Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential Delta Virus or Other Malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 Fraser93

Fraser93

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 31 July 2013 - 07:46 PM

Hello,

 

I've tried to read through as much information as possible and do some stuff myself before posting here but I can't seem to fix the problems I've been having so feel I need to ask for help. A while ago, near the end of May (unfortunately I cannot remember the date) I became infected with what I believe to be the Delta virus (changed home page, installed tool bar etc) and I believed I had removed it but since then my browser has been running extremely slowly, struggling to open pages let alone stream videos. I have used speedtest, attaining around 7Mbs last week but now, whether it is time related or not I amn't sure as it's almost 2AM, I am only getting 0.5-1.2 which seems extremely low. I imagine there is something I have neglected to mention but I will be happy to answer any questions.

 

Your help is much appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Fraser at 1:28:22 on 2013-08-01
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.7650.4118 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Windows\System32\Taskmgr.exe
C:\Windows\system32\wwahost.exe
C:\Program Files\WindowsApps\microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\BackgroundTransferHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Facebook Update] "C:\Users\Fraser\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7199E4FF-3271-4960-8287-9AF4D5E7CFF4} : DHCPNameServer = 82.132.254.2 82.132.254.3
TCP: Interfaces\{96DBCEF5-2BDF-48A1-86B6-6D9E7AA42C22} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{96DBCEF5-2BDF-48A1-86B6-6D9E7AA42C22}\2445F40756E6A7F6E656D224 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{96DBCEF5-2BDF-48A1-86B6-6D9E7AA42C22}\6796277696E6D65646961653536393033333 : NameServer = 108.67.222.222
TCP: Interfaces\{96DBCEF5-2BDF-48A1-86B6-6D9E7AA42C22}\6796277696E6D65646961653536393033333 : DHCPNameServer = 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fraser\AppData\Roaming\Mozilla\Firefox\Profiles\znrbj7wd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.co.uk/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Fraser\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 3a51a62d00000000000012689d98bc2e
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15884
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.518:59:42
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121562&tt=250613_gr2&tsp=4927
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-6-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-6-17 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-17 1393240]
R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\Drivers\MCLIENTx64\0302000.013\ccSetx64.sys [2013-3-8 168096]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-17 169048]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-1-18 92536]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130730.001\IDSviA64.sys [2013-7-31 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-6-17 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-6-17 433752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-1-18 199008]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-18 2451456]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-14 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-14 701512]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe [2013-3-8 143928]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2013-6-17 4241280]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-11 1900728]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-18 98472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-14 138912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-7-14 25928]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-1-18 269968]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-1-18 690832]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-1-18 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-6-17 23448]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-3-9 49152]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
S3 iscFlash;iscFlash;C:\SWSetup\sp60936\iscflashx64.sys [2013-6-9 69216]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\Drivers\netaapl64.sys [2012-9-10 22528]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-8-11 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-11 43832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-07-31 23:58:07    --------    d-----w-    C:\ProgramData\boost_interprocess
2013-07-31 23:57:50    --------    d-----w-    C:\ProgramData\Symantec
2013-07-31 23:57:50    --------    d-----w-    C:\Program Files (x86)\Symantec
2013-07-25 16:32:43    --------    d-----w-    C:\Program Files (x86)\SpeedFan
2013-07-16 22:37:59    67584    ----a-w-    C:\Windows\SysWow64\samlib.dll
2013-07-16 22:37:59    37632    ----a-w-    C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-07-16 22:37:59    194816    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-07-16 22:37:59    190976    ----a-w-    C:\Windows\System32\vdsutil.dll
2013-07-16 22:37:59    125184    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-07-14 13:34:12    6085632    ----a-w-    C:\Windows\System32\stlang64.dll
2013-07-14 13:34:12    426328    ----a-w-    C:\Windows\System32\EED64A.dll
2013-07-14 13:34:12    3308376    ----a-w-    C:\Windows\System32\EEP64A.dll
2013-07-14 13:34:12    1821184    ----a-w-    C:\Windows\System32\IDTNC64.cpl
2013-07-14 13:34:12    1664000    ----a-w-    C:\Windows\sttray64.exe
2013-07-14 13:34:12    136024    ----a-w-    C:\Windows\System32\EEL64A.dll
2013-07-14 13:34:12    118104    ----a-w-    C:\Windows\System32\EEA64A.dll
2013-07-14 13:34:09    --------    d-----w-    C:\Windows\System32\SRSLabs
2013-07-14 13:32:17    542208    ----a-w-    C:\Windows\System32\drivers\stwrt64.sys
2013-07-14 13:32:16    499200    ----a-w-    C:\Windows\System32\stcplx64.dll
2013-07-14 13:32:14    2188800    ----a-w-    C:\Windows\System32\stapo64.dll
2013-07-14 13:32:13    671744    ------w-    C:\Windows\System32\stapi64.dll
2013-07-14 13:32:13    255488    ----a-w-    C:\Windows\System32\st646425.dll
2013-07-14 11:01:13    --------    d-----w-    C:\Users\Fraser\AppData\Roaming\Malwarebytes
2013-07-14 11:00:48    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-07-14 11:00:46    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-07-14 11:00:46    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 01:23:07    2035200    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-11 01:23:07    1617920    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 01:23:07    1318912    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 01:23:07    1306112    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 01:23:07    1272320    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 01:23:06    1413632    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-11 01:23:06    1029632    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-11 01:22:42    1838080    ----a-w-    C:\Windows\System32\DWrite.dll
2013-07-11 01:22:42    1421312    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-07-11 01:22:27    595968    ----a-w-    C:\Windows\System32\qedit.dll
2013-07-11 01:22:27    496640    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-07-11 01:22:25    4036096    ----a-w-    C:\Windows\System32\win32k.sys
2013-07-11 01:22:20    19187712    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-11 01:22:19    18523648    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-04 14:50:13    92056    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
.
==================== Find3M  ====================
.
2013-06-27 22:04:51    78200    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51    693112    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-20 22:36:33    177312    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-16 22:41:31    997632    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-06-16 16:26:57    264432    ----a-w-    C:\Windows\System32\SynTPAPI.dll
2013-06-16 16:26:57    192240    ----a-w-    C:\Windows\System32\SynTPCo18.dll
2013-06-16 16:26:57    151280    ----a-w-    C:\Windows\SysWow64\SynTPCom.dll
2013-06-16 16:26:56    495856    ----a-w-    C:\Windows\System32\drivers\SynTP.sys
2013-06-16 16:26:44    544496    ----a-w-    C:\Windows\SysWow64\SynCom.dll
2013-06-16 16:26:44    1060080    ----a-w-    C:\Windows\System32\SynCOM.dll
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 17:56:11    17617288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-01 11:34:21    2391280    ----a-w-    C:\Windows\explorer.exe
2013-06-01 11:33:13    2233600    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35    337152    ----a-w-    C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35    213248    ----a-w-    C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33    327936    ----a-w-    C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31    6987008    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46    2106176    ----a-w-    C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:24:19    493056    ----a-w-    C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09    850944    ----a-w-    C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09    1453568    ----a-w-    C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46    1842176    ----a-w-    C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06    680960    ----a-w-    C:\Windows\System32\vds.exe
2013-06-01 09:22:47    80896    ----a-w-    C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33    523264    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33    446976    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-06-01 09:21:39    729600    ----a-w-    C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39    106496    ----a-w-    C:\Windows\System32\samlib.dll
2013-06-01 09:20:45    583168    ----a-w-    C:\Windows\System32\mscms.dll
2013-06-01 09:20:34    1527808    ----a-w-    C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34    1048576    ----a-w-    C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04    2219520    ----a-w-    C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58    207872    ----a-w-    C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42    785408    ----a-w-    C:\Windows\System32\audiosrv.dll
2013-05-24 22:09:20    1403296    ----a-w-    C:\Windows\System32\winload.efi
2013-05-24 22:09:20    1271584    ----a-w-    C:\Windows\System32\winload.exe
2013-05-24 22:09:20    1217352    ----a-w-    C:\Windows\System32\winresume.efi
2013-05-24 22:09:20    1093904    ----a-w-    C:\Windows\System32\winresume.exe
2013-05-23 23:01:46    1300992    ----a-w-    C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-05-23 05:25:28    1139800    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-05-21 05:02:00    493656    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-05-16 05:02:14    796760    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-05-15 22:37:03    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-05-15 22:35:47    144384    ----a-w-    C:\Windows\System32\tssdisai.dll
2013-05-15 02:25:59    888320    ----a-w-    C:\Windows\System32\autochk.exe
2013-05-15 02:25:44    542208    ----a-w-    C:\Windows\System32\untfs.dll
2013-05-15 02:24:10    793088    ----a-w-    C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01    482816    ----a-w-    C:\Windows\SysWow64\untfs.dll
2013-05-14 13:14:01    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-04 07:58:17    120736    ----a-w-    C:\Windows\System32\AuthHost.exe
2013-05-04 07:34:17    446720    ----a-w-    C:\Windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:15    284416    ----a-w-    C:\Windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56    39424    ----a-w-    C:\Windows\System32\wuapp.exe
2013-05-04 06:59:51    1483776    ----a-w-    C:\Windows\System32\VSSVC.exe
2013-05-04 06:59:36    812544    ----a-w-    C:\Windows\System32\Magnify.exe
2013-05-04 06:59:25    98304    ----a-w-    C:\Windows\System32\wudriver.dll
2013-05-04 06:59:25    251904    ----a-w-    C:\Windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25    141824    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-05-04 06:59:24    1619968    ----a-w-    C:\Windows\System32\wucltux.dll
2013-05-04 06:59:21    2842112    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-05-04 06:59:08    13644288    ----a-w-    C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54    328192    ----a-w-    C:\Windows\System32\ubpm.dll
2013-05-04 06:58:54    10116096    ----a-w-    C:\Windows\System32\twinui.dll
2013-05-04 06:58:49    173568    ----a-w-    C:\Windows\System32\storewuauth.dll
2013-05-04 06:58:49    1332736    ----a-w-    C:\Windows\System32\sysmain.dll
2013-05-04 06:58:48    330240    ----a-w-    C:\Windows\System32\stobject.dll
2013-05-04 06:58:28    93696    ----a-w-    C:\Windows\System32\psmsrv.dll
2013-05-04 06:58:02    470528    ----a-w-    C:\Windows\System32\netprofmsvc.dll
2013-05-04 06:58:02    151552    ----a-w-    C:\Windows\System32\netprofm.dll
2013-05-04 06:58:01    169984    ----a-w-    C:\Windows\System32\netplwiz.dll
2013-05-04 06:57:59    17408    ----a-w-    C:\Windows\System32\muifontsetup.dll
2013-05-04 06:57:46    560640    ----a-w-    C:\Windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15    501760    ----a-w-    C:\Windows\System32\DevicePairing.dll
2013-05-04 06:57:05    179712    ----a-w-    C:\Windows\System32\bisrv.dll
2013-05-04 06:57:05    122368    ----a-w-    C:\Windows\System32\biwinrt.dll
2013-05-04 06:57:04    389120    ----a-w-    C:\Windows\System32\BCP47Langs.dll
2013-05-04 06:57:04    2305024    ----a-w-    C:\Windows\System32\authui.dll
2013-05-04 06:57:00    708096    ----a-w-    C:\Windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00    1131520    ----a-w-    C:\Windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53    419840    ----a-w-    C:\Windows\System32\intl.cpl
2013-05-04 04:58:34    34304    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-05-04 04:58:14    758784    ----a-w-    C:\Windows\SysWow64\Magnify.exe
2013-05-04 04:58:02    83968    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-05-04 04:58:02    125952    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-05-04 04:57:58    2620928    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-04 04:57:49    10788864    ----a-w-    C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39    8857088    ----a-w-    C:\Windows\SysWow64\twinui.dll
2013-05-04 04:57:39    247296    ----a-w-    C:\Windows\SysWow64\ubpm.dll
2013-05-04 04:57:35    303616    ----a-w-    C:\Windows\SysWow64\stobject.dll
2013-05-04 04:57:16    18432    ----a-w-    C:\Windows\SysWow64\npmproxy.dll
2013-05-04 04:57:04    151040    ----a-w-    C:\Windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04    115712    ----a-w-    C:\Windows\SysWow64\netprofm.dll
.
============= FINISH:  1:29:04.97 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 PM

Posted 03 August 2013 - 10:25 AM

Hello Fraser93,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Run%20as%20admin.png
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.
2.
Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on.

Please download Junkware Removal Tool to your desktop.
  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.
Things to include in your next reply::
AdwCleaner txt
JRT.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Fraser93

Fraser93
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 03 August 2013 - 04:04 PM

# AdwCleaner v2.306 - Logfile created 08/03/2013 at 21:43:03
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Fraser - FRASER-PC
# Boot Mode : Normal
# Running from : C:\Users\Fraser\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\boost_interprocess
File Deleted : C:\Users\Fraser\AppData\Roaming\Mozilla\Firefox\Profiles\znrbj7wd.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Fraser\AppData\Roaming\Mozilla\Firefox\Profiles\znrbj7wd.default\bprotector_prefs.js
File Deleted : C:\Users\Fraser\AppData\Roaming\Mozilla\Firefox\Profiles\znrbj7wd.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Fraser\AppData\Roaming\Mozilla\Firefox\Profiles\znrbj7wd.default\searchplugins\delta.xml
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\Users\Fraser\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Fraser\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Fraser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Fraser\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\5857dbd8e53aee15
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5857dbd8e53aee15
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Fraser\AppData\Roaming\Mozilla\Firefox\Profiles\znrbj7wd.default\prefs.js

C:\Users\Fraser\AppData\Roaming\Mozilla\Firefox\Profiles\znrbj7wd.default\user.js ... Deleted !

Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "3a51a62d00000000000012689d98bc2e");
Deleted : user_pref("extensions.delta.instlDay", "15884");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.518:59:42");
Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=121562&tt=250613_gr2&tsp=4927");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[S1].txt - [296 octets] - [03/08/2013 21:41:19]
AdwCleaner[S2].txt - [4339 octets] - [03/08/2013 21:43:03]

########## EOF - C:\AdwCleaner[S2].txt - [4399 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.1 (08.02.2013:3)
OS: Windows 8 x64
Ran by Fraser on 03/08/2013 at 21:54:12.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8E805679-AD2E-430A-8FEF-7F95E3F96A85}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{8E805679-AD2E-430A-8FEF-7F95E3F96A85}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Successfully deleted: [File] C:\Users\Fraser\AppData\Roaming\mozilla\firefox\profiles\znrbj7wd.default\invalidprefs.js
Emptied folder: C:\Users\Fraser\AppData\Roaming\mozilla\firefox\profiles\znrbj7wd.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/08/2013 at 22:01:15.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

My browser doesn't appear to be running that much quicker, although I have only spent a few minutes trying different sites etc.

 

Thanks,

 

Fraser



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 PM

Posted 04 August 2013 - 11:28 AM

1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 PM

Posted 12 August 2013 - 04:04 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users