|
Post by boherb on Oct 26, 2014 15:07:39 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 26, 2014 15:11:20 GMT -8
You did not get the fixlist correct you have downloaded as .htm(l) format with internal html code not as .txt with text code.
Quads
|
|
|
Post by boherb on Oct 26, 2014 15:21:39 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 26, 2014 15:34:04 GMT -8
Did the system Reboot??
Quads
|
|
|
Post by boherb on Oct 26, 2014 15:38:29 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 26, 2014 16:25:14 GMT -8
The last step was to just take items and break malware apart, some go into quarantine
Now though in Normal Mode the system should be running a lot better and dllhost.exe should quieten down.
BUT due to Zeroaccess being found there will be an extra step.
Quads
|
|
|
Post by boherb on Oct 26, 2014 16:29:43 GMT -8
Thanks, let me know what to do next.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 26, 2014 18:45:51 GMT -8
Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
|
Post by boherb on Oct 27, 2014 3:22:04 GMT -8
# AdwCleaner v4.002 - Report created 27/10/2014 at 07:18:39 # Updated 27/10/2014 by Xplode # Database : 2014-10-26.6 # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Ed - HOUSE1-PC # Running from : C:\Users\Ed\Desktop\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found : C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Found : C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal File Found : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Found : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal File Found : C:\Users\Public\Desktop\eBay.lnk Folder Found : C:\ProgramData\apn Folder Found : C:\Users\Beth\AppData\Local\Browsersafeguard Folder Found : C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Beth\AppData\LocalLow\HPAppData Folder Found : C:\Users\Beth\AppData\Roaming\iWin Folder Found : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Carrie\AppData\LocalLow\HPAppData Folder Found : C:\Users\Carrie\AppData\LocalLow\MyFunCards_5m Folder Found : C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Ed\AppData\Local\PackageAware Folder Found : C:\Users\Ed\AppData\LocalLow\HPAppData Folder Found : C:\Users\Ed\AppData\LocalLow\MyFunCards_5m Folder Found : C:\Users\Elizabeth\AppData\Local\ArcadeCandy Folder Found : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac Folder Found : C:\Users\Elizabeth\AppData\LocalLow\HPAppData Folder Found : C:\Users\Elizabeth\AppData\LocalLow\MyFunCards_5m Folder Found : C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeCandy Folder Found : C:\Users\house 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\house 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\house 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\house 1\AppData\Local\PackageAware Folder Found : C:\Users\house 1\AppData\LocalLow\HPAppData Folder Found : C:\Users\house 1\AppData\LocalLow\MyFunCards_5m
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\MyFunCards_5m Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : HKLM\SOFTWARE\InstallIQ Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bSaving Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCards_5mbar Uninstall Key Found : HKLM\SOFTWARE\MyFunCards_5m Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Google Chrome v38.0.2125.104
*************************
AdwCleaner[R0].txt - [63672 octets] - [27/10/2014 07:13:45] AdwCleaner[R1].txt - [7440 octets] - [27/10/2014 07:18:39]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [7500 octets] ##########
|
|
|
Post by boherb on Oct 27, 2014 3:25:02 GMT -8
Internet explore is now using more and more memory and showing large numbers of sights in the history, and also only one days history is available
|
|