Jump to content

Help with removal.

Recommended Posts

So i just installed the software and did a scan and got this:


Registry Keys Detected: 36
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> No action taken.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> No action taken.
HKCR\escort.escortIEPane (PUP.Optional.Delta) -> No action taken.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> No action taken.
HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> No action taken.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> No action taken.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> No action taken.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> No action taken.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> No action taken.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta) -> No action taken.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta) -> No action taken.
HKCR\delta.deltaappCore.1 (PUP.Optional.Delta) -> No action taken.
HKCR\delta.deltaappCore (PUP.Optional.Delta) -> No action taken.
HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta) -> No action taken.
HKCR\d (PUP.Optional.Delta) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> No action taken.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> No action taken.
HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk (PUP.Optional.Gophoto.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> No action taken.
Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data:  -> No action taken.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Data:  -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=6459e9a60000000000009cb70db8e784 -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {46806800-60AA-4D8C-A3AA-08CD24FC1FC4} -> No action taken.
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=6459e9a60000000000009cb70db8e784) Good: (http://www.google.com) -> No action taken.
Folders Detected: 16
C:\Users\gabe\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\gabe\AppData\Roaming\Delta (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Gophoto.it (PUP.Optional.Gophoto.A) -> No action taken.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\ (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\\bh (PUP.Optional.Delta.A) -> No action taken.
C:\Users\gabe\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\gabe\AppData\Roaming\OpenCandy\6F98A2C3C8E4455BA2664152B8D12410 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\gabe\AppData\Roaming\OpenCandy\OpenCandy_6F98A2C3C8E4455BA2664152B8D12410 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\gabe\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> No action taken.
C:\Users\gabe\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> No action taken.
C:\Users\gabe\AppData\Local\Temp\mt_ffx\Delta\delta\ (PUP.Optional.Delta.A) -> No action taken.
Files Detected: 32
C:\Program Files (x86)\Delta\delta\\bh\delta.dll (PUP.Optional.Delta) -> No action taken.
C:\Program Files (x86)\Delta\delta\\deltasrv.exe (PUP.Optional.Delta) -> No action taken.
C:\Program Files (x86)\Delta\delta\\deltaTlbr.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\\deltaApp.dll (PUP.Optional.Delta) -> No action taken.
C:\Program Files (x86)\Delta\delta\\deltaEng.dll (PUP.Optional.Delta) -> No action taken.
C:\Users\gabe\AppData\Local\Temp\OptChrome.exe (PUP.Optional.OptChrome.A) -> No action taken.
C:\Users\gabe\AppData\Local\Temp\606DB83A-BAB0-7891-8B96-972A59A1446B\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\gabe\AppData\Local\Temp\606DB83A-BAB0-7891-8B96-972A59A1446B\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> No action taken.
C:\Users\gabe\Downloads\DAEMONToolsPro510-0333.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\gabe\Downloads\hdplugin_chrome.exe (PUP.BundleInstaller.DW) -> No action taken.
C:\Users\gabe\Downloads\setup (1).exe (PUP.BundleInstaller.VG) -> No action taken.
C:\Users\gabe\Downloads\Setup.exe (Adware.Hotbar) -> No action taken.
C:\Users\gabe\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\gabe\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Users\gabe\AppData\Roaming\Delta\delta.crx (PUP.Optional.Delta.A) -> No action taken.
C:\Users\gabe\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (PUP.Optional.BProtector.A) -> No action taken.
C:\Users\gabe\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken.
C:\Program Files (x86)\Gophoto.it\gophotoit14.crx (PUP.Optional.Gophoto.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\\escortShld.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\\GUninstaller.exe (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\\uninstall.exe (PUP.Optional.Delta.A) -> No action taken.
C:\Users\gabe\AppData\Roaming\OpenCandy\6F98A2C3C8E4455BA2664152B8D12410\3117.ico (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\gabe\AppData\Roaming\OpenCandy\6F98A2C3C8E4455BA2664152B8D12410\AVG923_p1v3.exe (PUP.Optional.OpenCandy) -> No action taken.
Im fairly new to this and was wondering if anyone knew what is ok to remove.
Link to post
Share on other sites

You can remove all of it.

If you ever make a mistake with Malwarebytes, you can always restore the item.

Items deleted are placed in quarantine and not actually deleted.

Just open up Malwarebytes and click on the Quarantine Tab.

Being you have so much adware/spyware on the system. I would suggest you do this:

Lets clean out any adware while you're here: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.