Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Delta Search Infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 GaryC1983

GaryC1983

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 04 March 2013 - 12:49 AM

Hi Guys,

 

I was looking for some freeware file conversion software the other day and I believe I was hit with the Delta Search malware. I did some Malwarebytes scans and killed quite a few bugs but I noticed that the Delta Search bar still shows up when I use Internet Explorer. Any help from the community would be greatly appreciated. Here are my logs. Thank you! :)

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16482
Run by Gary Coleman at 21:34:03 on 2013-03-03
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6098.4518 [GMT -8:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=92069a21000000000000243c200783e8
uDefault_Page_URL = hxxp://asus13.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg32.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1115\7.5.1115\TmBpIe32.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7B765F42-EEF0-4A68-8640-2B92DEDC98A8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C83B8ACE-8D76-48BB-8511-50842F5B0C49} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1115\7.5.1115\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1115\7.5.1115\TmBpIe64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1115\7.5.1115\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gary Coleman\AppData\Roaming\Mozilla\Firefox\Profiles\aea9v9nd.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - ExtSQL: 2013-02-07 04:18; tmbepff-7.5@trendmicro.com; C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1115\7.5.1115\firefoxextension
FF - ExtSQL: 2013-02-07 04:18; {22181a4d-af90-4ca3-a569-faed9118d6bc}; C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF - ExtSQL: 2013-02-07 04:19; {21541D23-FDA1-4bf3-8AF2-8F623BF70B07}; C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 92069a21000000000000243c200783e8
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15753
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.03:57:01
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 TMEBC;TMEBC;C:\Windows\System32\Drivers\TMEBC64.sys [2012-12-11 46392]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\Drivers\tmevtmgr.sys [2012-12-11 76672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-9 239616]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-12-11 310952]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-12-11 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-12-11 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-12-11 149120]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-19 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-7 398184]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\Drivers\tmusa.sys [2012-12-11 77112]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-19 365376]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-12-19 91648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-2-7 24176]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-11 690832]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\Drivers\RTWlanU.sys [2012-9-17 1576080]
R3 tmeevw;tmeevw;C:\Windows\System32\Drivers\tmeevw.sys [2012-12-11 98104]
S0 tmel;tmel;C:\Windows\System32\Drivers\tmel.sys [2012-12-11 34224]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-7 682344]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-11-15 645952]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2012-6-2 1737760]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\Drivers\RTWlanU.sys [2012-9-17 1576080]
.
=============== Created Last 30 ================
.
2013-02-28 10:08:58    --------    d-----w-    C:\Users\Gary Coleman\AppData\Local\Adobe
2013-02-28 10:05:34    --------    d-----w-    C:\Program Files (x86)\DAMN NFO Viewer
2013-02-19 07:24:25    --------    d-----w-    C:\ProgramData\PopCap Games
2013-02-17 12:14:34    78176    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-17 12:14:34    692576    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-17 11:57:21    --------    d-sh--w-    C:\Windows\SysWow64\AI_RecycleBin
2013-02-17 11:57:19    --------    d-----w-    C:\ProgramData\Strongvault Online Backup
2013-02-17 11:57:14    --------    d-sh--w-    C:\AI_RecycleBin
2013-02-17 11:56:32    --------    d-----w-    C:\Users\Gary Coleman\AppData\Roaming\Babylon
2013-02-17 11:56:32    --------    d-----w-    C:\ProgramData\Babylon
2013-02-17 11:55:50    --------    d-----w-    C:\Users\Gary Coleman\AppData\Local\Lucky Savings
2013-02-17 11:55:09    --------    d-----w-    C:\Users\Gary Coleman\AppData\Local\SwvUpdater
2013-02-17 11:49:07    1690624    ----a-w-    C:\Windows\System32\GdiPlus.dll
2013-02-17 11:49:07    1437696    ----a-w-    C:\Windows\SysWow64\GdiPlus.dll
2013-02-14 18:31:57    4055552    ----a-w-    C:\Windows\System32\win32k.sys
2013-02-14 14:50:32    6967016    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-02-14 12:55:43    2226408    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-02-14 08:00:42    817664    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:00:42    1084416    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-09 10:57:12    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-02-08 06:06:35    --------    d-----w-    C:\Users\Gary Coleman\AppData\Roaming\Malwarebytes
2013-02-08 06:06:15    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-02-08 06:06:11    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-02-08 06:06:11    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-08 06:05:59    --------    d-----w-    C:\Users\Gary Coleman\AppData\Local\Programs
2013-02-08 06:05:37    --------    d-----w-    C:\Program Files\CCleaner
2013-02-08 06:01:28    4322992    ----a-w-    C:\Windows\PE_Rom.dll
2013-02-08 03:04:21    --------    d-----w-    C:\Users\Gary Coleman\AppData\Roaming\uTorrent
2013-02-08 03:04:01    929792    ----a-w-    C:\Windows\SysWow64\mfnetsrc.dll
2013-02-08 03:04:01    850944    ----a-w-    C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-02-08 03:04:01    677888    ----a-w-    C:\Windows\System32\mfnetcore.dll
2013-02-08 03:04:01    673280    ----a-w-    C:\Windows\System32\mfmpeg2srcsnk.dll
2013-02-08 03:04:01    568832    ----a-w-    C:\Windows\SysWow64\mfnetcore.dll
2013-02-08 03:04:01    513024    ----a-w-    C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2013-02-08 03:04:01    1172992    ----a-w-    C:\Windows\System32\mfnetsrc.dll
2013-02-08 03:04:00    1048064    ----a-w-    C:\Windows\System32\mfasfsrcsnk.dll
2013-02-08 03:02:52    83456    ----a-w-    C:\Windows\System32\drivers\hidclass.sys
2013-02-08 03:01:59    883712    ----a-w-    C:\Windows\HelpPane.exe
2013-02-08 03:00:52    --------    d-----r-    C:\Program Files (x86)\Skype
2013-02-07 15:13:51    --------    d-----w-    C:\Users\Gary Coleman\AppData\Local\Trend Micro
2013-02-07 13:20:11    16114176    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-02-07 13:20:11    15541248    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-02-07 13:19:18    9161176    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2F026676-AF20-428F-A902-E57F8F87E0F0}\mpengine.dll
2013-02-07 13:19:03    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-02-07 13:09:15    17888    ----a-w-    C:\Windows\System32\msvcr100_clr0400.dll
2013-02-07 13:08:01    17888    ----a-w-    C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-02-07 13:05:53    96256    ----a-w-    C:\Windows\System32\fontsub.dll
2013-02-07 13:00:02    18528    ----a-w-    C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2013-02-07 12:50:20    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-07 12:33:14    --------    d-----w-    C:\Users\Gary Coleman\AppData\Local\Diagnostics
2013-02-07 12:22:23    --------    d-----w-    C:\Users\Gary Coleman\AppData\Local\ATI
2013-02-07 12:22:18    --------    d-----w-    C:\Users\Gary Coleman\AppData\Local\Macromedia
2013-02-07 12:22:00    --------    d-----r-    C:\Users\Gary Coleman\Searches
2013-02-07 12:22:00    --------    d-----r-    C:\Users\Gary Coleman\Contacts
2013-02-07 12:21:14    --------    d-----w-    C:\Users\Gary Coleman\AppData\Local\VirtualStore
2013-02-07 12:21:02    --------    d-----w-    C:\Users\Gary Coleman\AppData\Local\Packages
2013-02-07 12:17:31    --------    d-----w-    C:\Users\Gary Coleman\AppData\Local\Mozilla
.
==================== Find3M  ====================
.
2013-01-16 00:35:49    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-01-16 00:31:26    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-01-10 01:53:32    28904    ----a-w-    C:\Windows\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39    1448168    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38    303848    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29    194280    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-01-10 01:39:22    124648    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-01-10 01:29:56    91880    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2013-01-10 01:29:54    1934056    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-01-10 01:29:21    785504    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-01-09 23:26:53    83968    ----a-w-    C:\Windows\SysWow64\wiaacmgr.exe
2013-01-09 23:26:46    1611776    ----a-w-    C:\Windows\SysWow64\mmc.exe
2013-01-09 23:26:35    410624    ----a-w-    C:\Windows\SysWow64\Windows.Networking.dll
2013-01-09 23:26:35    261120    ----a-w-    C:\Windows\SysWow64\Windows.Media.dll
2013-01-09 23:26:23    1752064    ----a-w-    C:\Windows\SysWow64\setupapi.dll
2013-01-09 23:26:20    67584    ----a-w-    C:\Windows\SysWow64\samlib.dll
2013-01-09 23:26:08    115712    ----a-w-    C:\Windows\SysWow64\netprofm.dll
2013-01-09 23:26:04    890880    ----a-w-    C:\Windows\SysWow64\msctf.dll
2013-01-09 23:26:03    436736    ----a-w-    C:\Windows\SysWow64\MP4SDECD.DLL
2013-01-09 23:23:32    95232    ----a-w-    C:\Windows\System32\wiaacmgr.exe
2013-01-09 23:23:25    2094592    ----a-w-    C:\Windows\System32\mmc.exe
2013-01-09 23:23:18    256000    ----a-w-    C:\Windows\System32\WSDMon.dll
2013-01-09 23:23:16    1964544    ----a-w-    C:\Windows\System32\wlidsvc.dll
2013-01-09 23:23:14    594944    ----a-w-    C:\Windows\System32\Windows.Networking.dll
2013-01-09 23:23:14    406016    ----a-w-    C:\Windows\System32\Windows.Media.dll
2013-01-09 23:23:07    1886208    ----a-w-    C:\Windows\System32\setupapi.dll
2013-01-09 23:23:05    728064    ----a-w-    C:\Windows\System32\samsrv.dll
2013-01-09 23:22:53    464384    ----a-w-    C:\Windows\System32\netprofmsvc.dll
2013-01-09 23:22:53    151040    ----a-w-    C:\Windows\System32\netprofm.dll
2013-01-09 23:22:43    1120768    ----a-w-    C:\Windows\System32\msctf.dll
2013-01-09 23:22:41    666112    ----a-w-    C:\Windows\System32\MP4SDECD.DLL
2013-01-09 23:22:35    438272    ----a-w-    C:\Windows\System32\lsm.dll
2013-01-09 23:22:29    894464    ----a-w-    C:\Windows\System32\iphlpsvc.dll
2013-01-09 23:22:29    159232    ----a-w-    C:\Windows\System32\inetpp.dll
2013-01-09 23:22:26    49152    ----a-w-    C:\Windows\System32\drivers\UMDF\HidBthLE.dll
2013-01-09 23:22:05    1918464    ----a-w-    C:\Windows\System32\wbem\cimwin32.dll
2013-01-09 03:59:47    341504    ----a-w-    C:\Windows\System32\drivers\HdAudio.sys
2013-01-04 05:32:36    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:19:53    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2012-12-20 00:37:37    1775616    ----a-w-    C:\Windows\SysWow64\wininet.dll
2012-12-20 00:37:04    2881536    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2012-12-20 00:37:02    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2012-12-20 00:37:02    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2012-12-20 00:36:50    431616    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2012-12-20 00:29:16    2246656    ----a-w-    C:\Windows\System32\wininet.dll
2012-12-20 00:29:11    907776    ----a-w-    C:\Windows\System32\uxtheme.dll
2012-12-20 00:28:29    3966464    ----a-w-    C:\Windows\System32\jscript9.dll
2012-12-20 00:28:26    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2012-12-20 00:28:04    39936    ----a-w-    C:\Windows\apppatch\apppatch64\acspecfc.dll
2012-12-19 12:53:35    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2012-12-19 12:53:35    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2012-12-19 12:53:35    29480    ----a-w-    C:\Windows\SysWow64\msxml3a.dll
2012-12-19 12:47:47    0    ----a-w-    C:\Windows\ativpsrm.bin
2012-12-18 01:56:27    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2012-12-16 08:28:20    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 08:20:01    35328    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-16 08:08:33    362496    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 07:57:09    300032    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-11 10:45:32    59    ----a-w-    C:\Windows\System32\SupportTool.exe.bat
2012-12-11 10:24:23    2893824    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2012-12-11 10:24:23    2400256    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2012-12-11 10:23:48    68608    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2012-12-11 10:23:48    446976    ----a-w-    C:\Windows\System32\wwansvc.dll
2012-12-11 10:23:05    76288    ----a-w-    C:\Windows\System32\newdev.exe
2012-12-11 10:23:05    75264    ----a-w-    C:\Windows\System32\ndadmin.exe
2012-12-11 10:23:05    74240    ----a-w-    C:\Windows\SysWow64\newdev.exe
2012-12-11 10:23:05    73728    ----a-w-    C:\Windows\SysWow64\ndadmin.exe
2012-12-11 10:23:05    301568    ----a-w-    C:\Windows\System32\newdev.dll
2012-12-11 10:23:05    275968    ----a-w-    C:\Windows\SysWow64\newdev.dll
2012-12-11 09:43:52    6144    ----a-w-    C:\Windows\SysWow64\drivers\fr-FR\fwpkclnt.sys.mui
2012-12-11 09:43:46    6656    ----a-w-    C:\Windows\SysWow64\drivers\fr-FR\ndiscap.sys.mui
2012-12-11 09:43:45    2560    ----a-w-    C:\Windows\SysWow64\drivers\fr-FR\wfplwfs.sys.mui
2012-12-11 09:43:45    15872    ----a-w-    C:\Windows\SysWow64\drivers\fr-FR\NdisImPlatform.sys.mui
2012-12-06 04:23:00    170496    ----a-w-    C:\Windows\System32\TimeBrokerServer.dll
2012-12-06 04:22:59    178176    ----a-w-    C:\Windows\System32\SystemEventsBrokerServer.dll
.
============= FINISH: 21:35:09.22 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 04 March 2013 - 07:28 AM

Hello Gary and welcome to BC forums.

I will be helping you going forward. Please start with the following.

To show all files:
  • Press and hold Windows-key & then press R key to get the RUN menu.
  • Type in
    explorer.exe
    and press Enter
  • When in Windows Explorer, press ALT-key then V key to get VIEW menu
  • Look at the top ribbon, right side. {the Show/Hide block}
  • Look at the line Hidden items. IF it has no checkmark, then Click the box one time so that it is checked.

  • Step 2
    Close any open work documents, if any, saving your work.
    Make sure to close any other programs that you started before.

    Please download Junkware Removal Tool by Thisisu to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and display information and disclaimer in a Command prompt window.
  • I'd suggest you close all internet browsers at this point.
  • Press a key on keyboard to start scanning your system.
  • Please be very patient as this will take several minutes to complete, depending on your system's specifications.
  • There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
  • Please post the contents of JRT.txt into a new reply.
  • Re-enable your security software.
  • Step 3
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller
  • And tell me, How is the system now?

  • [/list]
  • [/list]

Edited by Maurice Naggar, 04 March 2013 - 07:31 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 07 March 2013 - 08:30 AM

Hello Garyc,

Are you still with us? Have you resolved your issue?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#4 GaryC1983

GaryC1983
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 09 March 2013 - 05:05 PM

Hi Maurice,

 

Thank you for the quick response! Sorry I've been away from my computer the past couple days. Internet Explorer is running better now, there's no Delta Search bar anymore so that's a plus.

Here are my logs:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 8 x64
Ran by Gary Coleman on Sat 03/09/2013 at 13:38:47.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2429650340-2852735031-2073508169-1001\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Gary Coleman\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Gary Coleman\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Gary Coleman\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Gary Coleman\AppData\Roaming\mozilla\firefox\profiles\aea9v9nd.default\user.js
Successfully deleted: [File] C:\Users\Gary Coleman\AppData\Roaming\mozilla\firefox\profiles\aea9v9nd.default\searchplugins\delta.xml
Successfully deleted the following from C:\Users\Gary Coleman\AppData\Roaming\mozilla\firefox\profiles\aea9v9nd.default\prefs.js

user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119520&babsrc=NT_ss&mntrId=92069a21000000000000243c200783e8");
user_pref("extensions.crossrider.bic", "13ce80336b66a78a69a70e6cd3adb986");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "92069a21000000000000243c200783e8");
user_pref("extensions.delta.instlDay", "15753");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.03:57:01");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("extensions.helperbar.SmartbarDisabled", true);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Emptied folder: C:\Users\Gary Coleman\AppData\Roaming\mozilla\firefox\profiles\aea9v9nd.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/09/2013 at 13:43:18.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

RogueKiller V8.5.2 [Mar  9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Gary Coleman [Admin rights]
Mode : Scan -- Date : 03/09/2013 13:54:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA DT01ACA100 +++++
--- User ---
[MBR] 3c5a836ee74f74e2e2f034115dcfa23c
[BSP] e7490a0d97a0600244921eca8a06e16e : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03092013_02d1354.txt >>
RKreport[1]_S_03092013_02d1354.txt


 



#5 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 09 March 2013 - 06:29 PM

Hello Gary,
Do as much as possible of the following.
  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.

    Put a check next to all of these and uncheck the rest: (if found)
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.
  • Step 2
    Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

    If your are running Windows XP, double click adwcleaner.exe to start it.
    Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

    Now click on the Search tab.
    Please post the contents of the log-file created in your next post.

    Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

    Step 3
    Using Internet Explorer browser (only!) go to http://support.microsoft.com/kb/923737
    [ignore any DOES NOT APPLY warning as well as the APPLIES TO section],
    run the Fix It and then reboot.

    Tip: For optimal results, enable the Delete personal settings option.

    Step 4
    You have TrendMicro Titanuium installed.
    Do an Update run.
    Then do a full system scan.
    Let me know the results.

    Make sure that Trend Micro is Enabled.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 11 March 2013 - 01:47 PM

Gary,
How is it going? Are you still with us?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 GaryC1983

GaryC1983
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 12 March 2013 - 02:23 AM

Hi Maurice,

 

I was able to do the RogueKiller and Adwcleaner steps however I wasn't able to run the FixIt program. It does not support Windows 8. Also, the Trend Micro that I had was a trial and just expired. Here are my logs, can you recommend a good free antivirus and firewall?? Thanks for your help Maurice, I appreciate it. :thumbup2:

 

 

RogueKiller V8.5.2 [Mar  9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Gary Coleman [Admin rights]
Mode : Remove -- Date : 03/11/2013 23:03:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA DT01ACA100 +++++
--- User ---
[MBR] 3c5a836ee74f74e2e2f034115dcfa23c
[BSP] e7490a0d97a0600244921eca8a06e16e : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03112013_02d2303.txt >>
RKreport[1]_S_03112013_02d2302.txt ; RKreport[2]_D_03112013_02d2303.txt
 

 

 

 

# AdwCleaner v2.114 - Logfile created 03/11/2013 at 23:15:27
# Updated 05/03/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Gary Coleman - DAVINCI2
# Boot Mode : Normal
# Running from : C:\Users\Gary Coleman\Desktop\Security\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Gary Coleman\AppData\Local\Lucky Savings

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Gary Coleman\AppData\Roaming\Mozilla\Firefox\Profiles\aea9v9nd.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1089 octets] - [11/03/2013 23:15:27]

########## EOF - C:\AdwCleaner[R1].txt - [1149 octets] ##########


 



#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 12 March 2013 - 10:29 AM

Uninstall TrendMicro and reboot and turn on Windows 8 Windows Defender.
To uninstall:
At the Start screen, type
appwiz.cpl
You'll see a result showing it. Do a right-click on the item and then at the bottom, click on Run as Administrator.
Locate Trend Micro in the list of installed programs.
Select all TrendMicro and uninstall.

When done, logoff and restart the system.
After WIN8 reloads, go to Control Panel >> Action Center
Turn ON Windows Defender.
WIN8 Windows Defender is the built-in antivirus for your system.

Next
  • Close any open documents/programs & all internet browsers you have running.
  • Please start AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  • Note: You can find the logfile at C:\AdwCleaner[S1]
  • And tell me, How is your system now ?

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 GaryC1983

GaryC1983
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 12 March 2013 - 10:54 PM

Hi Maurice,

 

System seems to be running fine now. Do you recommend using Windows Defender over another free antivirus such as Avira or AVG?? Should I get a different free firewall such as ZoneAlarm?? I'm not sure how secure the built-in tools of Win8 are. Thanks Maurice! Here is my log.

 

# AdwCleaner v2.114 - Logfile created 03/12/2013 at 19:46:57
# Updated 05/03/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Gary Coleman - DAVINCI2
# Boot Mode : Normal
# Running from : C:\Users\Gary Coleman\Desktop\Security\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Gary Coleman\AppData\Local\Lucky Savings

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Gary Coleman\AppData\Roaming\Mozilla\Firefox\Profiles\aea9v9nd.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1214 octets] - [11/03/2013 23:15:27]
AdwCleaner[S1].txt - [1159 octets] - [12/03/2013 19:46:57]

########## EOF - C:\AdwCleaner[S1].txt - [1219 octets] ##########
 



#10 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 13 March 2013 - 11:08 AM

You noted

System seems to be running fine now. Do you recommend using Windows Defender over another free antivirus such as Avira or AVG?? Should I get a different free firewall such as ZoneAlarm?? I'm not sure how secure the built-in tools of Win8 are.

The Windows 8 tools are the best versions ever since previous Windows. Stay with Windows Defender.
AVG has long since seen it's best effective days several years back, and I do not recommend them.
AFAIK, Avira is not compliant with WIN8. I have not seen Win8 as a supported platform in Avira's requirements list.

Please stick with Windows Defender. remember, this is a full-blown antivirus, with some anti-malware as well. The WIN8 Windows Defender is really an evolution from MS Security Essentials, but more than what the old one used to have,

If you decide, you may also get and install MalwareBytes MBAM for more comprehensive protection.
http://download.bleepingcomputer.com/malwarebytes/mbam-setup-1.70.0.1100.exe

I have Windows Defender + MBAM PRO running on my Windows 8 system.

As to ZoneAlarm: ix/nix ZA is past it's heydey, plus, I have seen compatibility issues with it not getting along with other security apps.
Please stay with the Windows firewall, and do use a hardware router in your home setup.

If all is well, we can then wrap this up.
Delete DDS off your Desktop.
Also delete
Jrt.exe
adwcleaner.exe
roguekiller.exe


Safer practices & malware prevention
  • See Six tips to help you stay safer online
  • Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  • We are finished here. Best regards. cool.gif

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#11 GaryC1983

GaryC1983
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 13 March 2013 - 02:57 PM

Thanks so much Maurice!! You're the best! :bananas:



#12 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 16 March 2013 - 09:30 AM

wave.gif Gary,

You are very welcome. Cheers.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users