Help, Win32: Delf-GD [Trj] comes back after data file deletion

[John896]

avast 7 logs show first found on Jul 19 on desktop.  Did not realize issue until yesterday when researched name after it reappeared several times.  I ran the three programs in the log listing.  Malwarebites did not find anything on the quick run, reran in full mode and it found a file that has been around a long time before the infection that may have had some adware in it.  Removed it as requested by Malwarebites.  Recently bought a dell laptop and am using an older dell desktop.  Added a wireless router to my system for the laptop and a visit from relatives using apple products for a week.  I had put the same file removed on the laptop earlier.  Only the desktop has shown the infection data files.  Avast has found nothing on the laptop.  Malwarebites has found the same file there and I removed it yesterday.  The OTL file was run on the laptop before the desktop but without the script, just in fast scan for both computers.  I noticed my error just now.  I also ran the aswMBR program last night on the desktop.  Because the laptop had been first used on an open hotspot in the condo I was visiting when bought, I was concerned it was the source of the infection.  I ran combofix on it yesterday, which did not find any trojans, but did remove parts of DAP software and fixed a problem preventing spybot from fully immulizing the 32 bit internet explorer due to Kaspersky Anti-Virus being installed and removed from it.  The program stopped internet connection due to incomplete installation which did not work with Windows firewall.  I did not find the way to fix the firewall due to menu options open at the time.  Found right menu options now, but have not reinstalled since only one year use anyway.  I plan to attach the first OTL results and then run second time with script and post to this thread.  The laptop is in a win7 home network and shared files and folders with the desktop.  Do you want a OTL of the laptop as well.  Both have Avast 7 installed.

[essexboy]

Hi what is the file that Avast is reporting ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?source=5a76da41&tbp=rbox&toolbarid=searchcom_001&u=20120406ADE54559BC269A237CAC1C2D&q={searchTerms}
  O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
  
  
  :Files
  ipconfig /flushdns /c
   
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[John896]

File name: c:\Users\White\AppData\Local\searchcom_001\data\120719034059-f.list, repeats with new date code when found again.  Last clean full scan was Jul 5.  Boot time scans do not find it.  your script will be done as third time listed otl txt.

[essexboy]

OK that is part of the Becko toolbar/search engine, I removed what I could find of it ... So lets take this last bit out

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :Files
  ipconfig /flushdns /c
  c:\Users\White\AppData\Local\searchcom_001
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[John896]

I just deleted the searchcom_001 path and contents.  Hopefully that will not be a problem with the new script. Did that after running OTL.  Scanned the folders first with Avast and it did not find any problems, although there were over 200 files in folder.  None however with the f-list extension, but other list extensions.  I did not remember installing seachcom intentionally.  A lot of the host lists had sites I have not tried to visit either from the early OTL scans.

Another maybe unrelated issue.  A few months back my keyboard and mouse (USB) stopped working about 3 to 5 seconds into boot and start again about 10 seconds later.  The system frequently beeps with a message about them being gone during boot. 

[John896]

Here is the results after the second fix run.

[essexboy]

Is this a laptop or desktop ?

[John896]

all this has been on the older desktop.  Do you want to see the laptop data?

[essexboy]

Not unless the laptop has problems

A few months back my keyboard and mouse (USB) stopped working about 3 to 5 seconds into boot and start again about 10 seconds later.  The system frequently beeps with a message about them being gone during boot.

Change USB ports and see if that cures it

[John896]

Have 6 USB ports on desktop.  Two are expanded with powered USB port expanders with 4 ports on each.  I have tried moving keyboard and mouse to front usb ports which are normally not used, and both rear ports that have expanders on them.  None seem to make a difference.  One of the expanders has leds for active connections, and all lights on connections on it go off with this problem.  Power light is not changing.

I believe this is a software problem.

I have not yet found the problem on the laptop, but will be checking for related search items soon.

[John896]

I only see the same hosts issue on the laptop.  I did not find an installed searchcom_001 location.  I have attached the otl files.

[John896]

on the usb issue, I have tried checking that the usb devices are checked for boot operations on device manager.  They were.

[essexboy]

One of the expanders has leds for active connections, and all lights on connections on it go off with this problem.  Power light is not changing.

Based upon this I would lean to a hardware problem, the power fluctuations on the extender may be affecting your motherboard 

The laptop looks OK

[John896]

Thanks for the check on the laptop and usb suggestions.

However, my last Avast scan came up with two locations for the infected data file for the virus.  One was the remade seachcom_001 location, and another was in c:\Users\White\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWQFBOHR\120729160120-f[1].zip|>120729160120-f.list  .  So far nothing has found the real virus location.  Will comboxfix do anything for this?
Thanks,
John

[essexboy]

It is a sledgehammer to crack a nut, but....

The temp IE files should be emptied when you close down the browser, do you know how to set that up ?

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now