-
Hi,
Those ESET findings can be ignored :)
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with Ok.
- You will be prompted to restart your computer. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
Any issues left?
-
adwcleaner log
Here's the log. I Can happily report that both google chrome and firefox are working and the delta and babylon search engine tabs have gone. Cheers blade81 :)
# AdwCleaner v3.001 - Report created 29/08/2013 at 11:48:58
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Severin - SDOUBLE-LAP
# Running from : C:\Users\Severin\Desktop\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Severin\AppData\Local\PackageAware
Folder Deleted : C:\Users\Severin\AppData\Roaming\DSite
Folder Deleted : C:\Users\Janet\AppData\Roaming\DSite
File Deleted : C:\Users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\4sbx0wty.default\user.js
File Deleted : C:\windows\System32\Tasks\BrowserDefendert
File Deleted : C:\windows\System32\Tasks\EPUpdater
File Deleted : C:\windows\System32\Tasks\QtraxPlayer
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKCU\Software\e57ded9b06ebe46
Key Deleted : HKLM\SOFTWARE\e57ded9b06ebe46
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Conduit
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Tarma Installer
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v15.0.1 (en-GB)
[ File : C:\Users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\4sbx0wty.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=NT_ss&mntrId=EA00F2DF9AA08F3A");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
[ File : C:\Users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\s1tnczqs.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=NT_ss&mntrId=EA00F2DF9AA08F3A");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=EA00F2DF9AA08F3A");
-\\ Google Chrome v28.0.1500.95
[ File : C:\Users\Severin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : urls_to_restore_on_startup
[ File : C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [4268 octets] - [28/08/2013 14:08:04]
AdwCleaner[R1].txt - [4328 octets] - [28/08/2013 18:47:56]
AdwCleaner[R2].txt - [4388 octets] - [29/08/2013 11:48:06]
AdwCleaner[S0].txt - [4138 octets] - [29/08/2013 11:48:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4198 octets] ##########
-
Good. Let's see the final steps then :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Uninstall adwCleaner
- Double click on adwcleaner.exe to run the tool.
- Click on Uninstall.
- Confirm with yes.
Now lets uninstall ComboFix:
- Click START then RUN
- Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.
Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool: