HiJack this thread - assistance please!

Grampus8

Hi chums.

Had a virus worry last weekend, have run MBAM and it found quite a lot, could you look over this and tell me if there are any nasties please?

Grampus8

I got a message blocking me from posting the log, is that weird?

waddler_8

No - it's a forum bug.

I'll PM you my email address and you can send me it.

Grampus8

Thanks mate yes please

waddler_8

Send me the mbam log rather than the hijackthis log, then run me DDS and post me the logs from that too.

Post me a DDS log - should take 2-3 minutes.

Download DDS from the link below and save it to your desktop:

Link

After you've downloaded it and saved it to your desktop:

• Double click DDS to run it.
• Click Start
• When it's finished, DDS will open two logs:

1. DDS.txt
   
2. Attach.txt

Save both reports to your desktop.

email me those reports.

Grampus8

ive sent you the hjk one ive deleted the MBAM one

Grampus8

And now both DDS ones.

waddler_8

By the looks of things it wasn't anything serious other than PUP.Optional variants that have been added to the database.

There's a few remnants of delta search so run AdwCleaner.

Download AdwCleaner from the link below & save it to your desktop.

LINK

If you don't save it to your desktop, look in:

C:\Users\user\Downloads

Then,

• Right click adwcleaner.exe and choose "Run as Administrator"
• Click the Scan button.
• When the scan finishes, click the Report button.
• A logfile will open in notepad. Copy/paste to post the contents of the logfile in your next reply or email me.
• Close AdwCleaner
• You can also find the logfile at C:\AdwCleaner\AdwCleaner[R**].txt.

I'm going out now but will look later. Like I said, it's nothing serious so don't worry in the meantime.

Grampus8

No choice of adminstrator but here it is:

# AdwCleaner v3.004 - Report created 20/09/2013 at 19:22:05
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user -
# Running from : C:\Users\user\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\users\user\AppData\Roaming\BabMaint.exe
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\.BackupManager\user.js
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zq5jj7w4.default\bProtector_extensions.rdf
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zq5jj7w4.default\bprotector_extensions.sqlite
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zq5jj7w4.default\bprotector_prefs.js
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zq5jj7w4.default\searchplugins\Askcom.xml
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zq5jj7w4.default\searchplugins\Babylon.xml
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zq5jj7w4.default\searchplugins\BrowserProtect.xml
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zq5jj7w4.default\searchplugins\delta.xml
File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zq5jj7w4.default\user.js
File Found : C:\Windows\System32\Tasks\EPUpdater
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found C:\Program Files (x86)\delta
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\BrowserProtect
Folder Found C:\ProgramData\Partner
Folder Found C:\users\user\AppData\LocalLow\delta
Folder Found C:\users\user\AppData\LocalLow\ShoppingReport2
Folder Found C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zq5jj7w4.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\59e888cbd68eb10
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\59e888cbd68eb10
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zq5jj7w4.default\prefs.js ]

Line Found : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119776&tt=190313_wo1&babsrc=HP_ss&mntrId=28FE0617C4B4EC1F");
Line Found : user_pref("avg.install.userSPSettings", "Delta Search");
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.id", "28fe9d7a0000000000000617c4b4ec1f");
Line Found : user_pref("extensions.delta.instlDay", "15794");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none"

waddler_8

• Right click AdwCleaner.exe and choose "Run as Administrator" to run it.
• Click the Scan button.
• When the scan finishes, click the Clean button.
• Click OK to the prompt and let AdwCleaner reboot the computer.
• A logfile will open in notepad after reboot. Copy/paste to post the contents of the logfile in your next reply or email me..
• You can also find the logfile at C:\AdwCleaner\AdwCleaner[S**].txt.

Grampus8

# AdwCleaner v3.004 - Report created 21/09/2013 at 13:10:52
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user -
# Running from : C:\Users\user\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zq5jj7w4.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9249 octets] - [20/09/2013 19:22:05]
AdwCleaner[R1].txt - [1249 octets] - [21/09/2013 13:09:53]
AdwCleaner[S0].txt - [9173 octets] - [20/09/2013 19:24:40]
AdwCleaner[S1].txt - [1174 octets] - [21/09/2013 13:10:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1234 octets] ##########