Author Topic: Please Help me remove spyware (logs included) (Read 7647 times)

Iwishiknew · « **on:** August 19, 2013, 05:30:05 AM »

Hello Good People !

My computer is infected, i think it happened when someone in the house tried to download music from a questionable site. THANK YOU for helping !

hear are the essential logs:

# AdwCleaner v2.306 - Logfile created 08/19/2013 at 12:46:19
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : rob - MUSIC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\rob\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : WebCake Desktop Updater

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\searchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\searchplugins\BrowserDefender.xml
File Deleted : C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\searchplugins\delta.xml
File Deleted : C:\WINDOWS\Tasks\Plus-HD-2.2-codedownloader.job
File Deleted : C:\WINDOWS\Tasks\Plus-HD-2.2-enabler.job
File Deleted : C:\WINDOWS\Tasks\Plus-HD-2.2-firefoxinstaller.job
File Deleted : C:\WINDOWS\Tasks\Plus-HD-2.2-updater.job
File Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
File Disinfected : C:\Documents and Settings\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
File Disinfected : C:\Documents and Settings\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
File Disinfected : C:\Documents and Settings\rob\Start Menu\Programs\Internet Explorer.lnk
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\rob\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\rob\Application Data\eIntaller
Folder Deleted : C:\Documents and Settings\rob\Application Data\ExpressFiles
Folder Deleted : C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\jetpack
Folder Deleted : C:\Documents and Settings\rob\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\rob\Application Data\WebCake
Folder Deleted : C:\Documents and Settings\rob\Local Settings\Application Data\visualbeeexe
Folder Deleted : C:\Documents and Settings\rob\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Program Files\Common Files\337
Folder Deleted : C:\Program Files\Desk 365
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\Plus-HD-2.2
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\Program Files\WebCake

***** [Registry] *****

Data Deleted : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=adk&from=adk&uid=WDCXWD1600AAJB-00J3A0_WD-WCAV2AW6484964849&ts=1373556306
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\5e2dbdae53cb917
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ExpressFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Plus-HD-2.2
Key Deleted : HKCU\Software\V9
Key Deleted : HKLM\SOFTWARE\5e2dbdae53cb917
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311301136}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311341138}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342238}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033438.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033438.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033438.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033438.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345538}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346638}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344304436}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344344438}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Desk 365
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341138}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341138}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Plus-HD-2.2
Key Deleted : HKLM\Software\qvo6Software
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\V9
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=545300241D74D111&affID=122310&tsp=4942 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=adk&from=adk&uid=WDCXWD1600AAJB-00J3A0_WD-WCAV2AW6484964849&ts=1373556306 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=adk&from=adk&uid=WDCXWD1600AAJB-00J3A0_WD-WCAV2AW6484964849&ts=7929971 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=adk&from=adk&uid=WDCXWD1600AAJB-00J3A0_WD-WCAV2AW6484964849&ts=7929971 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=adk&from=adk&uid=WDCXWD1600AAJB-00J3A0_WD-WCAV2AW6484964849&ts=1373556306 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=adk&from=adk&uid=WDCXWD1600AAJB-00J3A0_WD-WCAV2AW6484964849&ts=1373556306 --> hxxp://www.google.com

-\\ Mozilla Firefox v23.0.1 (en-US)

File : C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\prefs.js

C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Delta Search");
Deleted : user_pref("browser.search.order.1", "Delta Search");
Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Deleted : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.3303[...]
Deleted : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.3303[...]
Deleted : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.3303[...]
Deleted : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.3303[...]
Deleted : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.3303[...]
Deleted : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.3303[...]
Deleted : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.3303[...]
Deleted : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.3303[...]
Deleted : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.3303[...]
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "5453a0ef00000000000000241d74d111");
Deleted : user_pref("extensions.delta.instlDay", "15899");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.515:51:24");
Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=122310&tsp=4942");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[S1].txt - [18015 octets] - [19/08/2013 12:46:19]

########## EOF - C:\AdwCleaner[S1].txt - [18076 octets] ##########

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.19.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
rob :: MUSIC [administrator]

8/19/2013 12:59:10 PM
mbam-log-2013-08-19 (12-59-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200082
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Detected: 5
C:\Documents and Settings\rob\Desktop\war on spyware\setup(1).exe (PUP.Optional.InstallCore) -> 3316 -> Delete on reboot.
C:\Program Files\tuto4pc_fr_53\tuto4pc_fr_53.exe (Adware.Tuto4PC) -> 2752 -> Delete on reboot.
C:\Documents and Settings\rob\Local Settings\Application Data\tuto4pc_fr_53\Download\majt4pcfr.exe (Adware.Eorezo) -> 3784 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 2088 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 3352 -> Delete on reboot.

Memory Modules Detected: 2
C:\Documents and Settings\rob\Application Data\BabSolution\Shared\EnhancedNT.dll (PUP.Optional.A.BabSolution) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Delete on reboot.

Registry Keys Detected: 68
HKCR\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0} (PUP.DealPly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0} (PUP.DealPly) -> Quarantined and deleted successfully.
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dealply (PUP.DealPly.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
HKCR\DealPlyLive.OneClickCtrl.9 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLive.OneClickProcessLauncherMachine (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLive.OneClickProcessLauncherMachine.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLive.Update3WebControl.3 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.CoCreateAsync (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.CoCreateAsync.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.CoreClass (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.CoreClass.1 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.CoreMachineClass (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.CoreMachineClass.1 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.CredentialDialogMachine (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.CredentialDialogMachine.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.ProcessLauncher (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.ProcessLauncher.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.Update3COMClassService (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.Update3COMClassService.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.Update3WebMachine (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.Update3WebMachine.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.Update3WebMachineFallback (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.Update3WebSvc (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\DealPlyLiveUpdate.Update3WebSvc.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\dealplylive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DEALPLYLIVE.EXE (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\dealplylivem (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\d (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.

Registry Values Detected: 7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tuto4pc_fr_53 (Adware.Tuto4PC) -> Data: "C:\Program Files\tuto4pc_fr_53\tuto4pc_fr_53.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www1.delta-search.com/?babsrc=HP_ss&mntrId=545300241D74D111&affID=119357&tsp=4979 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NTRedirect (PUP.Optional.A.BabSolution) -> Data: C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\rob\Application Data\BabSolution\Shared\EnhancedNT.dll",Run -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bad: (c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll) Good: () -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www1.delta-search.com/?babsrc=HP_ss&mntrId=545300241D74D111&affID=119357&tsp=4979) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 28
C:\Program Files\DealPly (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Start Menu\Programs\DealPly (PUP.OPtional.Dealply) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Local Settings\Application Data\eorezo (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Local Settings\Application Data\eorezo\eorezo (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Local Settings\Application Data\eorezo\eorezo\1.10 (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\Dealply (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\Download (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\Install (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\Offline (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\Offline\{9999F3FA-619F-482B-A388-AA998F49C6F1} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\BabSolution (PUP.Optional.BabSolution.A) -> Delete on reboot.
C:\Documents and Settings\rob\Application Data\BabSolution\CR (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Delete on reboot.
C:\Program Files\Delta\delta\1.8.24.5 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Program Files\Delta\delta\1.8.24.5\bh (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.

Files Detected: 131
C:\Documents and Settings\rob\Desktop\war on spyware\setup(1).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Program Files\tuto4pc_fr_53\tuto4pc_fr_53.exe (Adware.Tuto4PC) -> Delete on reboot.
C:\Documents and Settings\rob\Local Settings\Application Data\tuto4pc_fr_53\Download\majt4pcfr.exe (Adware.Eorezo) -> Delete on reboot.
C:\Program Files\DealPly\DealPlyIE.dll (PUP.DealPly) -> Quarantined and deleted successfully.
C:\Program Files\Delta\delta\1.8.24.5\bh\delta.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Program Files\Delta\delta\1.8.24.5\deltasrv.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Program Files\Delta\delta\1.8.24.5\deltaTlbr.dll (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\Dealply\UpdateProc\UpdateTask.exe (PUP.DealPly.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\My Documents\Downloads\77ZipSetup.exe (PUP.Optional.InstallBrain) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\My Documents\Downloads\George_Benson_It_s_Uptown_1966_FLAC.exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\My Documents\Downloads\setup.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\My Documents\Downloads\Zipper_downloader_by_Zipper.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Local Settings\Temp\is1326335552\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Local Settings\Temp\is1326335552\Tuto4PC_Setup_FR.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Local Settings\Temp\99E01F4F-BAB0-7891-B5D0-22EA53E2D2F1\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Local Settings\Temp\99E01F4F-BAB0-7891-B5D0-22EA53E2D2F1\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Local Settings\Temp\99E01F4F-BAB0-7891-B5D0-22EA53E2D2F1\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Local Settings\Temp\99E01F4F-BAB0-7891-B5D0-22EA53E2D2F1\Latest\Setup.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPly\DealPly.crx (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\Program Files\DealPly\DealPly.xpi (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\Program Files\DealPly\DealPlyIE64.dll (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\Program Files\DealPly\DealPlyUpdate.exe (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\Program Files\DealPly\DealPlyUpdateRun.exe (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\Program Files\DealPly\DealPlyUpdateVer.exe (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\Program Files\DealPly\icon.ico (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\Program Files\DealPly\uninst.exe (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineCore.job (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\BrowserDefendert.job (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\EPUpdater.job (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\DealPlyUpdate.job (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Start Menu\Programs\DealPly\Uninstall DealPly.lnk (PUP.OPtional.Dealply) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Start Menu\Programs\DealPly\DealPly Help.url (PUP.OPtional.Dealply) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Start Menu\Programs\DealPly\DealPly.url (PUP.OPtional.Dealply) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\BabSolution\Shared\EnhancedNT.dll (PUP.Optional.A.BabSolution) -> Delete on reboot.
C:\Program Files\DealPlyLive\Update\DealPlyLive.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Local Settings\Application Data\eorezo\eorezo\1.10\eorezo.cyl (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdate.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\psmachine.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\psuser.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\rob\Application Data\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Program Files\Delta\delta\1.8.24.5\deltaApp.dll (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Program Files\Delta\delta\1.8.24.5\deltaEng.dll (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Program Files\Delta\delta\1.8.24.5\GUninstaller.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Program Files\Delta\delta\1.8.24.5\uninstall.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.

(end)

Results of screen317's Security Check version 0.99.72
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.display Name ECHO is off.
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 13
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````[/u]

SuperDave · « **Reply #1 on:** August 19, 2013, 04:26:17 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Why have you not installed SP3?

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
********************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
***********************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Iwishiknew · « **Reply #2 on:** August 26, 2013, 07:54:41 AM »

Thank you for helping SuperDave !

I've installed SP3, updated Java and followed your instruction.

here are the two logs you asked for:

ComboFix 13-08-25.01 - rob 08/26/2013 13:33:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1366 [GMT 2:00]
Running from: c:\documents and settings\rob\Desktop\war on spyware\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\rob\Start Menu\Programs\BrowserDefender\Uninstall BrowserDefender.lnk
.
.
((((((((((((((((((((((((( Files Created from 2013-07-26 to 2013-08-26 )))))))))))))))))))))))))))))))
.
.
2013-08-26 11:16 . 2013-08-26 11:16   --------   d-----w-   c:\windows\ERUNT
2013-08-26 11:08 . 2013-08-26 11:08   159744   ----a-w-   c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-08-26 11:08 . 2013-08-26 11:08   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-08-26 11:08 . 2013-08-26 11:08   159744   ----a-w-   c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-08-26 11:08 . 2013-08-26 11:08   159744   ----a-w-   c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-08-26 11:08 . 2013-08-26 11:08   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-08-26 11:08 . 2013-08-26 11:08   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-08-26 11:08 . 2013-08-26 11:08   159744   ----a-w-   c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-08-26 11:08 . 2013-08-26 11:08   159744   ----a-w-   c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-08-26 11:08 . 2013-08-26 11:08   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-08-26 11:08 . 2013-08-26 11:08   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-08-26 11:08 . 2013-08-26 11:08   --------   d-----w-   c:\program files\QuickTime
2013-08-26 11:08 . 2013-08-26 11:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2013-08-26 10:58 . 2013-08-26 10:58   --------   d-s---w-   c:\documents and settings\rob\UserData
2013-08-19 10:57 . 2013-08-19 10:57   --------   d-----w-   c:\documents and settings\rob\Application Data\Malwarebytes
2013-08-19 10:55 . 2013-08-19 10:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-19 10:55 . 2013-08-19 10:55   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-08-19 10:55 . 2013-04-04 12:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-08-19 10:55 . 2013-08-26 11:24   --------   d-----w-   c:\program files\WebConnect
2013-08-19 10:55 . 2013-08-19 12:45   --------   d-----w-   c:\documents and settings\rob\Local Settings\Application Data\tuto4pc_fr_53
2013-08-19 10:55 . 2013-08-19 10:55   --------   d-----w-   c:\documents and settings\rob\Local Settings\Application Data\Google
2013-08-19 10:38 . 2013-08-19 10:38   --------   d-----w-   c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 15:48 . 2013-06-13 15:48   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2013-06-13 15:48 . 2003-02-21 12:42   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2013-06-12 18:01 . 2012-10-25 16:34   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 18:01 . 2012-10-25 16:34   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeltTray"="DeltTray.exe" [2003-12-10 56320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"RunSpellCheckAnywhere"="c:\program files\Spell Check Anywhere\sa.exe" [2004-12-27 606208]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-14 110592]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-06-13 295512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\documents and settings\rob\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-10-27 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2012-12-17 49254]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-10-27 113664]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2013-1-29 685936]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\rob\\Desktop\\express files dowloader\\ExpressFiles\\expressdl.exe"=
"c:\\Documents and Settings\\rob\\Desktop\\express files dowloader\\ExpressFiles\\ExpressFiles.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/21/2012 3:45 AM 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/13/2012 3:11 AM 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 2:05 PM 196664]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [4/16/2013 3:07 AM 39056]
R2 Update WK;Update WK;c:\program files\WebConnect\updateWebConnect.exe [8/17/2013 3:55 PM 199976]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/16/2012 12:34 AM 5814904]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 18:01]
.
2013-08-26 c:\windows\Tasks\Express FilesUpdate.job
- c:\documents and settings\rob\Desktop\express files dowloader\ExpressFiles\EFUpdater.exe [2013-07-05 13:50]
.
2013-08-26 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1645522239-1563985344-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 10:45]
.
2013-08-24 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1645522239-1563985344-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 10:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\documents and settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2013-08-11 21:18; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-17 19:07; [email protected]; c:\documents and settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\extensions\[email protected]
FF - ExtSQL: 2013-08-19 11:06; [email protected]; c:\documents and settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\extensions\[email protected]
FF - ExtSQL: 2013-08-19 12:55; {e53a26f5-7199-4a5b-86f5-d2e86854b979}; c:\documents and settings\rob\Application Data\Mozilla\Firefox\Profiles\rl75rg0e.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-upt4pc_fr_53.exe - c:\documents and settings\rob\Local Settings\Application Data\tuto4pc_fr_53\upt4pc_fr_53.exe
HKLM-Run-tuto4pc_fr_53 - (no file)
AddRemove-WebConnect - c:\program files\WebConnect\WebConnectuninstall.exe
AddRemove-VisualBee for Microsoft PowerPoint - c:\documents and settings\rob\Local Settings\Application Data\VisualBeeExe\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 13:35
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-08-26 13:37:04
ComboFix-quarantined-files.txt 2013-08-26 11:37
.
Pre-Run: 419,031,113,728 bytes free
Post-Run: 419,116,326,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E92F7CBD998F74FBB40D014D04FB225C
8F558EB6672622401DA993E1E865C861

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Microsoft Windows XP x86
Ran by rob on Mon 08/26/2013 at 13:16:17.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] browserdefendert
Successfully deleted: [Service] browserdefendert

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dealplylive.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealply
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealply
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

~~~ Files

Successfully deleted: [File] C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineUA.job
Successfully deleted: [File] C:\WINDOWS\Tasks\Plus-HD-2.5-codedownloader.job
Successfully deleted: [File] C:\WINDOWS\Tasks\Plus-HD-2.5-enabler.job
Successfully deleted: [File] C:\WINDOWS\Tasks\Plus-HD-2.5-firefoxinstaller.job
Successfully deleted: [File] C:\WINDOWS\Tasks\Plus-HD-2.5-updater.job

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\visualbee"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\browserdefender"
Successfully deleted: [Folder] "C:\Documents and Settings\rob\Local Settings\Application Data\dealplylive"
Successfully deleted: [Folder] "C:\Documents and Settings\rob\Local Settings\Application Data\visualbeeclient"
Successfully deleted: [Folder] "C:\Program Files\delta"
Failed to delete: [Folder] "C:\Program Files\webconnect"

~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\rob\Application Data\mozilla\firefox\profiles\rl75rg0e.default\user.js
Successfully deleted: [File] C:\Documents and Settings\rob\Application Data\mozilla\firefox\profiles\rl75rg0e.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Documents and Settings\rob\Application Data\mozilla\firefox\profiles\rl75rg0e.default\bprotector_prefs.js
Successfully deleted: [File] C:\Documents and Settings\rob\Application Data\mozilla\firefox\profiles\rl75rg0e.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Documents and Settings\rob\Application Data\mozilla\firefox\profiles\rl75rg0e.default\extensions\[email protected]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Successfully deleted the following from C:\Documents and Settings\rob\Application Data\mozilla\firefox\profiles\rl75rg0e.default\prefs.js

user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=545300241D74D111&affID=119357&tsp=4979");
user_pref("browser.startup.homepage", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=545300241D74D111&affID=119357&tsp=4979");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.js", "\n\n /************************************************************
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f 184f63685711674e04973936f860cd2a102a9co m33036.33036.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "13f2947508f877d9b98ff84d6916f573");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "5453a0ef00000000000000241d74d111");
user_pref("extensions.delta.instlDay", "15936");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.24.5");
user_pref("extensions.delta.vrsnTs", "1.8.24.512:55:48");
user_pref("extensions.delta.vrsni", "1.8.24.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4979");
user_pref("extensions.delta_i.srcExt", "ss");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/26/2013 at 13:19:59.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SuperDave · « **Reply #3 on:** August 26, 2013, 01:17:34 PM »

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Computer Hope Forum

News:

Author Topic: Please Help me remove spyware (logs included) (Read 7647 times)

Iwishiknew

Please Help me remove spyware (logs included)

SuperDave

Re: Please Help me remove spyware (logs included)

Iwishiknew

Re: Please Help me remove spyware (logs included)

SuperDave

Re: Please Help me remove spyware (logs included)