Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast - Malwarebytes 'Malicious Website Blocked' 20 in 2 minutes


  • Please log in to reply
5 replies to this topic

#1 Hans19

Hans19

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 21 June 2015 - 02:51 PM

   

On net (several pages opened) when Avast started reporting 'Malicious Website Blocked'

on sites I usually don't open like 'best classic fails' 'best motorcycle fails' 'picture girls wish they never posted'

 

Received 20 Avast messages in 2 minutes

 

Malwarebytes also reported Malicious Website Blocked

 

BLOCKED WEB PAGES had the same

 

PROCESS: C:\Windows\SysWOW64\dllhost.exe

 

PORTS all had same

49258

51039

51048

URL

195.2.240.67

or

95.215.1.40

 

OS WINDOWS 7 64 SP1 all updates

IE MS 11

 

steps already taken

 

1. FULL SCAN  with box checked for rootkit

    Avast AV free and Malwarebytes results nothing found

2. Ran MS System File Checker

3.  MS Malicious software remover

 

Rebooted computer and opened browser no more 'Malicious Website Blocked' reports but I don't see what was done to resolve issue C:\Windows\SysWOW64\dllhost.exe from trying to open webpages or know if I still have a problem.

 



BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 AM

Posted 21 June 2015 - 07:27 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 Hans19

Hans19
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 June 2015 - 09:38 PM

InadequateInfirmity;

 

I may not have followed the direction correctly -- I can go back and redo the entire process if needed.

 

Thank you for your assistance.

 

 

MWAV LOG, ZEMANA LOG, JUNKWARE LOG, ADWCLEANER LOG

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
MWAV-LOG
21 Jun 2015 21:10:52 [19f0] - **********************************************************
21 Jun 2015 21:10:52 [19f0] - MWAV - eScanAV AntiVirus Toolkit.
21 Jun 2015 21:10:52 [19f0] - Copyright © MicroWorld Technologies
21 Jun 2015 21:10:52 [19f0] - **********************************************************
21 Jun 2015 21:10:52 [19f0] - Source: C:\Users\SSD120~1\DOWNLO~1\BLEEPI~1\mwav\mwav.exe
21 Jun 2015 21:10:52 [19f0] - Version 14.0.178 (C:\USERS\SSD120TEST_3-2015\APPDATA\LOCAL\TEMP\MEXE.COM)
21 Jun 2015 21:10:52 [19f0] - Log File: C:\Users\SSD120test_3-2015\AppData\Local\Temp\MWAV.LOG
21 Jun 2015 21:10:52 [19f0] - MWAV Registered: TRUE
21 Jun 2015 21:10:52 [19f0] - User Account: SSD120test_3-2015 (Administrator Mode)
21 Jun 2015 21:10:52 [19f0] - OS Type: Windows Workstation [InstallType: Client]
21 Jun 2015 21:10:52 [19f0] - OS: Windows 7 64-Bit [OS Install Date: 08 Mar 2015 10:19:55]
21 Jun 2015 21:10:52 [19f0] - Ver: Professional Service Pack 1 (Build 7601)
21 Jun 2015 21:10:52 [19f0] - System Up Time: 13 Hours, 30 Minutes, 59 Seconds

21 Jun 2015 21:10:52 [19f0] - Parent Process Name : C:\Users\SSD120test_3-2015\Downloads\BLEEPING COMPUTERS RECOMMENDATIONS\mwav\mwav.exe
21 Jun 2015 21:10:52 [19f0] - Windows Root  Folder: C:\Windows
21 Jun 2015 21:10:52 [19f0] - Windows Sys32 Folder: C:\Windows\system32
21 Jun 2015 21:10:52 [19f0] - DHCP NameServer: 75.75.75.75 75.75.76.76
21 Jun 2015 21:10:52 [19f0] - Interface0 DHCPNameServer: 75.75.75.75 75.75.76.76
21 Jun 2015 21:10:52 [19f0] - Local Fixed Drives: c:\,e:\
21 Jun 2015 21:10:52 [19f0] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
21 Jun 2015 21:10:52 [19f0] - [CREATED ZIP FILE: C:\Users\SSD120test_3-2015\AppData\Local\Temp\pinfect.zip]
21 Jun 2015 21:10:52 [19f0] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
21 Jun 2015 21:10:54 [19f0] - ** Changed Value of "Path"
21 Jun 2015 21:10:54 [19f0] - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "ChromeHTML" to "htmlfile"
21 Jun 2015 21:10:54 [19f0] - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "ChromeHTML" to "htmlfile"
21 Jun 2015 21:10:55 [19f0] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\SSD120test_3-2015\AppData\Local\Temp\ESCANDB.LOG]
21 Jun 2015 21:10:55 [19f0] - Loaded/Created FileScan Cache Database...
21 Jun 2015 21:10:55 [19f0] - Loading AV Library [DB]...
21 Jun 2015 21:11:10 [19f0] - ArchiveScan: DISABLED
21 Jun 2015 21:11:10 [19f0] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
21 Jun 2015 21:11:10 [19f0] - MWAV doing self scanning...
21 Jun 2015 21:11:10 [19f0] - MWAV files are clean.
21 Jun 2015 21:11:15 [19f0] - ArchiveScan: DISABLED
21 Jun 2015 21:11:15 [19f0] - Virus Database Date: 02 Mar 2015
21 Jun 2015 21:11:15 [19f0] - Virus Database Count: 6701505
21 Jun 2015 21:11:15 [19f0] - Sign Version: 7.59505 [518257]
21 Jun 2015 21:12:00 [19f0] - ArchiveScan: ENABLED
21 Jun 2015 21:12:01 [19f0] - ArchiveScan: DISABLED
 
21 Jun 2015 21:12:20 [19f0] - **********************************************************
21 Jun 2015 21:12:20 [19f0] - MWAV - eScanAV AntiVirus Toolkit.
21 Jun 2015 21:12:20 [19f0] - Copyright © MicroWorld Technologies
21 Jun 2015 21:12:20 [19f0] -
21 Jun 2015 21:12:20 [19f0] - Support: support@escanav.com
21 Jun 2015 21:12:20 [19f0] - Web: http://www.escanav.com
21 Jun 2015 21:12:20 [19f0] - **********************************************************
21 Jun 2015 21:12:20 [19f0] - Version 14.0.178[DB] (C:\USERS\SSD120TEST_3-2015\APPDATA\LOCAL\TEMP\MEXE.COM)
21 Jun 2015 21:12:20 [19f0] - Log File: C:\Users\SSD120test_3-2015\AppData\Local\Temp\MWAV.LOG
21 Jun 2015 21:12:20 [19f0] - User Account: SSD120test_3-2015 (Administrator Mode)
21 Jun 2015 21:12:20 [19f0] - Parent Process Name : C:\Users\SSD120test_3-2015\Downloads\BLEEPING COMPUTERS RECOMMENDATIONS\mwav\mwav.exe
21 Jun 2015 21:12:20 [19f0] - Windows Root  Folder: C:\Windows
21 Jun 2015 21:12:20 [19f0] - Windows Sys32 Folder: C:\Windows\system32
21 Jun 2015 21:12:20 [19f0] - OS: Windows 7 64-Bit [OS Install Date: 08 Mar 2015 10:19:55]
21 Jun 2015 21:12:20 [19f0] - Ver: Professional Service Pack 1 (Build 7601)
21 Jun 2015 21:12:20 [19f0] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
21 Jun 2015 21:12:20 [07ac] - Options Selected by User:
21 Jun 2015 21:12:20 [07ac] - Memory Check: Enabled
21 Jun 2015 21:12:20 [07ac] - Registry Check: Enabled
21 Jun 2015 21:12:20 [07ac] - StartUp Folder Check: Enabled
21 Jun 2015 21:12:20 [07ac] - System Folder Check: Enabled
21 Jun 2015 21:12:20 [07ac] - Services Check: Enabled
21 Jun 2015 21:12:20 [07ac] - Scan Spyware: Enabled
21 Jun 2015 21:12:20 [07ac] - Scan Archives: Disabled
21 Jun 2015 21:12:20 [07ac] - Drive Check: Enabled
21 Jun 2015 21:12:20 [07ac] - All Drive Check :Disabled
21 Jun 2015 21:12:20 [07ac] - Drive Selected = C:\
21 Jun 2015 21:12:20 [07ac] - Folder Check: Disabled
21 Jun 2015 21:12:20 [07ac] - SCAN: All_Files [ANSI]
21 Jun 2015 21:12:20 [07ac] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
21 Jun 2015 21:12:20 [07ac] - Scanning DNS Records...
21 Jun 2015 21:12:20 [07ac] - Scanning Master Boot Record (User)...
21 Jun 2015 21:12:20 [07ac] - Scanning Logical Boot Records...
21 Jun 2015 21:12:20 [07ac] - ***** Scanning For Hidden Rootkit Processes *****
21 Jun 2015 21:12:20 [07ac] - ***** Scanning For Hidden Rootkit Services *****
 
21 Jun 2015 21:12:21 [07ac] - ***** Scanning Memory Files *****
 
21 Jun 2015 21:12:23 [07ac] - ***** Scanning Registry Files *****
 
21 Jun 2015 21:12:24 [07ac] - ***** Scanning StartUp Folders *****
 
21 Jun 2015 21:12:27 [07ac] - ***** Scanning Service Files *****
21 Jun 2015 21:12:39 [07ac] - ERROR(2)!!! Invalid Entry \??\C:\Windows\system32\DRIVERS\NDSPCIIO64.SYS. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\NDSPCIIO.
21 Jun 2015 21:12:44 [07ac] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
21 Jun 2015 21:12:48 [07ac] - ***** Scanning Registry and File system for Adware/Spyware *****
21 Jun 2015 21:12:49 [07ac] - Loading Spyware Signatures from new External Database [Name: C:\Users\SSD120~1\AppData\Local\Temp\spydb.avs, Size: 464717]...
21 Jun 2015 21:12:49 [07ac] - Indexed Spyware Databases Successfully Created...
 
 
21 Jun 2015 21:12:50 [07ac] - ***** Scanning Registry Files *****
 
21 Jun 2015 21:12:51 [07ac] - ***** Scanning System32 Folders *****
 
 
21 Jun 2015 21:12:56 [07ac] - ***** Scanning Drive C:\ *****
21 Jun 2015 21:13:19 [1dc4] - Scanning File C:\System Volume Information\{33db2848-16e3-11e5-b9ba-e03f49a34bc7}{3808876b-c176-4e48-b7ae-04046e6cc752}
21 Jun 2015 21:13:19 [1770] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
21 Jun 2015 21:13:19 [05a0] - Scanning File C:\System Volume Information\{ef0614e9-13f0-11e5-84b6-e03f49a34bc7}{3808876b-c176-4e48-b7ae-04046e6cc752}
21 Jun 2015 21:13:19 [1d94] - Scanning File C:\System Volume Information\{ef0614ee-13f0-11e5-84b6-e03f49a34bc7}{3808876b-c176-4e48-b7ae-04046e6cc752}
21 Jun 2015 21:13:19 [137c] - Scanning File C:\System Volume Information\{ef0614ff-13f0-11e5-84b6-e03f49a34bc7}{3808876b-c176-4e48-b7ae-04046e6cc752}
21 Jun 2015 21:13:24 [07ac] - INVALID ATTRIBUTES FOR FOLDER [C:\Users\SSD120test_3-2015\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData]: LastErr: 5. IGNORING.
21 Jun 2015 21:13:24 [07ac] - INVALID ATTRIBUTES FOR FOLDER [C:\Users\SSD120test_3-2015\Documents\audio\Shipping Now! Furutech’s a (Alpha)-OCC Wire-Wound Binding Posts  FURUTECH_files]: LastErr: 2. IGNORING.
21 Jun 2015 21:13:24 [137c] - Scanning File C:\Users\SSD120test_3-2015\Documents\audio\Shipping Now! Furutech’s a (Alpha)-OCC Wire-Wound Binding Posts  FURUTECH.htm
 
21 Jun 2015 21:15:35 [07ac] - ***** Checking for specific ITW Viruses *****
 
21 Jun 2015 21:15:35 [07ac] - ***** Scanning complete. *****
 
21 Jun 2015 21:15:35 [07ac] - Total Objects Scanned: 168968
21 Jun 2015 21:15:35 [07ac] - Total Critical Objects: 0
21 Jun 2015 21:15:35 [07ac] - Total Disinfected Objects: 0
21 Jun 2015 21:15:35 [07ac] - Total Objects Renamed: 0
21 Jun 2015 21:15:35 [07ac] - Total Deleted Objects: 0
21 Jun 2015 21:15:35 [07ac] - Total Errors: 1
21 Jun 2015 21:15:35 [07ac] - Time Elapsed: 00:03:12
21 Jun 2015 21:15:35 [07ac] - Virus Database Date: 02 Mar 2015
21 Jun 2015 21:15:35 [07ac] - Virus Database Count: 6701505
21 Jun 2015 21:15:35 [07ac] - Sign Version: 7.59505 [518257]
 
21 Jun 2015 21:15:35 [07ac] - Scan Completed.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Zemana AntiMalware 2.15.2.721 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/21
Operating System       : Windows 7 64-bit
Processor               : 8X Intel® Xeon® CPU E3-1230 v3 @ 3.30GHz
BIOS Mode             : UEFI
CUID                     : 000E3CC4FE540D46DD1CB2
Scan Type              : Scheduled Scan
Duration                Zemana AntiMalware 2.15.2.721 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/21
Operating System       : Windows 7 64-bit
Processor              : 8X Intel® Xeon® CPU E3-1230 v3 @ 3.30GHz
BIOS Mode              : UEFI
CUID                   : 000E3CC4FE540D46DD1CB2
Scan Type              : Scheduled Scan
Duration               : 2m 55s
Scanned Objects        : 124142
Detected Objects       : 6
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Internet Explorer Homepage
Status             : Scanned
Object             : http://www.npr.org/
MD5                : -
Publisher          : -
Size                : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Homepage

ninja-setup-3.0.6.exe
Status             : Scanned
Object             : %userprofile%\downloads\bleeping computers recommendations\new folder\ninja-setup-3.0.6.exe
MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher          : -
Size                : 2507200
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\bleeping computers recommendations\new folder\ninja-setup-3.0.6.exe

mwav[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\temporary internet files\content.ie5\fu0s4xs0\mwav[1].exe
MD5                : 73CC351679C60AA89BE96D478EDE7EF0
Publisher          : -
Size               : 5556
Version            : -
Detection          : Malware:Win32/Gavin.A!Mktk
Cleaning Action    : Quarantine
Traces             :
                File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\fu0s4xs0\mwav[1].exe

JRT.exe
Status             : Scanned
Object             : %userprofile%\downloads\bleeping computers recommendations\mwav\jrt.exe
MD5                : 7D4D2582898E865A7EEEDDFAC649231A
Publisher          : -
Size                : 2950454
Version            : 7.0.7.0
Detection          : Heur.Malicious!Pb
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\bleeping computers recommendations\mwav\jrt.exe

$R53PO9H.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1044719452-588835563-1470057298-1000\$r53po9h.exe
MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher          : -
Size                : 2507200
Version            : 0.0.0.0
Detection         : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\$recycle.bin\s-1-5-21-1044719452-588835563-1470057298-1000\$r53po9h.exe

Setup_WinThruster_2015.exe
Status             : Scanned
Object             : E:\Setup_WinThruster_2015.exe
MD5                : C7969516D87176867BD5AE772967006F
Publisher          : Solvusoft Corporation
Size               : 3894696
Version            : 1.79.0.0
Detection          : Scareware.Win32/Non.Beneficial.Rogue.WindowsOptimizer!Ep
Cleaning Action    : Quarantine
Traces             :
                File - E:\Setup_WinThruster_2015.exe : 2m 55s
Scanned Objects        : 124142
Detected Objects       : 6
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Internet Explorer Homepage
Status             : Scanned
Object             : http://www.npr.org/
MD5                : -
Publisher          : -
Size                : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Homepage

ninja-setup-3.0.6.exe
Status             : Scanned
Object             : %userprofile%\downloads\bleeping computers recommendations\new folder\ninja-setup-3.0.6.exe
MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher          : -
Size               : 2507200
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\bleeping computers recommendations\new folder\ninja-setup-3.0.6.exe

mwav[1].exe
Status   : Scanned
Object   : %localappdata%\microsoft\windows\temporary internet files\content.ie5\fu0s4xs0\mwav[1].exe
MD5   : 73CC351679C60AA89BE96D478EDE7EF0
Publisher  : -
Size   : 5556
Version  : -
Detection: Malware:Win32/Gavin.A!Mktk
Cleaning Action : Quarantine
Traces              :
                File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\fu0s4xs0\mwav[1].exe

JRT.exe
Status   : Scanned
Object   : %userprofile%\downloads\bleeping computers          recommendations\mwav\jrt.exe
MD5   : 7D4D2582898E865A7EEEDDFAC649231A
Publisher  : -
Size   : 2950454
Version  : 7.0.7.0
Detection  : Heur.Malicious!Pb
Cleaning Action : Quarantine
Traces   :
                File - %userprofile%\downloads\bleeping computers recommendations\mwav\jrt.exe

$R53PO9H.exe
Status   : Scanned
Object   : %homedrive%\$recycle.bin\s-1-5-21-1044719452-588835563-      1470057298-1000\$r53po9h.exe
MD5   : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher  : -
Size   : 2507200
Version  : 0.0.0.0
Detection  : Adware:Win32/OpenCandy
Cleaning Action  : Quarantine
Traces              :
                File - %homedrive%\$recycle.bin\s-1-5-21-1044719452-588835563-1470057298-1000\$r53po9h.exe

Setup_WinThruster_2015.exe
Status   : Scanned
Object   : E:\Setup_WinThruster_2015.exe
MD5   : C7969516D87176867BD5AE772967006F
Publisher  : Solvusoft Corporation
Size   :3894696
Version  :1.79.0.0
Detection  : Scareware.Win32/Non.Beneficial.Rogue.WindowsOptimizer!Ep
Cleaning Action :Quarantine
Traces:
                File - E:\Setup_WinThruster_2015.exe

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ZEMANA LOG
Zemana AntiMalware 2.15.2.721 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/21
Operating System       : Windows 7 64-bit
Processor              : 8X Intel® Xeon® CPU E3-1230 v3 @ 3.30GHz
BIOS Mode              : UEFI
CUID                   : 000E3CC4FE540D46DD1CB2
Scan Type              : Deep Scan
Duration               : 18m 16s
Scanned Objects        : 125867
Detected Objects       : 5
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Internet Explorer Homepage
Status             : Scanned
Object             : http://www.npr.org/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Homepage

mwav[1].exe
Status  : Scanned
Object  : %localappdata%\microsoft\windows\temporary internet files\content.ie5\fu0s4xs0\mwav[1].exe
MD5   : 73CC351679C60AA89BE96D478EDE7EF0
Publisher  : -
Size   : 5556
Version  : -
Detection  : Malware:Win32/Fortif!Mktk
Cleaning Action : Quarantine
Traces:
                File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\fu0s4xs0\mwav[1].exe

ninja-setup-3.0.6.exe
Status              : Scanned
Object              : %userprofile%\downloads\bleeping computers recommendations\ninja-setup-3.0.6.exe
MD5                 : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher           : -
Size                  : 2507200
Version             : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action     : Quarantine
Traces             :
                File - %userprofile%\downloads\bleeping computers recommendations\ninja-setup-3.0.6.exe
ninja-setup-3.0.6.exe
Status              : Scanned
Object              : %userprofile%\downloads\bleeping computers       recommendations\new folder\ninja-setup-3.0.6.exe
MD5                 : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher   : -
Size                 : 2507200
Version             : 0.0.0.0
Detection           : Adware:Win32/OpenCandy
Cleaning Action     : Quarantine
Traces              :
                File - %userprofile%\downloads\bleeping computers recommendations\new folder\ninja-setup-3.0.6.exe

Setup_WinThruster_2015.exe
Status   : Scanned
Object   : E:\Setup_WinThruster_2015.exe
MD5    : C7969516D87176867BD5AE772967006F
Publisher   : Solvusoft Corporation
Size    : 3894696
Version   : 1.79.0.0
Detection   : Scareware.Win32/Non.Beneficial.Rogue.WindowsOptimizer!Ep
Cleaning Action : Quarantine
Traces:
                File - E:\Setup_WinThruster_2015.exe
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Zemana AntiMalware 2.15.2.721 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/21
Operating System       : Windows 7 64-bit
Processor               : 8X Intel® Xeon® CPU E3-1230 v3 @ 3.30GHz
BIOS Mode             : UEFI
CUID                     : 000E3CC4FE540D46DD1CB2
Scan Type              : Scheduled Scan
Duration                Zemana AntiMalware 2.15.2.721 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/21
Operating System       : Windows 7 64-bit
Processor              : 8X Intel® Xeon® CPU E3-1230 v3 @ 3.30GHz
BIOS Mode              : UEFI
CUID                   : 000E3CC4FE540D46DD1CB2
Scan Type              : Scheduled Scan
Duration               : 2m 55s
Scanned Objects        : 124142
Detected Objects       : 6
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Internet Explorer Homepage
Status             : Scanned
Object             : http://www.npr.org/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Homepage

ninja-setup-3.0.6.exe
Status             : Scanned
Object             : %userprofile%\downloads\bleeping computers recommendations\new folder\ninja-setup-3.0.6.exe
MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher          : -
Size               : 2507200
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\bleeping computers recommendations\new folder\ninja-setup-3.0.6.exe

mwav[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\temporary internet files\content.ie5\fu0s4xs0\mwav[1].exe
MD5                : 73CC351679C60AA89BE96D478EDE7EF0
Publisher          : -
Size               : 5556
Version            : -
Detection          : Malware:Win32/Gavin.A!Mktk
Cleaning Action    : Quarantine
Traces             :
                File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\fu0s4xs0\mwav[1].exe

JRT.exe
Status             : Scanned
Object             : %userprofile%\downloads\bleeping computers recommendations\mwav\jrt.exe
MD5                : 7D4D2582898E865A7EEEDDFAC649231A
Publisher          : -
Size               : 2950454
Version            : 7.0.7.0
Detection          : Heur.Malicious!Pb
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\bleeping computers recommendations\mwav\jrt.exe

$R53PO9H.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1044719452-588835563-1470057298-1000\$r53po9h.exe
MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher          : -
Size               : 2507200
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\$recycle.bin\s-1-5-21-1044719452-588835563-1470057298-1000\$r53po9h.exe

Setup_WinThruster_2015.exe
Status             : Scanned
Object             : E:\Setup_WinThruster_2015.exe
MD5                : C7969516D87176867BD5AE772967006F
Publisher          : Solvusoft Corporation
Size               : 3894696
Version            : 1.79.0.0
Detection          : Scareware.Win32/Non.Beneficial.Rogue.WindowsOptimizer!Ep
Cleaning Action    : Quarantine
Traces             :
                File - E:\Setup_WinThruster_2015.exe : 2m 55s
Scanned Objects        : 124142
Detected Objects       : 6
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Internet Explorer Homepage
Status             : Scanned
Object             : http://www.npr.org/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Homepage

ninja-setup-3.0.6.exe
Status             : Scanned
Object             : %userprofile%\downloads\bleeping computers recommendations\new folder\ninja-setup-3.0.6.exe
MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher          : -
Size               : 2507200
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\bleeping computers recommendations\new folder\ninja-setup-3.0.6.exe

mwav[1].exe
Status   : Scanned
Object   : %localappdata%\microsoft\windows\temporary internet files\content.ie5\fu0s4xs0\mwav[1].exe
MD5   : 73CC351679C60AA89BE96D478EDE7EF0
Publisher  : -
Size   : 5556
Version  : -
Detection: Malware:Win32/Gavin.A!Mktk
Cleaning Action : Quarantine
Traces              :
                File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\fu0s4xs0\mwav[1].exe

JRT.exe
Status   : Scanned
Object   : %userprofile%\downloads\bleeping computers          recommendations\mwav\jrt.exe
MD5   : 7D4D2582898E865A7EEEDDFAC649231A
Publisher  : -
Size   : 2950454
Version  : 7.0.7.0
Detection  : Heur.Malicious!Pb
Cleaning Action : Quarantine
Traces   :
                File - %userprofile%\downloads\bleeping computers recommendations\mwav\jrt.exe

$R53PO9H.exe
Status   : Scanned
Object   : %homedrive%\$recycle.bin\s-1-5-21-1044719452-588835563-      1470057298-1000\$r53po9h.exe
MD5   : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher  : -
Size   : 2507200
Version  : 0.0.0.0
Detection  : Adware:Win32/OpenCandy
Cleaning Action  : Quarantine
Traces              :
                File - %homedrive%\$recycle.bin\s-1-5-21-1044719452-588835563-1470057298-1000\$r53po9h.exe

Setup_WinThruster_2015.exe
Status   : Scanned
Object   : E:\Setup_WinThruster_2015.exe
MD5   : C7969516D87176867BD5AE772967006F
Publisher  : Solvusoft Corporation
Size   :3894696
Version  :1.79.0.0
Detection  : Scareware.Win32/Non.Beneficial.Rogue.WindowsOptimizer!Ep
Cleaning Action :Quarantine
Traces:
                File - E:\Setup_WinThruster_2015.exe

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# ADWCLEANER log
# AdwCleaner v4.207 - Logfile created 21/06/2015 at 23:11:11
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : SSD120test_3-2015 - TEST3-2015
# Running from : C:\Users\SSD120test_3-2015\Downloads\BLEEPING COMPUTERS RECOMMENDATIONS\mwav\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\SSD120test_3-2015\AppData\Roaming\ParetoLogic

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.124

*************************

AdwCleaner[R0].txt - [1185 bytes] - [21/06/2015 23:00:40]
AdwCleaner[R1].txt - [1244 bytes] - [21/06/2015 23:09:57]
AdwCleaner[S0].txt - [1136 bytes] - [21/06/2015 23:11:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1195  bytes] ##########

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

JUNKWARE LOG
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.7 (06.21.2015:2)
OS: Windows 7 Professional x64
Ran by SSD120test_3-2015 on Sun 06/21/2015 at 22:51:19.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\paretologic\regcure pro
Successfully deleted: [Folder] C:\Users\SSD120test_3-2015\AppData\Roaming\paretologic\regcure pro

~~~ Chrome

[C:\Users\SSD120test_3-2015\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\SSD120test_3-2015\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\SSD120test_3-2015\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\SSD120test_3-2015\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/21/2015 at 22:53:24.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 AM

Posted 22 June 2015 - 10:46 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#5 Hans19

Hans19
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 28 June 2015 - 03:58 PM

Regarding:

 

Step 2: ZHP Cleaner.

web page is in French and I just don't see the download link.

 

Out of curiosity is there anything in the logs I've sent that indicates that I still have a possible problem.

 

per my original post

 

steps already taken

 

1. FULL SCAN  with box checked for rootkit

    Avast AV free and Malwarebytes results nothing found

2. Ran MS System File Checker

3.  MS Malicious software remover

 

Rebooted computer and opened browser no more 'Malicious Website Blocked' reports but I don't see what was done to resolve issue C:\Windows\SysWOW64\dllhost.exe from trying to open webpages or know if I still have a problem.

 

Also I forgot that I first ran CCleaner then

 

MS System File Checker and MS Malicious software

 

 

Is there anything in the log files I sent that indicate I still may have a problem?

 

Any explanation as to what happened?

 

That is I acquired infection of the Windows\SysWOW64\dllhost.exe that was issuing a command to open specific web pages.

inetnum:        195.2.240.0 - 195.2.241.255
netname:        PIN-NET
descr:          Petersburg Internet Network ltd.
country:        RU

 

Am I correct that this was an attempt to establish a direct (hidden) connection to my computer?

 

and that the ports

49258

51039

51048

are only used for that specific purpose?

 

 

 



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 AM

Posted 28 June 2015 - 04:42 PM

SUCnPeo.png

 

The image above on the site is what you click to download, please continue all scans.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users