|
Post by highclimber on Nov 23, 2014 20:21:24 GMT -8
Absolutely. So far so good. Not having to "end process" with dllhost yet. Thanks!!! Next steps?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 23, 2014 20:39:51 GMT -8
Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
|
Post by highclimber on Nov 23, 2014 20:51:47 GMT -8
# AdwCleaner v4.102 - Report created 23/11/2014 at 20:48:32 # Updated 23/11/2014 by Xplode # Database : 2014-11-23.7 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Steven Coe - STEVENCOE-PC # Running from : C:\Users\Steven Coe\Desktop\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found : C:\Users\Public\Desktop\eBay.lnk File Found : C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\\Local Storage\hxxp_www.superfish.com_0.localstorage-journal File Found : C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage File Found : C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Found : C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal File Found : C:\Users\Steven Coe\Desktop\MySearchDial.url Folder Found : C:\Program Files (x86)\Driver Support Folder Found : C:\Program Files (x86)\SmarterPower Folder Found : C:\Program Files (x86)\wse_astromenda Folder Found : C:\ProgramData\apn Folder Found : C:\ProgramData\Driver Support Folder Found : C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Steven Coe\AppData\LocalLow\HPAppData Folder Found : C:\Users\Steven Coe\AppData\Roaming\DigitalSites Folder Found : C:\Users\Steven Coe\AppData\Roaming\pccustubinstaller Folder Found : C:\Users\Steven Coe\AppData\Roaming\Systweak Folder Found : C:\Users\Steven Coe\AppData\Roaming\wse_astromenda Folder Found : C:\Users\STEVEN~1\AppData\Local\Temp\pccustubinstaller Folder Found : C:\Users\STEVEN~1\AppData\Local\Temp\SmarterPower Folder Found : C:\Users\Yvette\AppData\LocalLow\HPAppData
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\dsiteproducts Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Found : HKCU\Software\systweak Key Found : [x64] HKCU\Software\dsiteproducts Key Found : [x64] HKCU\Software\InstallCore Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Found : [x64] HKCU\Software\systweak Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : HKLM\SOFTWARE\InstallIQ Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE} Key Found : HKLM\SOFTWARE\systweak Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyE0F0Dzy0ByD0CtA0D0DtN0D0Tzu0SyByCtBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1729902661&ir=
-\\ Google Chrome v39.0.2171.65
[C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19&gct=sb&qsrc=2869 [C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyE0F0Dzy0ByD0CtA0D0DtN0D0Tzu0SyByCtBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1729902661&ir=
*************************
AdwCleaner[R0].txt - [6064 octets] - [23/11/2014 20:48:32]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6124 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 23, 2014 20:58:00 GMT -8
a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. Except the entries for (Remove the tick beside the entries) Not to delete the below!!
Folder Found : C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk (All Norton )
c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
|
Post by highclimber on Nov 23, 2014 21:08:00 GMT -8
# AdwCleaner v4.102 - Report created 23/11/2014 at 21:03:55 # Updated 23/11/2014 by Xplode # Database : 2014-11-23.7 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Steven Coe - STEVENCOE-PC # Running from : C:\Users\Steven Coe\Desktop\AdwCleaner.exe # Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\Driver Support Folder Deleted : C:\Program Files (x86)\SmarterPower Folder Deleted : C:\Program Files (x86)\wse_astromenda Folder Deleted : C:\Program Files (x86)\Driver Support Folder Deleted : C:\Users\STEVEN~1\AppData\Local\Temp\pccustubinstaller Folder Deleted : C:\Users\STEVEN~1\AppData\Local\Temp\SmarterPower Folder Deleted : C:\Users\Steven Coe\AppData\LocalLow\HPAppData Folder Deleted : C:\Users\Steven Coe\AppData\Roaming\DigitalSites Folder Deleted : C:\Users\Steven Coe\AppData\Roaming\pccustubinstaller Folder Deleted : C:\Users\Steven Coe\AppData\Roaming\Systweak Folder Deleted : C:\Users\Steven Coe\AppData\Roaming\wse_astromenda Folder Deleted : C:\Users\Yvette\AppData\LocalLow\HPAppData [x] Not Deleted : C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\Users\Steven Coe\Desktop\MySearchDial.url File Deleted : C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage File Deleted : C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Deleted : C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff [x] Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [x] Not Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : HKCU\Software\dsiteproducts Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\systweak Key Deleted : HKLM\SOFTWARE\InstallIQ Key Deleted : HKLM\SOFTWARE\systweak Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Google Chrome v39.0.2171.65
[C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19&gct=sb&qsrc=2869 [C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Steven Coe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyE0F0Dzy0ByD0CtA0D0DtN0D0Tzu0SyByCtBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1729902661&ir=
*************************
AdwCleaner[R0].txt - [6228 octets] - [23/11/2014 20:48:32] AdwCleaner[S0].txt - [5796 octets] - [23/11/2014 21:03:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5856 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 23, 2014 21:14:14 GMT -8
On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
Click the For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on Posted Image to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Under scan settings, check DON'T (NO)</font></b> check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
Click Advanced settings and select the following: Scan potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. Attach the resulting log in your next reply The scanner screen gives me the option of saving the results to a .txt file as part of the options after the scan has finished. Screenshot of part of the finished scan dialog box by ESET showing the options. List found threats and at the bottom of the listings is the options to save the list. Quads
|
|
|
Post by highclimber on Nov 23, 2014 21:37:43 GMT -8
I opened the link, clicked the BLUE Run ESET Online Scanner botton.
A new window opens. I tick the "Yes . I accept the terms of use", I hit the green START button and the window goes blank with a box at the bottom that reads:
"an add on for this website failed to run"
Is there something that I need to change for my security settings with IE
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 23, 2014 21:40:03 GMT -8
It is the IE Popup Blocker / ActiveX you need to add the address to the popup blocker to allow it through, Or use Firefox / Chrome
Quads
|
|
|
Post by highclimber on Nov 24, 2014 18:57:43 GMT -8
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\5eeb83d096ea4249942c64.dll.vir Win64/BrowseFox.C potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\SmarterPower.BrowserAdapter64.exe.vir Win64/BrowseFox.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\{5eeb83d0-96ea-4249-942c-beead6847053}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\{5eeb83d0-96ea-4249-942c-beead6847053}64.dll.vir Win64/BrowseFox.D potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Users\Steven Coe\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application C:\Users\Steven Coe\AppData\Local\Temp\ASK29D7.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application C:\Users\Steven Coe\AppData\Local\Temp\194104556.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application C:\Users\Steven Coe\AppData\Local\Temp\194167440.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application C:\Users\Steven Coe\AppData\Local\Temp\194220667.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application C:\Users\Steven Coe\AppData\Local\Temp\3290\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L984EFC7\khdxvvmee1[1].htm JS/Exploit.Agent.NHV trojan C:\Users\Steven Coe\AppData\Local\Temp\is357113909\192717964_stp\Mysearchdial.exe a variant of Win32/Toolbar.Funmoods.D potentially unwanted application C:\Users\Steven Coe\AppData\Local\Temp\is357113909\192718041_stp\RightSurfSetup.exe Win32/BrowseFox.C potentially unwanted application C:\Users\Steven Coe\AppData\Local\Temp\is357113909\192718126_stp\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application C:\Users\Steven Coe\Downloads\mplayer_freely_d157223.exe a variant of Win32/InstallIQ.A potentially unwanted application
|
|
|
Post by highclimber on Nov 24, 2014 19:03:02 GMT -8
I ticked the Uninstall box but haven't clicked "finish" yet. Wanted to make sure that this is what you were after.
|
|