Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Help to remove Delta-Toolbar
Message
<blockquote data-quote="birdinthehand" data-source="post: 130578" data-attributes="member: 10508"><p>Hi There,</p><p></p><p></p><p>Somehow I've downloaded the Delta-Toolbar and can't get rid of it, I've tried for the last two days but that grinning frog will just not disappear!!!</p><p></p><p>I've listed above the things I've attempted, both the Microsoft quick & full scan report 0 problems yet the frog remains!!!</p><p></p><p>I really just don't know whether to attempt to enter the registry again or allow cnet to clean the registry or attempt to download another free registry cleaner or purchase one I'm also not sure what damage this "Thing" can do?</p><p></p><p>I would gratefully appreciate any help and guidance you can offer me.</p><p></p><p>Couldn't quite get it to add attachments so copy & pasted.</p><p></p><p>Hope this is ok?</p><p></p><p>Kind Regards .</p><p>Trudy </p><p></p><p>[/OTL logfile created on: 28/07/2013 20:30:38 - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trudy\Downloads</p><p> Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.10.9200.16635)</p><p>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy</p><p> </p><p>1013.38 Mb Total Physical Memory | 343.13 Mb Available Physical Memory | 33.86% Memory free</p><p>2.13 Gb Paging File | 0.70 Gb Available in Paging File | 32.86% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 225.25 Gb Total Space | 197.95 Gb Free Space | 87.88% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: TRUDY-PC | User Name: Trudy | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\Trudy\Downloads\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Users\Trudy\AppData\Roaming\Web Cake\WebCakeDesktop.exe (Bake Cake)</p><p>PRC - C:\Program Files\Web Cake\WebCakeDesktop.Updater.exe (cake bake)</p><p>PRC - C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE (Microsoft Corporation.)</p><p>PRC - C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)</p><p>PRC - C:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)</p><p>PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()</p><p>PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)</p><p>PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)</p><p>PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)</p><p>PRC - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)</p><p>PRC - C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Users\Trudy\AppData\Roaming\BabSolution\Shared\NTRedirect.dll ()</p><p>MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll ()</p><p>MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()</p><p>MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()</p><p>MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\59a12d8db2a29bbe4e597124682cc4f7\System.EnterpriseServices.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\dca6df8260d6c4c0bd66cb3be72eb73a\System.Transactions.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f95e6b6a92e3e28a3b553fe2998dd308\System.Data.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()</p><p>MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll ()</p><p>MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll ()</p><p>MOD - C:\Program Files\MyPC Backup\GetText.dll ()</p><p>MOD - C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll ()</p><p>MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()</p><p>MOD - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()</p><p>MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()</p><p>MOD - C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()</p><p>MOD - C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()</p><p>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()</p><p>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()</p><p>MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()</p><p>MOD - C:\Program Files\FSP\KbdHook.dll ()</p><p>MOD - C:\Program Files\FSP\FspLib.dll ()</p><p>MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - (WebCakeUpdater) -- C:\Program Files\Web Cake\WebCakeDesktop.Updater.exe (cake bake)</p><p>SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE (Microsoft Corporation.)</p><p>SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE (Microsoft Corporation.)</p><p>SRV - (BackupStack) -- C:\Program Files\MyPC Backup\BackupStack.exe (Just Develop It)</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()</p><p>SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)</p><p>SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)</p><p>SRV - (WajamUpdater) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - (MpKsl12227558) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{74012CF0-4B3B-4081-BB74-63053D8429E7}\MpKsl12227558.sys File not found</p><p>DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found</p><p>DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()</p><p>DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)</p><p>DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)</p><p>DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)</p><p>DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)</p><p>DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir=</p><p>IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir=</p><p>IE - HKLM\..\SearchScopes\{17C5ED25-3CAA-96C8-AB09-0DFB06130B52}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=950606563</p><p>IE - HKLM\..\SearchScopes\{19BCE93E-4DD1-A721-C50A-3BE4E5E40A4C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir=</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 25 67 7E 3C 5C CC 01 [binary data]</p><p>IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {EB54875D-DD8E-4010-B816-E3180B178F69}</p><p>IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</p><p>IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR</p><p>IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F8E2001A13BD01D1&affID=119523&tsp=4955</p><p>IE - HKCU\..\SearchScopes\{17C5ED25-3CAA-96C8-AB09-0DFB06130B52}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F8E2001A13BD01D1&affID=119523&tsp=4955</p><p>IE - HKCU\..\SearchScopes\{19BCE93E-4DD1-A721-C50A-3BE4E5E40A4C}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=</p><p>IE - HKCU\..\SearchScopes\{EB54875D-DD8E-4010-B816-E3180B178F69}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=950606563</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p> </p><p> </p><p>[2013/07/26 18:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - default_search_provider: ()</p><p>CHR - default_search_provider: search_url = </p><p>CHR - default_search_provider: suggest_url = </p><p>CHR - homepage: http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir=</p><p>CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\</p><p>CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.16_0\crossrider</p><p>CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.16_0\</p><p>CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\</p><p>CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.0.2_0\</p><p>CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.3.4.1_0\</p><p>CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\</p><p>CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\</p><p> </p><p>O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts</p><p>O2 - BHO: (Solid Savings) - {11111111-1111-1111-1111-110211621178} - C:\Program Files\Solid Savings\Solid Savings-bho.dll (Innovative Apps)</p><p>O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\Web Cake\WebCakeIEClient.dll (Web Cake LLC)</p><p>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.</p><p>O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)</p><p>O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)</p><p>O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)</p><p>O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)</p><p>O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.</p><p>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)</p><p>O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)</p><p>O4 - HKCU..\Run: [FDPRO-516] C:\Program Files\Fighters\FighterLauncher.exe FDPRO File not found</p><p>O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found</p><p>O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Trudy\AppData\Roaming\Web Cake\WebCakeDesktop.exe (Bake Cake)</p><p>O4 - Startup: C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O13 - gopher Prefix: missing</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C6A873-0973-47B7-81CC-36B822FFD4F6}: DhcpNameServer = 192.168.1.1</p><p>O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/07/27 21:59:52 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\mysearchdial</p><p>[2013/07/27 21:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mysearchdial</p><p>[2013/07/27 21:59:14 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup</p><p>[2013/07/27 21:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup</p><p>[2013/07/27 21:57:17 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Web Cake</p><p>[2013/07/27 21:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Web Cake</p><p>[2013/07/27 10:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group</p><p>[2013/07/27 10:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard</p><p>[2013/07/26 18:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro</p><p>[2013/07/26 18:43:25 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\Flash Player Pro</p><p>[2013/07/26 18:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Player Pro</p><p>[2013/07/26 18:42:45 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\Updater26278</p><p>[2013/07/26 18:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Solid Savings</p><p>[2013/07/26 18:41:04 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions</p><p>[2013/07/26 18:41:02 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins</p><p>[2013/07/26 18:41:00 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender</p><p>[2013/07/26 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender</p><p>[2013/07/26 18:40:49 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\BabSolution</p><p>[2013/07/26 18:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox</p><p>[2013/07/26 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Babylon</p><p>[2013/07/26 18:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon</p><p>[2013/07/26 16:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes</p><p>[2013/07/26 16:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod</p><p>[2013/07/26 16:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes</p><p>[2013/07/26 16:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1</p><p>[2013/07/26 16:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime</p><p>[2013/07/26 16:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime</p><p>[2013/07/26 14:09:54 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\ElevatedDiagnostics</p><p>[2013/07/26 13:43:34 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\SlimWare Utilities Inc</p><p>[2013/07/26 13:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate</p><p>[2013/07/26 13:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate</p><p>[2013/07/26 13:43:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers</p><p>[2013/07/26 12:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TorchCrashHandler</p><p>[2013/07/10 03:08:10 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb</p><p>[2013/07/10 03:08:05 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll</p><p>[2013/07/10 03:08:04 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll</p><p>[2013/07/10 03:08:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll</p><p>[2013/07/10 03:08:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll</p><p>[2013/07/10 03:07:58 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll</p><p>[2013/07/10 03:07:58 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe</p><p>[2013/07/10 03:07:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll</p><p>[2013/07/10 03:07:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll</p><p>[2013/07/10 03:07:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe</p><p>[2013/07/09 22:41:41 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll</p><p>[2013/07/09 22:41:38 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL</p><p>[2013/07/09 22:41:36 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll</p><p>[2013/07/09 22:41:33 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys</p><p>[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]</p><p>[1 C:\Users\Trudy\Documents\*.tmp files -> C:\Users\Trudy\Documents\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/07/28 20:08:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/07/28 20:00:01 | 000,000,292 | ---- | M] () -- C:\windows\tasks\MySearchDial.job</p><p>[2013/07/28 19:55:05 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job</p><p>[2013/07/28 19:05:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat</p><p>[2013/07/28 11:58:13 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/07/28 11:58:13 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/07/28 09:09:12 | 000,000,394 | ---- | M] () -- C:\windows\tasks\DriverUpdate Startup.job</p><p>[2013/07/28 09:07:58 | 000,013,464 | ---- | M] () -- C:\windows\System32\drivers\SWDUMon.sys</p><p>[2013/07/28 09:01:23 | 796,954,624 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/07/27 21:59:42 | 000,423,709 | ---- | M] () -- C:\Users\Trudy\AppData\Local\mysearchdial_speedial_v9.0.2.crx</p><p>[2013/07/27 21:59:14 | 000,001,067 | ---- | M] () -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk</p><p>[2013/07/26 16:35:55 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk</p><p>[2013/07/26 16:26:32 | 000,001,823 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk</p><p>[2013/07/26 12:42:20 | 000,002,181 | ---- | M] () -- C:\Users\Trudy\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk</p><p>[2013/07/15 07:55:12 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job</p><p>[2013/07/13 16:04:49 | 000,002,338 | ---- | M] () -- C:\Users\Trudy\Desktop\Google Chrome.lnk</p><p>[2013/07/10 03:20:17 | 000,334,432 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT</p><p>[2013/07/10 03:12:56 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat</p><p>[2013/07/10 03:12:56 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat</p><p>[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]</p><p>[1 C:\Users\Trudy\Documents\*.tmp files -> C:\Users\Trudy\Documents\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/07/27 22:00:46 | 000,000,292 | ---- | C] () -- C:\windows\tasks\MySearchDial.job</p><p>[2013/07/27 22:00:31 | 000,423,709 | ---- | C] () -- C:\Users\Trudy\AppData\Local\mysearchdial_speedial_v9.0.2.crx</p><p>[2013/07/27 21:59:14 | 000,001,067 | ---- | C] () -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk</p><p>[2013/07/26 16:35:55 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk</p><p>[2013/07/26 16:26:32 | 000,001,823 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk</p><p>[2013/07/26 13:43:54 | 000,000,394 | ---- | C] () -- C:\windows\tasks\DriverUpdate Startup.job</p><p>[2013/07/26 13:43:39 | 000,013,464 | ---- | C] () -- C:\windows\System32\drivers\SWDUMon.sys</p><p>[2012/07/06 17:28:12 | 000,384,844 | ---- | C] () -- C:\Users\Trudy\AppData\Local\funmoods-speeddial.crx</p><p>[2012/07/06 17:28:01 | 000,031,465 | ---- | C] () -- C:\Users\Trudy\AppData\Local\funmoods.crx</p><p>[2011/10/27 11:38:28 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe</p><p>[2011/08/19 14:31:27 | 000,004,776 | ---- | C] () -- C:\Users\Trudy\AppData\Roaming\wklnhst.dat</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2013/07/28 14:09:08 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\BabSolution</p><p>[2013/07/26 18:40:00 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Babylon</p><p>[2012/07/06 17:34:43 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Fighters</p><p>[2013/07/27 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\mysearchdial</p><p>[2012/09/19 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\PCCUStubInstaller</p><p>[2012/01/23 19:54:51 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Template</p><p>[2013/01/01 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\TFP</p><p>[2013/07/28 14:58:56 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Web Cake</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p></p><p>< End of report ></p><p>code]</p><p></p><p>Kind Regards</p><p></p><p>Trudy</p></blockquote><p></p>
[QUOTE="birdinthehand, post: 130578, member: 10508"] Hi There, Somehow I've downloaded the Delta-Toolbar and can't get rid of it, I've tried for the last two days but that grinning frog will just not disappear!!! I've listed above the things I've attempted, both the Microsoft quick & full scan report 0 problems yet the frog remains!!! I really just don't know whether to attempt to enter the registry again or allow cnet to clean the registry or attempt to download another free registry cleaner or purchase one I'm also not sure what damage this "Thing" can do? I would gratefully appreciate any help and guidance you can offer me. Couldn't quite get it to add attachments so copy & pasted. Hope this is ok? Kind Regards . Trudy [/OTL logfile created on: 28/07/2013 20:30:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trudy\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.38 Mb Total Physical Memory | 343.13 Mb Available Physical Memory | 33.86% Memory free 2.13 Gb Paging File | 0.70 Gb Available in Paging File | 32.86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 225.25 Gb Total Space | 197.95 Gb Free Space | 87.88% Space Free | Partition Type: NTFS Computer Name: TRUDY-PC | User Name: Trudy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Trudy\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Trudy\AppData\Roaming\Web Cake\WebCakeDesktop.exe (Bake Cake) PRC - C:\Program Files\Web Cake\WebCakeDesktop.Updater.exe (cake bake) PRC - C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) PRC - C:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.) PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\FSP\FspUip.exe (Sentelic Corporation) PRC - C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Users\Trudy\AppData\Roaming\BabSolution\Shared\NTRedirect.dll () MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll () MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll () MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\59a12d8db2a29bbe4e597124682cc4f7\System.EnterpriseServices.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\dca6df8260d6c4c0bd66cb3be72eb73a\System.Transactions.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f95e6b6a92e3e28a3b553fe2998dd308\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll () MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll () MOD - C:\Program Files\MyPC Backup\GetText.dll () MOD - C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll () MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () MOD - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files\FSP\KbdHook.dll () MOD - C:\Program Files\FSP\FspLib.dll () MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV - (WebCakeUpdater) -- C:\Program Files\Web Cake\WebCakeDesktop.Updater.exe (cake bake) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE (Microsoft Corporation.) SRV - (BackupStack) -- C:\Program Files\MyPC Backup\BackupStack.exe (Just Develop It) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (WajamUpdater) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (MpKsl12227558) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{74012CF0-4B3B-4081-BB74-63053D8429E7}\MpKsl12227558.sys File not found DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys () DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir= IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir= IE - HKLM\..\SearchScopes\{17C5ED25-3CAA-96C8-AB09-0DFB06130B52}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=950606563 IE - HKLM\..\SearchScopes\{19BCE93E-4DD1-A721-C50A-3BE4E5E40A4C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 25 67 7E 3C 5C CC 01 [binary data] IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {EB54875D-DD8E-4010-B816-E3180B178F69} IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F8E2001A13BD01D1&affID=119523&tsp=4955 IE - HKCU\..\SearchScopes\{17C5ED25-3CAA-96C8-AB09-0DFB06130B52}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F8E2001A13BD01D1&affID=119523&tsp=4955 IE - HKCU\..\SearchScopes\{19BCE93E-4DD1-A721-C50A-3BE4E5E40A4C}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= IE - HKCU\..\SearchScopes\{EB54875D-DD8E-4010-B816-E3180B178F69}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=950606563 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) [2013/07/26 18:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir= CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.16_0\crossrider CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.16_0\ CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.0.2_0\ CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.3.4.1_0\ CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\ CHR - Extension: No name found = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Solid Savings) - {11111111-1111-1111-1111-110211621178} - C:\Program Files\Solid Savings\Solid Savings-bho.dll (Innovative Apps) O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\Web Cake\WebCakeIEClient.dll (Web Cake LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\bh\mysearchdial.dll (Ironsource Israel (2011) LTD) O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation) O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [FDPRO-516] C:\Program Files\Fighters\FighterLauncher.exe FDPRO File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Trudy\AppData\Roaming\Web Cake\WebCakeDesktop.exe (Bake Cake) O4 - Startup: C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C6A873-0973-47B7-81CC-36B822FFD4F6}: DhcpNameServer = 192.168.1.1 O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/07/27 21:59:52 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\mysearchdial [2013/07/27 21:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mysearchdial [2013/07/27 21:59:14 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup [2013/07/27 21:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup [2013/07/27 21:57:17 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Web Cake [2013/07/27 21:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Web Cake [2013/07/27 10:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/07/27 10:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013/07/26 18:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro [2013/07/26 18:43:25 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\Flash Player Pro [2013/07/26 18:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Player Pro [2013/07/26 18:42:45 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\Updater26278 [2013/07/26 18:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Solid Savings [2013/07/26 18:41:04 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions [2013/07/26 18:41:02 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins [2013/07/26 18:41:00 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013/07/26 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013/07/26 18:40:49 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\BabSolution [2013/07/26 18:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/07/26 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Babylon [2013/07/26 18:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013/07/26 16:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/07/26 16:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/07/26 16:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/07/26 16:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/07/26 16:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013/07/26 16:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013/07/26 14:09:54 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\ElevatedDiagnostics [2013/07/26 13:43:34 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\SlimWare Utilities Inc [2013/07/26 13:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate [2013/07/26 13:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate [2013/07/26 13:43:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers [2013/07/26 12:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TorchCrashHandler [2013/07/10 03:08:10 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013/07/10 03:08:05 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013/07/10 03:08:04 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013/07/10 03:08:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2013/07/10 03:08:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013/07/10 03:07:58 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013/07/10 03:07:58 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2013/07/10 03:07:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2013/07/10 03:07:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2013/07/10 03:07:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2013/07/09 22:41:41 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013/07/09 22:41:38 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL [2013/07/09 22:41:36 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll [2013/07/09 22:41:33 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Trudy\Documents\*.tmp files -> C:\Users\Trudy\Documents\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/07/28 20:08:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/07/28 20:00:01 | 000,000,292 | ---- | M] () -- C:\windows\tasks\MySearchDial.job [2013/07/28 19:55:05 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job [2013/07/28 19:05:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/07/28 11:58:13 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/28 11:58:13 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/28 09:09:12 | 000,000,394 | ---- | M] () -- C:\windows\tasks\DriverUpdate Startup.job [2013/07/28 09:07:58 | 000,013,464 | ---- | M] () -- C:\windows\System32\drivers\SWDUMon.sys [2013/07/28 09:01:23 | 796,954,624 | -HS- | M] () -- C:\hiberfil.sys [2013/07/27 21:59:42 | 000,423,709 | ---- | M] () -- C:\Users\Trudy\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013/07/27 21:59:14 | 000,001,067 | ---- | M] () -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2013/07/26 16:35:55 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/07/26 16:26:32 | 000,001,823 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/07/26 12:42:20 | 000,002,181 | ---- | M] () -- C:\Users\Trudy\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk [2013/07/15 07:55:12 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job [2013/07/13 16:04:49 | 000,002,338 | ---- | M] () -- C:\Users\Trudy\Desktop\Google Chrome.lnk [2013/07/10 03:20:17 | 000,334,432 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/07/10 03:12:56 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/07/10 03:12:56 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Trudy\Documents\*.tmp files -> C:\Users\Trudy\Documents\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/07/27 22:00:46 | 000,000,292 | ---- | C] () -- C:\windows\tasks\MySearchDial.job [2013/07/27 22:00:31 | 000,423,709 | ---- | C] () -- C:\Users\Trudy\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013/07/27 21:59:14 | 000,001,067 | ---- | C] () -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2013/07/26 16:35:55 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/07/26 16:26:32 | 000,001,823 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/07/26 13:43:54 | 000,000,394 | ---- | C] () -- C:\windows\tasks\DriverUpdate Startup.job [2013/07/26 13:43:39 | 000,013,464 | ---- | C] () -- C:\windows\System32\drivers\SWDUMon.sys [2012/07/06 17:28:12 | 000,384,844 | ---- | C] () -- C:\Users\Trudy\AppData\Local\funmoods-speeddial.crx [2012/07/06 17:28:01 | 000,031,465 | ---- | C] () -- C:\Users\Trudy\AppData\Local\funmoods.crx [2011/10/27 11:38:28 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe [2011/08/19 14:31:27 | 000,004,776 | ---- | C] () -- C:\Users\Trudy\AppData\Roaming\wklnhst.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/07/28 14:09:08 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\BabSolution [2013/07/26 18:40:00 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Babylon [2012/07/06 17:34:43 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Fighters [2013/07/27 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\mysearchdial [2012/09/19 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\PCCUStubInstaller [2012/01/23 19:54:51 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Template [2013/01/01 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\TFP [2013/07/28 14:58:56 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Web Cake [color=#E56717]========== Purity Check ==========[/color] < End of report > code] Kind Regards Trudy [/QUOTE]
Insert quotes…
Verification
Post reply
Top