Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 infected with browser hijacking malware


  • Please log in to reply
22 replies to this topic

#1 sj3vans

sj3vans

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 AM

Posted 27 November 2013 - 01:21 PM

Computer seems to be infected with something that displays ads in the browser, to the left and right of any web page, and also pops up messages to clean registry and do backups, etc.  Disabled several browser extensions but they keep coming back and search page keeps changing to conduit.  Please help!



BC AdBot (Login to Remove)

 


#2 sj3vans

sj3vans
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 AM

Posted 27 November 2013 - 03:48 PM

We ran a scan using Windows Defender and it found Worm:win32/Gamarue and says it removed it.  However, when I run IE, I see one add-in I can't disable called Deal Slider BHO by Smart Apps.



#3 sj3vans

sj3vans
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 AM

Posted 27 November 2013 - 04:59 PM

I'm helping my sister in-law and need to work on it I saw where some people had used MalwareBytes to start with so I downloaded that and ran it.  It was ugly!  1600 items infected.  I removed them, but even though it says its clean, I bet it missed some.  Here's what It found:  MySearchDial, RegCleanPro, ScorpionSaver, Wajam, SmartBar, DealSlider, PCSpeed, AdvancedSystemProtector, Searchprotect, DefaultTab

 

I'm running a full scan now but I'd love some help figuring out if its clean.



#4 sj3vans

sj3vans
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 AM

Posted 27 November 2013 - 05:05 PM

Well, I opened IE and it still has the DealSlider BHO but now there is another that I can't remove.  Help!!



#5 sj3vans

sj3vans
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 AM

Posted 30 November 2013 - 03:35 PM

I scanned with MalwareBytes again today and it found and cleaned 7 occurrences of PUP.Optional.Wajam.A.  What should I do to get rid of this thing?



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 AM

Posted 30 November 2013 - 09:36 PM

Hello and sorry that you were missed -

If you have any questions, please stop and ask them at any time -

 

Note - There are some programs that are still being updated for Win 8.1.

 

We will try a few that should work now -

First run this Fix it that should help  http://support.microsoft.com/Mats/Program_Install_and_Uninstall/

 

Next - The first tool is to stop infections if it can, and the second is to clean out many minor infections.

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

 

Important: Do not reboot your computer until you complete the next step.

 

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
+ Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next - Update your Malwarebytes Anti-Malware program.

* Select Perform Full Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer if required after you post the log.

 

Next -

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virus
This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3 in this post
1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- a - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
- b - Double click on the ESET icon on your desktop.

Windows 7 & 8 users may need to Right click and select Run as administrator

4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as this will take some time (first time scans are always longer).
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
 

If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.

 

Thank You -



#7 sj3vans

sj3vans
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 AM

Posted 01 December 2013 - 08:24 AM

Thanks!  I tried the first link but as you said, some programs do not yet work with Windows 8.1.  It says "We're sorry, but your operating system is not supported by Microsoft Fix it at this time.



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 AM

Posted 01 December 2013 - 03:52 PM

Please continue with all of the other programs as listed.

The first link is direct from Microsoft, while the others are not -

 

Now we know who is the slowest at adapting tools -

 

Thanks -


Edited by noknojon, 01 December 2013 - 03:54 PM.


#9 sj3vans

sj3vans
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 AM

Posted 02 December 2013 - 04:27 PM

Thanks.  I post each step as I go unless you would rather I wait and post them all together.  Here is RKill output:

 

Rkill 2.6.3 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/02/2013 04:24:06 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Owner\Desktop\rkill\rkill-12-02-2013-04-24-11.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * AllUserInstallAgent [Missing Service]
 * SDRSVC [Missing Service]
 * adp94xx [Missing Service]
 * adpahci [Missing Service]
 * adpu320 [Missing Service]
 * arc [Missing Service]
 * AsyncMac [Missing Service]
 * discache [Missing Service]
 * HdAudAddService [Missing Service]
 * iirsp [Missing Service]
 * LSI_SCSI [Missing Service]
 * nfrd960 [Missing Service]
 * PptpMiniport [Missing Service]
 * RasAgileVpn [Missing Service]
 * Rasl2tp [Missing Service]
 * RasSstp [Missing Service]
 * Wanarp [Missing Service]
 * Wanarpv6 [Missing Service]
 * Wd [Missing Service]
 * AppMgmt [Missing Service]
 * CSC [Missing Service]
 * CscService [Missing Service]
 * PeerDistSvc [Missing Service]
 
 * SystemEventsBroker => %SystemRoot%\system32\svchost.exe -k DcomLaunch [Incorrect ImagePath]
 * WSService => %SystemRoot%\System32\svchost.exe -k wsappx [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 12/02/2013 04:24:41 PM
Execution time: 0 hours(s), 0 minute(s), and 35 seconds(s)


#10 sj3vans

sj3vans
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 AM

Posted 02 December 2013 - 04:47 PM

Here is AdwCleaner:

 

# AdwCleaner v3.014 - Report created 02/12/2013 at 16:36:17
# Updated 01/12/2013 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Owner - ACERA5600U
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Application Updater
[#] Service Deleted : Level Quality Watcher
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\SearchMe Toolbar
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Owner\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Owner\AppData\Local\Wajam
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Owner\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Owner\AppData\Roaming\Systweak
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\WINDOWS\SysWOW64\AdpeakProxy.ini
File Deleted : C:\WINDOWS\SysWOW64\AdpeakProxyOff.ini
File Deleted : C:\WINDOWS\System32\AdpeakProxy.ini
File Deleted : C:\WINDOWS\System32\AdpeakProxyOff.ini
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Users\Owner\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\WINDOWS\Tasks\MySearchDial.job
File Deleted : C:\WINDOWS\System32\Tasks\MySearchDial
File Deleted : C:\WINDOWS\System32\Tasks\RegClean Pro
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B9C767DD-F66A-40B4-8F12-4199A9A4393C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B9C767DD-F66A-40B4-8F12-4199A9A4393C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B9C767DD-F66A-40B4-8F12-4199A9A4393C}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Vittalia
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [9481 octets] - [02/12/2013 16:35:30]
AdwCleaner[S0].txt - [8889 octets] - [02/12/2013 16:36:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8949 octets] ##########


#11 sj3vans

sj3vans
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 AM

Posted 02 December 2013 - 05:32 PM

Here is Malwarebytes full scan results:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.02.10
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16438
Owner :: ACERA5600U [administrator]
 
Protection: Enabled
 
12/2/2013 4:48:34 PM
mbam-log-2013-12-02 (16-48-34).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 375102
Time elapsed: 42 minute(s), 40 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#12 sj3vans

sj3vans
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 AM

Posted 02 December 2013 - 07:01 PM

And finally the ESET Scan:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe.vir a variant of Win64/Toolbar.Widgi.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchMe Toolbar\IE\8.3\searchmeToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap a variant of Win32/Speedchecker.A application deleted - quarantined
C:\Users\Owner\AppData\Roaming\0V1L2Z2Z1T1I1L1T\Microsoft Security Essentials Packages\uninstaller.exe Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Windows\Installer\3ba96c7.msi multiple threats deleted - quarantined
 
 
That's it...please let me know what to do next.  Thanks!


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 AM

Posted 02 December 2013 - 08:34 PM

Hi -

First -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

Then please tell me how the computer is running -

 

Thanks -



#14 sj3vans

sj3vans
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 AM

Posted 02 December 2013 - 09:21 PM

Below are the results of Screen317.  As for how its running.  It seems good now, but when I look in IE under Manage Add-ons, there is one "enabled" called Deal Slider BHO which I cannot disable.  That worries me.

 

 Results of screen317's Security Check version 0.99.77  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Reader XI  
 Google Chrome 30.0.1599.101  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:53 AM

Posted 02 December 2013 - 09:30 PM

Deal Slider BHO is very similar to your first listed problem (PUP Adware)

If it will not uninstall from Control Panel > Uninstall a Program, try REVO uninstaller -

 

1) First we download it from here: Revo Uninstaller Free Version.  You can skip this Step if you already have it installed.  However, you may need to update it.  If you have it installed already, and you need to update it, go ahead and open it up and click the AutoUpdate Icon next to Help.  The use of this program makes registry changes based upon what you select for removal from the Registry.  Before running Revo Uninstaller please run ERUNT before proceeding to back up your registry in case you make a mistake.
 
2) Select the Program to remove from the list of programs and click the Uninstall button: 


revo_list_of_programs.png

  
 
3) After selecting the program you want to remove, and confirming you want to uninstall the program, then you will want to select the Advanced Option: 

methods_of_removal.png

 
4) Click Next. This will start the uninstaller for the application you picked.  When the uninstaller is done, and it proves to be successful, and a reboot is required, then select NO and continue the below steps.
 
5) Follow the prompts during the uninstallation of the application.  Once it closes you will be at this window: 

continue_uninstallation_of_application.p

 
6) Click Next again. Once the window is done scanning for files and other things that did not get removed, you will be presented with this window:

registry_settings_left_behind.png

.  
 
You will want to select only the bolded items, then click on Delete. If any entries-usually the last thing listed and not in bold-have a + sign click on the + until you see more bolded items.  Once done, click Next.
 
If it asks you to delete other files, then do so, but pay attention to the warnings.

 

 

Thanks -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users