1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

possible malware? slow system and audio ads

Discussion in 'Virus & Other Malware Removal' started by Mrjamieson, Jul 24, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Mrjamieson

    Mrjamieson Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    57
    I have done everything you said. It seems to be fine but I don't see any real difference than before the last step. The online AV scan did seem to pick out quite a lot of infections though. The computer seems to be working so much better though. Here is what you requested and tell me what you think?


    All processes killed
    ========== OTL ==========
    Folder C:\Users\harry\AppData\Roaming\Mozilla\Firefox\Profiles\vrm48h4l.default\ex tensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
    Folder C:\Users\harry\AppData\Roaming\Mozilla\Firefox\Profiles\vrm48h4l.default\ex tensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Folder C:\Users\harry\AppData\Roaming\Mozilla\Firefox\Profiles\vrm48h4l.default\ex tensions\[email protected]\ not found.
    Use Chrome's Settings page to change the HomePage.
    File C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChrom ePI.dll not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== FILES ==========
    File\Folder C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR not found.
    File\Folder C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChrom ePI.dll not found.
    C:\Users\harry\AppData\Local\{93521D56-D5BA-45DB-9899-217B984F1B05} folder moved successfully.
    C:\Users\harry\AppData\Local\{EA2C0C36-F559-4C00-ABEE-8B9BC80FC53F} folder moved successfully.
    C:\Users\harry\AppData\Local\{E474B330-5EA8-4835-9507-1F9AEE801165} folder moved successfully.
    C:\Users\harry\AppData\Local\{50BE36D1-782F-4351-A3E4-93BA51BAB5D6} folder moved successfully.
    C:\Users\harry\AppData\Local\{6AFF746D-36B1-4467-A0E2-601D82B81C10} folder moved successfully.
    C:\Users\harry\AppData\Local\{0E1FED34-F893-4966-AB65-D0724E1EB2A0} folder moved successfully.
    C:\Users\harry\AppData\Local\{0388C4E8-CAB5-4D13-80F4-520BD0D8CF68} folder moved successfully.
    C:\Users\harry\AppData\Local\{E87E6765-0AE8-4345-A574-85CA9451B362} folder moved successfully.
    C:\Users\harry\AppData\Local\{9EF70447-BE4E-4BAA-A18D-9D8D3738A371} folder moved successfully.
    C:\Users\harry\AppData\Local\{438AB6C3-BF21-4AFE-9550-A2910F9C6BE5} folder moved successfully.
    C:\Users\harry\AppData\Local\{69FC119A-655F-4D87-B942-E27CACD7E5B3} folder moved successfully.
    C:\Users\harry\AppData\Local\{2D0F57B4-5013-4A0C-AA44-D315CD1EF11E} folder moved successfully.
    C:\Users\harry\AppData\Local\{0DDFB27F-1C74-493C-BC4A-D7335C1E3950} folder moved successfully.
    C:\Users\harry\AppData\Local\{CB38660F-F955-41F7-9DF0-8EAD307D3731} folder moved successfully.
    C:\Users\harry\AppData\Local\{4C6FC563-98AE-4C5E-BBBA-081E1D4D6B29} folder moved successfully.
    C:\Users\harry\AppData\Local\{62891E8A-8BF0-4290-A839-70717644831D} moved successfully.
    C:\Users\harry\AppData\Local\{2B9BFA8E-E01D-4925-A136-69CEEFCD8A82} moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: harry
    ->Temp folder emptied: 5411923 bytes
    ->Temporary Internet Files folder emptied: 11330618 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 35091170 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 59174 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 10015342 bytes

    Total Files Cleaned = 59.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 08032012_164641

    Files\Folders moved on Reboot...
    C:\Users\harry\AppData\Local\Temp\{B0091212-784D-4A59-AC33-351A039D35E9}\fpb.tmp moved successfully.
    C:\Users\harry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\JETBDB3.tmp not found!

    PendingFileRenameOperations files...
    File C:\Users\harry\AppData\Local\Temp\{B0091212-784D-4A59-AC33-351A039D35E9}\fpb.tmp not found!
    File C:\Users\harry\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Windows\temp\JETBDB3.tmp not found!

    Registry entries deleted on Reboot...



    C:\Program Files (x86)\smartdl\vfd.exe Win32/BHO.OES trojan cleaned by deleting - quarantined
    C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08022012_220524\C_Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08022012_220524\C_Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08022012_220524\C_Program Files (x86)\OApps\bho_project.dll Win32/Adware.Facetheme.C application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08022012_220524\C_Program Files (x86)\SEARCHQU TOOLBAR\DATAMNGR\datamngr.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08022012_220524\C_Program Files (x86)\SEARCHQU TOOLBAR\DATAMNGR\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08022012_220524\C_Program Files (x86)\SEARCHQU TOOLBAR\DATAMNGR\IEBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    I didn`t expect much change on the last run of OTL, that was just to remove the entries I missed first time round. The ESET online AV scan was just to give your system a thorough scan to make sure no hidden infections.

    OK, continue as follows:

    Step 1

    • Double click [​IMG] to run it. (Vista and Win 7 users accept UAC alert
    • Click on the [​IMG] button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    Step 2

    Remove ESET online scanner:

    • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
    • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

    Step 3

    Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
    If Java or Adobe as updated please check under Start > Control Panel > Uninstall a Program, ensure any old versions are removed. <--- Very Important

    Step 4

    Create a new restore point:

    1. Right-click on Computer and go to Properties.
    2. Next click on the System Protection link.
    3. The System Properties dialog screen opens up and you will want to click on Create.
    4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.
    5. You should see the message "The restore point was created successfully

    To remove all but the most recent restore point do the following:

    1. Open Disk Cleanup by clicking the Start button [​IMG]. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
    2. If prompted, select the drive that you want to clean up, and then click OK.
    3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
    4. If prompted, select the drive that you want to clean up, and then click OK.
    5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
    6. In the Disk Cleanup dialog box, click Delete.
    7. Click Delete Files, and then click OK. Re-Boot your PC.

    Let me know if those steps complete OK, also if any remaining issues or concerns...

    Kevin...
     
  3. Mrjamieson

    Mrjamieson Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    57
    It seems fine mate. Its so much better. Would you say thats everything thats needed to be done. One last question though. Obviously Norton hasn't done anything for me. What programmes would you say are musts that i should have protecting my pc?
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Your logs look good, if your system is responding OK then you are good to go. I`ve had all of the major security programs at one time or another. I currently use Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. I also use WinPatrol and a lot of common sense, never been infected personally!!! Have a read through the follow :-

    Here are some tips to reduce the potential for malware infection in the future:

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained Here

    Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
    If Java or Adobe as updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed.
    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    Firefox,

    Opera, and

    Chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    If no remaining issues hit the “Mark Solved” tab at the top of the thread,

    I`ve worked with lots of guys from Glasgow over the years when I was offshore, salt of the earth....

    Take care,

    Kevin
     
  5. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1062446