Author Topic: [Resolved - K] Avast detected delay.exe, FF and IE running slower with errors  (Read 6808 times)

Offline Kat540

  • Bronze Member
  • Posts: 54
Hello  :)1
I recently asked for help on another forum, but they seem unable to help and they said they didn't see anything that pointed to malware.

A few days ago I started getting this error on FF  "Content Encoding Error The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression. Please contact the website owners to inform them of this problem."

Since then I have also occasionally received this error  "Secure Connection Failed An error occurred during a connection to search.yahoo.com. SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.

Both browsers have become slow and websites do not load correctly most of the time. After I kept getting the first FF error I ran a scan on McAfee that came preinstalled on my PC, nothing was detected. I still felt like something might be there so I downloaded Avast and did a scan and it said I have malware. I then tried to quarantine the file, but I had errors trying to quarantine it. I then followed the forums instructions and ran into problems with downloading and running the programs. I downloaded roguekiller and it Windows said its not made for my PC and to contact the software publisher for a version made for my PC. I downloaded Malwarebytes and I had the same problem. The same problem again with HitmanPro. MGtools had problems downloading at first on FF. I used IE to download it and when I tried to run it, it said it couldn't find GetLogs.bat. We ended up finding out the files for MGtools were missing somehow and I had to redownload. I after I downloaded MGtools and posted the log he said he couldn't find anything to show theres malware on my PC and that he didn't think I was having malware problems and said I should post in the software section.

The helper in the software section directed me to the Virustotal website. I tried to restore the file in Avast but it said there was a file already with that name and asked me if I wanted to overwrite it or skip. So I then tried to find it to upload it and I couldn't find it. So I rescanned Avast and it found it again. This is the full folder name as it says in Avast :\\?\Volume{e6f4f4ec-43f4-4c68-aaf9-7dd3796ac9e8}\oem\DELAY.EXE

I tried to follow the directions for posting here but program DDS wouldn't run it gave me an error similar to the roguekiller program and said it wasn't made for my version and said it was only made for Win 7 and earlier

Windows: 8.1 64 Bit
FF: 36.0.4
IE: 11

I almost forgot they had to try Farbar tool in command prompt and I also got the same error as the others.
They also had me change some settings on my PC
1. Disable disk emulation software
2. Show hidden file systems and folders
3: Run CCleaner
4: Disable user account control
I haven't changed these back yet since I wasn't sure if I should. Thank you for your help

« Last Edit: April 18, 2015, 04:39:10 PM by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Hello Kat540,

DDS will not run on Windows 8.1, see if you can run the following:

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
  • Post back the report which should also be located here:

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

Thanks,

Kevin...

Offline Kat540

  • Bronze Member
  • Posts: 54
Ok I was able to download them. Thank you for helping :)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Thanks for those logs, there is no obvious malware or infection of note. Continue please:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Unsure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan"
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Let me see those logs in your next reply....

Thanks,

Kevin.

Offline Kat540

  • Bronze Member
  • Posts: 54
I'm hoping there isn't any malware, but if there is hopefully I'll be able to find a fix for it.

Here are the next logs and thank you.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
No obvious malware or infection in those logs, continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Now select > Scan > Threat scan > Scan now
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

Next,

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is checked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Let me see those logs, also give an update on any remaining issues or concerns....

Thanks,

Kevin..


Offline Kat540

  • Bronze Member
  • Posts: 54
I meant in my previous post that I hope I'll be able to fix the PC problems if there isn't any malware found, and it doesn't seem like I do have malware. For some reason the PC seems to be running a little better though FF is still giving errors, and a lot of the time pages are loading incorrectly. Most are websites I visit regularly, for example a forum I help run and a browser game I play. Everything was working fine until I started getting the errors and then I downloaded Avast and it said I had malware.
Here is the Malwarebytes log
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/25/2015
Scan Time: 8:42:31 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.26.01
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: lilbear450

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352072
Time Elapsed: 5 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Run the following, let me know if any improvement...

Scan with ZOEK

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on icon and select Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

Code: [Select]
services_list;
standardsearch;
autoclean;
emptyclsid;
emptyfolderscheck;delete
iedefaults;
firefoxlook;
chromelook;
FFdefaults;
CHRdefaults;


  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply. Don't forget to re-enable security software!

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Let me see those logs in your next reply...

Thanks,

Kevin

Offline Kat540

  • Bronze Member
  • Posts: 54
Thank you for you help! Some pages don't show up correctly and sometimes pages don't load. Also I seem to usually only get the message that a program isn't made for my PC when Avast is running during download.  I was wondering if I could of had malware or something else and now its gone?
 
I forgot to say that FF is running a little better now as I'm able to post on the other forum, but some pages still don't show up correctly.

Results of screen317's Security Check version 0.99.99
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Windows Defender   
avast! Antivirus   
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Adobe Flash Player    17.0.0.134 
 Adobe Reader XI 
 Mozilla Firefox (36.0.4)
````````Process Check: objlist.exe by Laurent````````[/u] 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast afwServ.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]
« Last Edit: March 27, 2015, 08:23:54 PM by Kat540 »

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Continue as follows please:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number
Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Post those logs, also give an update on any remaining issues or concerns......

Thank you,

Kevin...

Offline Kat540

  • Bronze Member
  • Posts: 54
I wasn't sure if you wanted me to attach or copy and paste, so I just deleted some of the blank space to take up less room. The forum seems to only work every now and then for me also I am still getting the same errors on FF about the content and sometimes the secure connection error. I don't think the content error would be from the website because its happened at different websites including this forum a few times. Also Avast detected another file, but I don't know if it has to do with any of the programs downloaded or not its trzA5D4.tmp . Also Malwarebytes said it detected something, I think it just has to do with one of the programs but I wasn't sure so I included it too.

# AdwCleaner v4.113 - Logfile created 28/03/2015 at 10:38:53
# Updated 22/03/2015 by Xplode
# Database : 2015-03-27.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : lilbear450 - ASUS_LAPTOP
# Running from : C:\Users\lilbear450\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[jedifs5h.default-1425276842386\prefs.js] - Line Deleted : user_pref("extensions.avastwrc.whiteList", "{\"trk\":{\"apps.facebook.com\":{\"703\":false},\"avast.com\":{\"779\":false},\"forums.majorgeeks.com\":{\"708\":false,\"714\":false,\"874\":false},\"order.[...]

*************************

AdwCleaner[R0].txt - [1100 bytes] - [28/03/2015 10:37:24]
AdwCleaner[S0].txt - [1041 bytes] - [28/03/2015 10:38:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1100  bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows 8.1 x64
Ran by lilbear450 on Sat 03/28/2015 at 10:44:04.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services


~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm


~~~ Registry Keys


~~~ Files


~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\lilbear450\AppData\Roaming\flexnet"


~~~ FireFox

Successfully deleted the following from C:\Users\lilbear450\AppData\Roaming\mozilla\firefox\profiles\jedifs5h.default-1425276842386\prefs.js

user_pref("extensions.avastwrc.whiteList", "{\"trk\":{\"apps.facebook.com\":{\"703\":false},\"avast.com\":{\"779\":false},\"forums.majorgeeks.com\":{\"708\":false,\"714\":fals


~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/28/2015 at 10:46:46.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/27/2015
Scan Time: 7:27:17 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.28.01
Rootkit Database: v2015.03.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: lilbear450

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351814
Time Elapsed: 6 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.KillFiles, C:\$RECYCLE.BIN\S-1-5-21-393075575-3085505003-1851472820-1001\$RL51CM1.exe, Quarantined, [fce587c3880266d09475bb417a878b75],

Physical Sectors: 0
(No malicious items detected)


(end)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
One more scan please:

1.Download Malwarebytes Anti-Rootkit from this link:

 http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the update completes select Next.



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.



11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
12. If no threats were found you will see the following image, Select Exit:



13. Verify that your system is now running normally, making sure that the following items are functional:

  • Internet access
  • Windows Update
  • Windows Firewall

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown

Thanks,

Kevin...

Offline Kat540

  • Bronze Member
  • Posts: 54
I tried to run the Malwarebytes rootkit scanner but both times it got stuck on different files. Even after I left it to run for a hour the 2nd time. I wasn't sure if I use the fixdamage or not since I wasn't able to run the scanner.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Before you run Malwarebytes anti rootkit (MBAR) close out Malwarebytes anti malware (MBAM)....

Right click on tray icon of MBAM, select "Exit" to close it down, try MBAR one more time...


Offline Kat540

  • Bronze Member
  • Posts: 54
Ok I closed MBAM and tried to run it but it still kept stopping on a file I noticed it always seems to stop on a system file though I don't know if that matters or not.