Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked? among other things. :(


  • Please log in to reply
15 replies to this topic

#1 Big Chumpy

Big Chumpy

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 21 May 2015 - 02:44 AM

Hi.

Yesterday I installed a dodgy bit of software (it has since been removed) and now I have all sorts of trouble. :oopsign:

First I noticed that some random programs had installed and were running in the bottom right of Windows 7 screen.

I freaked out and uninstalled them in Control Panel.

Did a virus scan with Microsoft Security Essentials and SuperAntiSpyware. It found a Trojan or 2 and a heap of PUPs but cleaned them up without a problem.

Now whenever I go to my Internet Browser, it defaults back to this homepage:

http://www.delta-homes.com/?type=hp&ts=1432167010&z=dcfea189d448877b0b1a1d7g8z7c8o9g8q7m1edg3q&from=wpm05203&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237

If I change the homepage it changes back whenever I restart the browser.

I was using Firefox but uninstalled it to try to rid myself of the problem. IE is doing exactly the same thing.

 

Can someone help me please.



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:17 AM

Posted 21 May 2015 - 02:46 AM

Hello :) I will assist you with the removal.

Please follow the instructions below. If you don't understand anything, feel free to stop and ask.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#3 manukkd

manukkd

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 21 May 2015 - 07:12 AM

Please try this method

 

Right click internet explorer > Properties > Target Location>, please delete any content after the original path

 

Original: "C:\Program Files (x86)\Internet Explorer\iexplore.exe"



#4 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 21 May 2015 - 11:15 PM

Hi Alex,

Thanks for the help.

 

Minitoolbox results below:

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Big Chumpy (administrator) on 22-05-2015 at 14:01:41
Running from "C:\Users\Big Chumpy\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.backup.ftp", ""
"network.proxy.backup.ftp_port", 0
"network.proxy.backup.socks", ""
"network.proxy.backup.socks_port", 0
"network.proxy.backup.ssl", ""
"network.proxy.backup.ssl_port", 0
"network.proxy.ftp", "192.151.153.26"
"network.proxy.ftp_port", 8008
"network.proxy.http", "192.151.153.26"
"network.proxy.http_port", 8008
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "192.151.153.26"
"network.proxy.socks_port", 8008
"network.proxy.ssl", "192.151.153.26"
"network.proxy.ssl_port", 8008

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : A-LA-PUTA
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 20-CF-30-EA-D2-2D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8044:4a5e:c603:451c%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, 22 May 2015 1:53:06 PM
   Lease Expires . . . . . . . . . . : Friday, 22 May 2015 2:53:05 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 237031216
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-9B-93-4A-20-CF-30-EA-D2-2D
   DNS Servers . . . . . . . . . . . : 208.67.220.222
                                       208.67.220.220
                                       198.142.235.14
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  resolver4.opendns.com
Address:  208.67.220.222

Name:    google.com
Addresses:  2404:6800:4004:806::1007
   198.142.186.247
   198.142.186.227
   198.142.186.232
   198.142.186.221
   198.142.186.236
   198.142.186.212
   198.142.186.222
   198.142.186.216
   198.142.186.241
   198.142.186.217
   198.142.186.231
   198.142.186.246
   198.142.186.242
   198.142.186.237
   198.142.186.226
   198.142.186.251

Pinging google.com [198.142.186.178] with 32 bytes of data:
Reply from 198.142.186.178: bytes=32 time=11ms TTL=60
Reply from 198.142.186.178: bytes=32 time=14ms TTL=60

Ping statistics for 198.142.186.178:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 14ms, Average = 12ms
Server:  resolver4.opendns.com
Address:  208.67.220.222

Name:    yahoo.com
Addresses:  98.139.183.24
   98.138.253.109
   206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=192ms TTL=49
Reply from 206.190.36.45: bytes=32 time=192ms TTL=49

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 192ms, Maximum = 192ms, Average = 192ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...20 cf 30 ea d2 2d ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    266
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    266
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    266 fe80::/64                On-link
 10    266 fe80::8044:4a5e:c603:451c/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/21/2015 10:10:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x12b4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/21/2015 10:10:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1240
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/19/2015 10:21:07 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.

Error: (05/13/2015 05:32:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: GTA5.exe, version: 1.0.323.1, time stamp: 0x5527f187
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000027fd8272e
Faulting process id: 0xf00
Faulting application start time: 0xGTA5.exe0
Faulting application path: GTA5.exe1
Faulting module path: GTA5.exe2
Report Id: GTA5.exe3

Error: (05/13/2015 04:02:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: GTA5.exe, version: 1.0.323.1, time stamp: 0x5527f187
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000027f8f272e
Faulting process id: 0x1614
Faulting application start time: 0xGTA5.exe0
Faulting application path: GTA5.exe1
Faulting module path: GTA5.exe2
Report Id: GTA5.exe3

Error: (05/13/2015 03:39:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: GTA5.exe, version: 1.0.323.1, time stamp: 0x5527f187
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000002800d272e
Faulting process id: 0x65c
Faulting application start time: 0xGTA5.exe0
Faulting application path: GTA5.exe1
Faulting module path: GTA5.exe2
Report Id: GTA5.exe3

Error: (05/13/2015 10:20:09 AM) (Source: MsiInstaller) (User: A-LA-PUTA)
Description: Product: Adobe Reader XI (11.0.10) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011011}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (04/30/2015 10:00:02 PM) (Source: Application Hang) (User: )
Description: The program GTA5.exe version 1.0.323.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b78

Start Time: 01d0833cf8438972

Termination Time: 1654

Application Path: D:\Grand Theft Auto V\GTA5.exe

Report Id:

Error: (04/30/2015 09:59:50 PM) (Source: Application Hang) (User: )
Description: The program GTA5.exe version 1.0.323.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7d8

Start Time: 01d0833cef8d565a

Termination Time: 1265

Application Path: D:\Grand Theft Auto V\GTA5.exe

Report Id:

Error: (04/30/2015 09:59:36 PM) (Source: Application Hang) (User: )
Description: The program GTA5.exe version 1.0.323.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 984

Start Time: 01d0833cf7432cb1

Termination Time: 730

Application Path: D:\Grand Theft Auto V\GTA5.exe

Report Id:

System errors:
=============
Error: (05/20/2015 02:27:39 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (05/20/2015 02:27:36 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/20/2015 02:21:56 PM) (Source: Service Control Manager) (User: )
Description: The sRqZpySZCPP service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/20/2015 11:33:28 AM) (Source: Service Control Manager) (User: )
Description: The steg service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/20/2015 11:33:04 AM) (Source: Service Control Manager) (User: )
Description: The Cokes Sylph Bake service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/19/2015 10:27:41 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (05/19/2015 10:27:38 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/19/2015 10:17:42 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/19/2015 10:17:42 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%886

 Error Code: 0x80070005

 Error description: Access is denied.

 Reason: %%892

Error: (05/16/2015 10:21:04 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Any Video Converter 5.6.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2013.0927.0231 - F5 Networks, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{9580B609-F52D-4546-9045-1EB5B330CB0C}) (Version: 2.24.0 - Kovid Goyal)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CX4300_5500_DX4400 manual (HKLM-x32\...\CX4300_5500_DX4400 manual) (Version:  - )
Dead State - Reanimated (HKLM-x32\...\Dead State - Reanimated_is1) (Version:  - )
Dont Starve - Reign of Giants (HKLM-x32\...\Dont Starve - Reign of Giantsv1.102572) (Version: v1.102572 - Klei Entertainment)
Driver Magician 4.3 (HKLM-x32\...\Driver Magician_is1) (Version:  - GoldSolution Software, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dying Light Update v1.5.1 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
EPSON Attach To Email (HKLM-x32\...\{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.2.0.0 - )
EPSON Easy Photo Print (HKLM-x32\...\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}) (Version: 1.4.2.0 - )
EPSON File Manager (HKLM-x32\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
Firies Friend 2004 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Full Mojo Rampage (HKLM-x32\...\Full Mojo Rampage_is1) (Version:  - )
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPGNet (HKLM-x32\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version: 1.0.323.1 - RePack by Sinker)
Grand Theft Auto V update version 1.0.335.2 (HKLM-x32\...\{4959470E-EDAC-4710-A636-276D79A81B94}_is1) (Version: 1.0.335.2 - Rockstar Games)
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version:  - )
Minecraft (HKLM-x32\...\{EE86B096-68AE-49DE-8B1B-346949}_is1) (Version:  - )
Minecraft1.6.1 (HKLM-x32\...\Minecraft1.6.1) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.91.1119.2014 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version:  - Microsoft Studios)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 17.12.8 - NVIDIA Corporation) Hidden
SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Stronghold Crusader 2 (HKLM-x32\...\Stronghold Crusader 2_is1) (Version:  - )
Styx: Master of Shadows (HKLM-x32\...\U3R5eE1hc3Rlcm9mU2hhZG93cw==_is1) (Version: 1 - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Supreme Commander (HKLM-x32\...\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}) (Version: 1.00.0000 - Gas Powered Games)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.0.0.1 - GOG.com)
This War of Mine v1.2.2 version 1.2.2 (HKLM-x32\...\This War of Mine v1.2.2_is1) (Version: 1.2.2 - WHITEPULCIBOX)
Trials Fusion - After the Incident (HKLM-x32\...\Trials Fusion - After the Incident_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wasteland 2, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Wasteland 2_is1) (Version: 1.0.0.0 - RePack by SEYTER)
WD Discovery (HKLM-x32\...\{02DC675D-4BA4-40D9-A94D-6895D07C7419}) (Version: 102.0.0.116 - Western Digital Technologies, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 4094.05 MB
Available physical RAM: 2404.91 MB
Total Pagefile: 10233.26 MB
Available Pagefile: 8320.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3979.46 MB

========================= Partitions: =====================================

1 Drive c: (SSD) (Fixed) (Total:111.69 GB) (Free:53.56 GB) NTFS
2 Drive d: (Games) (Fixed) (Total:976.56 GB) (Free:755.32 GB) NTFS
3 Drive e: (Storage) (Fixed) (Total:886.45 GB) (Free:827.95 GB) NTFS
4 Drive f: (SupCom1EFIS) (CDROM) (Total:6.1 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\A-LA-PUTA

Administrator            Big Chumpy               Guest                   

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

19-05-2015 00:29:47 Windows Update
20-05-2015 04:15:24 Windows Update

**** End of log ****

 

 

 

And the Security Check results:

 

 Results of screen317's Security Check version 1.002 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.169 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#5 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 21 May 2015 - 11:20 PM

Hi manukkd,

I checked this and the homepage link I originally posted was tacked on after the original path.

Please try this method

 

Right click internet explorer > Properties > Target Location>, please delete any content after the original path

 

Original: "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

I changed it but unfortunately every time I restart IE it puts it back on.



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:17 AM

Posted 22 May 2015 - 01:51 AM

Hi there,

Please run this.

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Regards,
Alex

#7 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 22 May 2015 - 06:04 AM

Nothing in there that I want (not that I recognise anyway)

 

 

# AdwCleaner v4.205 - Logfile created 22/05/2015 at 20:58:09
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Big Chumpy - A-LA-PUTA
# Running from : C:\Users\Big Chumpy\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : IHProtect Service
Service Found : WindowsMangerProtect
Service Found : {2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Big Chumpy\AppData\Roaming\Mozilla\Firefox\Profiles\ub4eeyfs.default\searchplugins\delta-homes.xml
File Found : C:\Windows\System32\drivers\{2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64.sys
Folder Found : C:\Program Files (x86)\XTab
Folder Found : C:\ProgramData\227dbd030000601e
Folder Found : C:\ProgramData\5298617176062201310
Folder Found : C:\ProgramData\IHProtectUpDate
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\Big Chumpy\AppData\Local\eSupport.com
Folder Found : C:\Users\Big Chumpy\AppData\Roaming\Mozilla\Firefox\Profiles\ub4eeyfs.default\Extensions\quick_searchff@gmail.com
Folder Found : C:\Users\Big Chumpy\AppData\Roaming\Mozilla\Firefox\Profiles\ub4eeyfs.default\Extensions\sweetsearch@gmail.com

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1432095543&z=bd271feac6465a0c75b12a6g7zcc0oeedt1w7wdz7z&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\HomeTab
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\SearchProtectWS
Key Found : HKCU\Software\simplytech
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\TNT2
Key Found : HKCU\Software\WajIntEnhance
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\HomeTab
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Found : [x64] HKCU\Software\OCS
Key Found : [x64] HKCU\Software\SearchProtectWS
Key Found : [x64] HKCU\Software\simplytech
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\TNT2
Key Found : [x64] HKCU\Software\WajIntEnhance
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\3a5ee353-96e0-a2c5-3949-88f9b264a53d
Key Found : HKLM\SOFTWARE\AIM Toolbar
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A81E737A17150D040843D72D34240018
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A81E737A17150D040843D72D34240018
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\delta-homesSoftware
Key Found : HKLM\SOFTWARE\FFPluginHp
Key Found : HKLM\SOFTWARE\hdcode
Key Found : HKLM\SOFTWARE\IHProtect
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\istartsurfSoftware
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SpeedBit
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\WajIntEnhance
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A81E737A17150D040843D72D34240018
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1432095543&z=bd271feac6465a0c75b12a6g7zcc0oeedt1w7wdz7z&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1432095543&z=bd271feac6465a0c75b12a6g7zcc0oeedt1w7wdz7z&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1432095543&z=bd271feac6465a0c75b12a6g7zcc0oeedt1w7wdz7z&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1432095543&z=bd271feac6465a0c75b12a6g7zcc0oeedt1w7wdz7z&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237&q={searchTerms}

-\\ Mozilla Firefox v

[ub4eeyfs.default] - Line Found : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[ub4eeyfs.default] - Line Found : user_pref("extensions.quick_start.enable_search1", false);
[ub4eeyfs.default] - Line Found : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [7916 bytes] - [22/05/2015 20:58:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7975 bytes] ##########



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:17 AM

Posted 22 May 2015 - 06:09 AM

Hi there,

Please re-run AdwCleaner and choose Cleaning for all detections. After that click Logfile and it will bring up the cleaning log - please copy that here for review.

After that please run this.

Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Regards,
Alex

#9 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 22 May 2015 - 06:30 AM

Adw Cleaner log:

 

# AdwCleaner v4.205 - Logfile created 22/05/2015 at 21:11:57
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Big Chumpy - A-LA-PUTA
# Running from : C:\Users\Big Chumpy\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : IHProtect Service
[#] Service Deleted : WindowsMangerProtect
Service Deleted : {2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\227dbd030000601e
Folder Deleted : C:\ProgramData\5298617176062201310
Folder Deleted : C:\Program Files (x86)\XTab
Folder Deleted : C:\Users\Big Chumpy\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Big Chumpy\AppData\Roaming\Mozilla\Firefox\Profiles\ub4eeyfs.default\Extensions\sweetsearch@gmail.com
Folder Deleted : C:\Users\Big Chumpy\AppData\Roaming\Mozilla\Firefox\Profiles\ub4eeyfs.default\Extensions\quick_searchff@gmail.com
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\{2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64.sys
File Deleted : C:\Users\Big Chumpy\AppData\Roaming\Mozilla\Firefox\Profiles\ub4eeyfs.default\searchplugins\delta-homes.xml

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com]
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\3a5ee353-96e0-a2c5-3949-88f9b264a53d
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\WajIntEnhance
Key Deleted : HKCU\Software\SearchProtectWS
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\AIM Toolbar
Key Deleted : HKLM\SOFTWARE\FFPluginHp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A81E737A17150D040843D72D34240018
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A81E737A17150D040843D72D34240018
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A81E737A17150D040843D72D34240018
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

[ub4eeyfs.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[ub4eeyfs.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[ub4eeyfs.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [8122 bytes] - [22/05/2015 20:58:09]
AdwCleaner[R1].txt - [8181 bytes] - [22/05/2015 21:11:10]
AdwCleaner[S0].txt - [6564 bytes] - [22/05/2015 21:11:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6623  bytes] ##########

 

 

 

And Junkware Removal Tool log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows 7 Ultimate x64
Ran by Big Chumpy on Fri 22/05/2015 at 21:16:58.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVER MAGICIAN.EXE-CF741595.pf
Successfully deleted: [File] C:\Windows\prefetch\DRIVERMAGICIAN.EXE-2D8E0A6A.pf
Successfully deleted: [File] C:\Windows\prefetch\DRIVERMAGICIAN.TMP-941BA836.pf
Successfully deleted: [File] C:\Windows\prefetch\DRIVERMAGICIAN.TMP-C5390A84.pf

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 22/05/2015 at 21:18:23.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:17 AM

Posted 22 May 2015 - 06:34 AM

Hi there,

Please run these next.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#11 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 22 May 2015 - 07:23 PM

Well that one took a while :)

Results of the 2 scans below

BTW, IE seems back to normal but please continue on if there is more to do.

I can't believe there is so much crap in my computer that was not picked up by AV software.

Any suggestions for better one would be appreciated.

Thanks

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22/05/2015
Scan Time: 9:38:18 PM
Logfile: mal.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.22.01
Rootkit Database: v2015.05.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Big Chumpy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 436398
Time Elapsed: 8 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.Miner, C:\Users\Big Chumpy\AppData\Roaming\Microsoft\Caches\mdm, 2492, Delete-on-Reboot, [466301959eec9a9cf7e965b1d33310f0]

Modules: 0
(No malicious items detected)

Registry Keys: 2
Backdoor.MSIL.PGen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TokyoComicEar, Quarantined, [d4d58016bad0043225a62229bd4532ce],
PUP.Optional.Picexa.A, HKLM\SOFTWARE\WOW6432NODE\PicexaSvc, Quarantined, [6f3af2a4a3e7e551e7acd79eb64f4ab6],

Registry Values: 0
(No malicious items detected)

Registry Data: 3
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.delta-homes.com/?type=hp&ts=1432167010&z=dcfea189d448877b0b1a1d7g8z7c8o9g8q7m1edg3q&from=wpm05203&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts=1432167010&z=dcfea189d448877b0b1a1d7g8z7c8o9g8q7m1edg3q&from=wpm05203&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237),Replaced,[0f9ad9bd91f95fd7b017eb3bab5b20e0]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.delta-homes.com/?type=hp&ts=1432167010&z=dcfea189d448877b0b1a1d7g8z7c8o9g8q7m1edg3q&from=wpm05203&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts=1432167010&z=dcfea189d448877b0b1a1d7g8z7c8o9g8q7m1edg3q&from=wpm05203&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237),Replaced,[03a6e1b52c5efb3b16b102245da951af]
PUP.Optional.Delta.A, HKU\S-1-5-21-622537816-497704580-3340527708-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://search.delta-homes.com/web/?type=ds&ts=1432167010&z=dcfea189d448877b0b1a1d7g8z7c8o9g8q7m1edg3q&from=wpm05203&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237&q={searchTerms}, Good: (www.google.com), Bad: (http://search.delta-homes.com/web/?type=ds&ts=1432167010&z=dcfea189d448877b0b1a1d7g8z7c8o9g8q7m1edg3q&from=wpm05203&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA475223752237&q={searchTerms}),Replaced,[6a3f821435552b0b5b6d11157f87a35d]

Folders: 0
(No malicious items detected)

Files: 7
Trojan.Miner, C:\Users\Big Chumpy\AppData\Roaming\Microsoft\Caches\mdm, Delete-on-Reboot, [466301959eec9a9cf7e965b1d33310f0],
Backdoor.MSIL.PGen, C:\Windows\SysWOW64\atoneardorhints.exe, Quarantined, [d4d58016bad0043225a62229bd4532ce],
PUP.Optional.MultiPlug.Uns, C:\ProgramData\gifter\gifter.exe, Quarantined, [337656407a1072c44308410f58abb050],
PUP.Optional.OpenCandy, C:\Users\Big Chumpy\AppData\Roaming\uTorrent\updates\3.4.0_30596.exe, Quarantined, [f4b51185f298d4627d1495eebf4639c7],
Hacktool.CheatEngine, C:\Users\Big Chumpy\Desktop\Stronghold Crusader 2 V1.0.19066 Trainer +4 MrAntiFun.EXE, Quarantined, [b3f6653168225ed86deeb18b56aaef11],
Backdoor.MSIL.PGen, C:\Windows\Temp\tmp871C.tmp, Quarantined, [b7f2f2a4afdbe15597345dee53afdc24],
Backdoor.MSIL.PGen, C:\Windows\Temp\tmp87C9.tmp, Quarantined, [acfd24728ffb41f5af1c0744d42e32ce],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

And ESET:

 

C:\Users\All Users\steg\steg.exe a variant of MSIL/Packed.Confuser.J potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir Win32/Toolbar.TNT2.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir a variant of Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir a variant of Win32/Thinknice.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Big Chumpy\AppData\Roaming\Mozilla\Firefox\Profiles\ub4eeyfs.default\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir Win32/Toolbar.TNT2.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application deleted - quarantined
C:\ProgramData\steg\steg.exe a variant of MSIL/Packed.Confuser.J potentially unwanted application deleted (after the next restart) - quarantined
C:\Users\Big Chumpy\AppData\Roaming\Origin\update.vbe VBS/CoinMiner.AD trojan cleaned by deleting - quarantined
D:\SimCity\SimCity\1911.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantined
 



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:17 AM

Posted 23 May 2015 - 04:01 AM

Hi there,

It looks like I have bad news.

Looking through your logs I noticed that your machine is infected with a backdoor Trojan.

They allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please change all your passwords on a known clean and secure machine, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be removed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Regards,
Alex

#13 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 23 May 2015 - 05:53 AM

Hi Alex.

 

Bad news indeed. :(

 

I was going to format soon anyway though there were a few things I was hoping to keep.

 

All my financial details are changed from another independent computer.

 

Will I have to format all HDDs to be sure?

 

Just waiting on your reply before I push the NUKE button.



#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:17 AM

Posted 23 May 2015 - 06:38 AM

Hi there,

I think that formatting the drive that contains the Windows partition (usually C:\) is enough, but if you want to be 100% sure then it is best to reformat all drives.

Feel free to ask if you have any other questions.

Regards,
Alex

#15 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 23 May 2015 - 06:48 AM

Ok thanks Alex.

 

Had to laugh at the link on your posts as I realised how much this related to me

 

Common sense makes up 90% of security - software makes up the remaining 10%

 

You do know that common sense is one of the X-men powers don't you? :lmao:

Us mere mortals don't have much.

 

Thanks again for your help.

Scott

 

Formatting.............






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users