malware

Download HitManPro

64-Bit Version OS HitmanPro_x64

32-Bit Version OS HitmanPro

Save to the Desktop

Right click on HitmanPro.exe and choose

When HitmanPro opens up click on Settings uncheck Scan for tracking cookies . Click on OK . Then click on the Next button

Click on No, I only want to perform a one-time scan to check this computer on the Setup page . Click Next once done .

Let it scan the PC once its done Click Next

Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer then click Next

Copy and paste the contents of the log . Located in C:\ ProgramData\Hitman Pro\Logs

Delete the old FRST.txt file and rerun FRST64.exe please . Upload the new FRST.txt

Open Notepad. Inside notepad paste the highlighted text below

start
HKLM-x32\...\Run: [] - [x]
CHR HKLM-x32\...\Chrome\Extension: [ddjobbmbkpnhmiloopddfpnedcmhcdpg] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx
2013-08-05 16:02 - 2013-08-05 16:11 - 00000000 ____D C:\Program Files (x86)\Web Cake
2013-08-05 16:02 - 2013-08-05 16:09 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Web Cake
2013-08-05 20:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-05 16:11 - 2013-08-05 16:04 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-05 16:11 - 2013-08-05 16:02 - 00000000 ____D C:\Program Files (x86)\Web Cake
2013-08-05 16:09 - 2013-08-05 16:03 - 00000000 ____D C:\Users\Dave\AppData\Roaming\player
2013-08-05 16:09 - 2013-08-05 16:02 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Web Cake
2013-08-05 16:04 - 2013-08-05 16:04 - 00000000 ____D C:\Users\Dave\AppData\Roaming\WinZipper
end


Click on File select SAve as

Location: Desktop
File Name: Fixlist.txt
Save as type : All files

click on the Save button

Open FRST64.exe click on the [Fix] button once its done it will create a new log file on your desktop called Fixlog.txt. Upload that log

Once you're done run ESET online scanner

On
Hold down Control and click on ESET Online Scanner to open ESET OnlineScan in a new window
Click the button
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.


On or
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Right click on choose on your desktop
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

You also would want to take a look at the link below to remove some items from your Chrome search section

Remove Delta Search (Uninstall Guide)

pcspike said:

Hi Vista King,

See attachment to Hitmanpro log. Just checked the browser and it now seem clear of popups. Are you able to tell what was the cause of the problem?

Looks D2M-Precheck[1].exe was the trojan...

Some reporting aswell strange folders come along with:

Question owner



I ran AdwCleaner first. It found many registry keys. It also found these folders:

• C:\Program Files (x86)\OApps
• C:\Program Files (x86)\SaveValet

In the OApps directory was the file: dler.exe
Then I ran Malwarebytes Anti-Malware which found: D2M-Precheck[1].exe (Trojan.MSIL)
All of the above were missed by Microsoft's Security Essentials.
The malware that was was putting the banner in the webpages I viewed was SelectionLinks. It is a FireFox plugin that was sneakily installed.
I am certain the above infections happened because of free software I had downloaded. I do not know which of them it was. I suspect one or more of them was downloaded from other than the official site for them.
I thank you for your help. I had some serious infections, especially dler.exe.

You might want in a near future set those settings to internet:
Internet Explorer Delete Browsing History

Empty Temporary Internet Files folder when closed

Once ESET is complete uninstall pc suite and

Remove Search-Results toolbar (Uninstall Guide) take a look at the Google Chrome sections