We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
****Optimizer virus please please help!****
Comments
-
.
=============== Created Last 30 ================
.
2013-04-07 12:19:58
d
w- C:\Program Files\DomaIQ Uninstaller
2013-04-07 12:17:43
d
w- C:\Users\Gary\AppData\Roaming\player
2013-04-07 12:17:42
d
w- C:\Program Files (x86)\Tuguu SL
2013-04-07 12:17:34
d
w- C:\Windows\SysWow64\searchplugins
2013-04-07 12:17:34
d
w- C:\Windows\SysWow64\Extensions
2013-04-07 12:17:18
d
w- C:\ProgramData\BrowserProtect
2013-04-07 12:17:05
d
w- C:\Users\Gary\AppData\Roaming\Optimizer Pro
2013-04-07 12:16:59
d
w- C:\Users\Gary\AppData\Roaming\BabSolution
2013-04-07 12:16:51
d
w- C:\Users\Gary\AppData\Roaming\Yontoo
2013-04-07 12:16:51
d
w- C:\Program Files (x86)\Yontoo
2013-04-07 12:16:47
d
w- C:\Program Files (x86)\Optimizer Pro
2013-04-07 12:16:40
d
w- C:\ProgramData\Tarma Installer
2013-04-07 12:16:36
d
w- C:\ProgramData\Babylon
2013-04-07 12:16:35
d
w- C:\Users\Gary\AppData\Roaming\Babylon
2013-03-28 16:55:51 187152 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10197.bin
2013-03-27 08:45:34
d
w- C:\Windows\Cache
2013-03-27 08:45:33 31 ---ha-w- C:\Windows\UKCpInfo.sys
2013-03-27 08:45:10
d
w- C:\Program Files (x86)\Coupon Printer
2013-03-25 15:42:28
d
w- C:\Users\Gary\AppData\Local\CrashDumps
2013-03-17 12:31:53
d
w- C:\Users\Gary\AppData\Local\Albelli Photo books
2013-03-15 20:24:31 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-12 09:00:21 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
.
==================== Find3M ====================
.
2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-24 19:51:08 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-01-31 03:29:52 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-31 03:18:18 432800 ----a-w- C:\Windows\System32\drivers\N360x64\1403000.024\symnets.sys
2013-01-31 03:18:06 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1403000.024\symefa64.sys
2013-01-29 01:45:19 796248 ----a-w- C:\Windows\System32\drivers\N360x64\1403000.024\srtsp64.sys
2013-01-29 01:45:19 36952 ----a-w- C:\Windows\System32\drivers\N360x64\1403000.024\srtspx64.sys
2013-01-22 02:15:33 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1403000.024\symds64.sys
2013-01-17 04:04:06 4055552 ----a-w- C:\Windows\System32\win32k.sys
2013-01-16 00:35:49 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-01-16 00:31:26 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-01-16 00:25:17 1437696 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-01-16 00:23:19 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-01-10 01:29:54 1934056 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe
2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe
2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll
2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll
2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll
2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-01-09 23:26:08 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll
2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll
2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL
2013-01-09 23:23:32 95232 ----a-w- C:\Windows\System32\wiaacmgr.exe
2013-01-09 23:23:25 2094592 ----a-w- C:\Windows\System32\mmc.exe
2013-01-09 23:23:23 240640 ----a-w- C:\Windows\System32\fsquirt.exe
2013-01-09 23:23:18 256000 ----a-w- C:\Windows\System32\WSDMon.dll
2013-01-09 23:23:16 1964544 ----a-w- C:\Windows\System32\wlidsvc.dll
2013-01-09 23:23:14 594944 ----a-w- C:\Windows\System32\Windows.Networking.dll
2013-01-09 23:23:14 406016 ----a-w- C:\Windows\System32\Windows.Media.dll
2013-01-09 23:23:07 1886208 ----a-w- C:\Windows\System32\setupapi.dll
2013-01-09 23:23:05 728064 ----a-w- C:\Windows\System32\samsrv.dll
2013-01-09 23:22:53 464384 ----a-w- C:\Windows\System32\netprofmsvc.dll
2013-01-09 23:22:53 151040 ----a-w- C:\Windows\System32\netprofm.dll
2013-01-09 23:22:43 1120768 ----a-w- C:\Windows\System32\msctf.dll
2013-01-09 23:22:41 666112 ----a-w- C:\Windows\System32\MP4SDECD.DLL
2013-01-09 23:22:35 438272 ----a-w- C:\Windows\System32\lsm.dll
2013-01-09 23:22:29 894464 ----a-w- C:\Windows\System32\iphlpsvc.dll
2013-01-09 23:22:29 159232 ----a-w- C:\Windows\System32\inetpp.dll
2013-01-09 23:22:26 49152 ----a-w- C:\Windows\System32\drivers\UMDF\HidBthLE.dll
2013-01-09 23:22:05 1918464 ----a-w- C:\Windows\System32\wbem\cimwin32.dll
2013-01-09 03:59:47 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys
2013-01-09 03:59:16 74752 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2013-01-09 03:58:34 51712 ----a-w- C:\Windows\System32\drivers\bthenum.sys
2013-01-09 03:57:50 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys
.
============= FINISH: 18:24:19.77 ===============If you always do what you've always done, you'll always get what you've always got...
0 -
I wouldn't worry too much - you can see most of what got installed here - none of it's particularly malicious:
2013-04-07 12:19:58 -------- d-----w- C:\Program Files\DomaIQ Uninstaller 2013-04-07 12:17:43 -------- d-----w- C:\Users\Gary\AppData\Roaming\player 2013-04-07 12:17:42 -------- d-----w- C:\Program Files (x86)\Tuguu SL 2013-04-07 12:17:34 -------- d-----w- C:\Windows\SysWow64\searchplugins 2013-04-07 12:17:34 -------- d-----w- C:\Windows\SysWow64\Extensions 2013-04-07 12:17:18 -------- d-----w- C:\ProgramData\BrowserProtect 2013-04-07 12:17:05 -------- d-----w- C:\Users\Gary\AppData\Roaming\Optimizer Pro 2013-04-07 12:16:59 -------- d-----w- C:\Users\Gary\AppData\Roaming\BabSolution 2013-04-07 12:16:51 -------- d-----w- C:\Users\Gary\AppData\Roaming\Yontoo 2013-04-07 12:16:51 -------- d-----w- C:\Program Files (x86)\Yontoo 2013-04-07 12:16:47 -------- d-----w- C:\Program Files (x86)\Optimizer Pro 2013-04-07 12:16:40 -------- d-----w- C:\ProgramData\Tarma Installer 2013-04-07 12:16:36 -------- d-----w- C:\ProgramData\Babylon 2013-04-07 12:16:35 -------- d-----w- C:\Users\Gary\AppData\Roaming\Babylon
Post the contents of the other log - attach.txt - and we'll see what we can uninstall first0 -
it comes up with Delta search on my google chrome now aswell not sure if that is connected?If you always do what you've always done, you'll always get what you've always got...0
-
Yes, it's connected.
Download AdwCleaner from the link below & save it to your desktop.
LINK
Then,- Right click AdwCleaner.exe & choose "Run as administrator" to run it.
- Click Delete.
- Click OK to the prompt.
- The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
- Post the contents of the logfile with your next reply.
- You can also find the logfile at C:\AdwCleaner[s1].txt.
0 -
# AdwCleaner v2.200 - Logfile created 04/08/2013 at 18:47:06
# Updated 02/04/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Gary - BRISCOES
# Boot Mode : Normal
# Running from : C:\Users\Gary\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Gary\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Gary\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Gary\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Gary\AppData\Roaming\Yontoo
***** [Registry] *****
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16482
[OK] Registry is clean.
-\\ Google Chrome v26.0.1410.43
File : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.33] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Deleted [l.36] : keyword = "delta-search.com",
Deleted [l.40] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=C[...]
Deleted [l.2106] : homepage = "hxxp://www.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=C654C8F7333B75A3",
Deleted [l.2476] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId[...]
*************************
AdwCleaner[S1].txt - [1801 octets] - [08/04/2013 18:47:06]
########## EOF - C:\AdwCleaner[S1].txt - [1861 octets] ##########If you always do what you've always done, you'll always get what you've always got...0 -
All looks like gobblydegook to me! thanks so much!!If you always do what you've always done, you'll always get what you've always got...0
-
Things looking a little better now?
Download OTL by Old Timer from the link below and save it to your Desktop.
LINK- Double-click OTL.exe to start the program.
- Copy and Paste all the following code into the
textbox. Do not include the word Code:
:files C:\Users\Gary\AppData\Roaming\player C:\Program Files (x86)\Tuguu SL C:\Windows\SysWow64\searchplugins C:\Windows\SysWow64\Extensions :commands [EMPTYTEMP] [CREATERESTOREPOINT]
- Then click the Run Fix button at the top.
- Click
. - OTL may ask to reboot the machine. Click OK & allow it to do so if asked.
- The report should appear in Notepad after the reboot.
- Copy and Paste that report in your next reply.
0 -
All processes killed
========== FILES ==========
C:\Users\Gary\AppData\Roaming\player\images folder moved successfully.
C:\Users\Gary\AppData\Roaming\player folder moved successfully.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages folder moved successfully.
C:\Program Files (x86)\Tuguu SL\VAFPlayer folder moved successfully.
C:\Program Files (x86)\Tuguu SL folder moved successfully.
C:\Windows\SysWow64\searchplugins folder moved successfully.
C:\Windows\SysWow64\Extensions folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gary
->Temp folder emptied: 788564 bytes
->Temporary Internet Files folder emptied: 10438949 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 402791417 bytes
->Flash cache emptied: 21224 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94494 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33938526 bytes
RecycleBin emptied: 4153373 bytes
Total Files Cleaned = 431.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 04082013_192524
Files\Folders moved on Reboot...
C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(20130408185001764).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2rdll(20130408185001764).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20130408185001764).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20130408185001764).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...If you always do what you've always done, you'll always get what you've always got...0 -
Are things ok now?0
-
Everything seems okay now
If you always do what you've always done, you'll always get what you've always got...0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards