\program files (x86)\Steam\steam.exe
AddRemove-{B810D852-DFD6-XCOM-89A5-CC4D47756DAF}_is1 - f:\program files (x86)\XCOM Enemy Unknown\unins000.exe
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2013-03-02  12:13:03
ComboFix-quarantined-files.txt  2013-03-02 11:13
.
Före genomsökningen: 67 377 737 728 byte ledigt
Efter genomsökningen: 69 091 864 576 byte ledigt
.
- - End Of File - - E97EB8B4BEADFB44752857331299947D
 

 

 

 

 

 

 

 Results of screen317's Security Check version 0.99.60  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 13  
 Java version out of Date!
 Adobe Flash Player 11.6.602.171  
 Adobe Reader XI  
 Google Chrome 24.0.1312.57  
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 14 Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
 
 
 
 
 
 
 
# AdwCleaner v2.113 - Logfile created 03/02/2013 at 12:19:24
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Victor - VICTOR-DATOR
# Boot Mode : Normal
# Running from : C:\Users\Victor\Desktop\adwcleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
Found : BrowserProtect
 
***** [Files / Folders] *****
 
File Found : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Delta
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\Users\Victor\AppData\Local\Conduit
Folder Found : C:\Users\Victor\AppData\LocalLow\Conduit
Folder Found : C:\Users\Victor\AppData\Roaming\BabSolution
Folder Found : C:\Users\Victor\AppData\Roaming\Babylon
Folder Found : C:\Users\Victor\AppData\Roaming\Delta
Folder Found : C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
 
***** [Registry] *****
 
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browserprotect.dll
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\5e558ad1b66ab912
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\5e558ad1b66ab912
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKU\S-1-5-21-1169792985-1571436648-1768862517-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1169792985-1571436648-1768862517-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119586&babsrc=HP_ss&mntrId=5cd82fec0000000000006cf049547f50
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.delta-search.com/?affID=119586&babsrc=HP_ss&mntrId=5cd82fec0000000000006cf049547f50
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Found [l.2576] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119586&babsrc=HP_ss&mntrId=5cd82fec0000000000006cf049547f50" ]
 
*************************
 
AdwCleaner[R1].txt - [7037 octets] - [02/03/2013 12:19:24]
 
########## EOF - C:\AdwCleaner[R1].txt - [7097 octets] ##########
 

 

 

I hope this helped and i'm grateful for response and help!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 03 March 2013 - 11:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please run the AdwCleaner tool and select the Delete button.
Post the log for my review.
===
Secure your system by updating 3rd party programs.
 
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
 
Be careful not to install malware posing as Java update!
Important read this blog.
 
Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
 
How to disable Java in your browsers
 
You can manually check your present version and update as recommended.
 
If present remove the old version(s) of Java using the Add/Remove Programs applet.
 
 
Old versions....
 
 
Java 7 update 10 introduced important new security controls
You can read about it here.
 
Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===
 
Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.
 
Adobe has released security updates for Adobe Flash Player 11.6.602.168 and earlier versions for Windows, Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh, and Adobe Flash Player 11.2.202.270 and earlier versions for Linux. 
 
 
On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.
 
You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
 
For the users of Internet Explorer download version 11.
===
 
Get the latest version of the Adobe Reader.
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
 
When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.
Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
 
DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
DDS.COM[\list]
 
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
Notepad will open with the results.Follow the instructions that pop up for posting the results.
Please note:  You may have to disable any script protection running if the scan fails to run.
 
Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
 
Let me know what problem persists.


#3 vigge123

vigge123
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 03 March 2013 - 02:28 PM

I ran the AdwCleaner and pressed delete. It's gone! Also says so in the log.
 

# AdwCleaner v2.113 - Logfile created 03/03/2013 at 20:22:01

# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Victor - VICTOR-DATOR
# Boot Mode : Normal
# Running from : C:\Users\Victor\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : BrowserProtect
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\ProgramData\BrowserProtect
File Deleted : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Victor\AppData\Local\Conduit
Folder Deleted : C:\Users\Victor\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Victor\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Victor\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Victor\AppData\Roaming\Delta
Folder Deleted : C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
 
***** [Registry] *****
 
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browserprotect.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\5e558ad1b66ab912
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5e558ad1b66ab912
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKU\S-1-5-21-1169792985-1571436648-1768862517-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119586&babsrc=HP_ss&mntrId=5cd82fec0000000000006cf049547f50 --> hxxp://www.google.com
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.2614] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119586&babsrc=HP_ss&mntrId[...]
 
*************************
 
AdwCleaner[R1].txt - [7160 octets] - [02/03/2013 12:19:24]
AdwCleaner[R2].txt - [7220 octets] - [03/03/2013 20:21:50]
AdwCleaner[S1].txt - [7010 octets] - [03/03/2013 20:22:01]
 
########## EOF - C:\AdwCleaner[S1].txt - [7070 octets] ##########


Thx alot for the help! Will definitely recommend this forum!


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 04 March 2013 - 09:56 AM

Glad we could help.
 
If all is well:
 
Time for some housekeeping
The following will implement some cleanup procedures as well as reset  System Restore points:
 
Click Start > Run  and copy/paste the following bold text into the Run box and click OK:
 
ComboFix /Uninstall 
===
 
To remove AdwCleaner.
 
Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.
 
If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.
 
Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
 
Surf Safely, and Think Prevention!
===


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 10 March 2013 - 09:20 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users