Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

http://your-home-page.net


  • Please log in to reply
18 replies to this topic

#1 Soulamiss

Soulamiss

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 28 July 2015 - 07:40 PM

My homepage has been hijacked by hxxp://your-home-page.net/?ssid=1437860075. I've followed all the steps from http://malwaretips.com/blogs/remove-your-home-page-net/ and it got rid of a lot of items connected to it but my homepage still won't change. Can someone guide me through some other steps I could take?

Edited by computerxpds, 28 July 2015 - 07:43 PM.
Deactivated link so it cannot accidentally be clicked


BC AdBot (Login to Remove)

 


#2 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 29 July 2015 - 05:29 AM

Hello,
 
please download MiniToolBox by Farbar and save it to your desktop.
 
Run tool as Administrator and make sure that these options are checked :
 
  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List Installed Programs
 
Post log here .
 
Step 2
 
Download TFC by OldTimer and save it to your desktop.
 
Run it as Administrator and click on Start button.
 
If programs need reboot, allow it to do so.
 
NOTE: IF your desktop disappears, don't panic, it's normal.
 
Step 3
 
Download AdwCleaner by Xplode and save it to your desktop.
 
Run tool as Administrator, accept terms of usage, and wait while database is updating.
 
After it's done with updating, click Scan button and wait while it's scanning.
 
All found items remove by clicking on Cleaning button, and allow tool to restart.
 
After restart will make a log which you will attach or paste in your reply.
 
Step 4
 
Scan with Zemana Antimalware
 
Download Zemana Antimalware and install it on your system.
 
Under Scan type choose Full Scan and let the tool scan system.
 
If malware is found click Next to remove it, if tool asks for restart, allow it .
 
If no malware is found , just exit program.
 
NOTE: Leave actions at default.
 
Step 5
 
Scan with Malwarebytes AntiRootkit
 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.
 
Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.

 

 

Attach log here.



#3 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 31 July 2015 - 05:58 PM

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Owner (administrator) on 31-07-2015 at 17:58:03
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Studio XPS 435T/9000 Manufacturer: DELL Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.15 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{8180004F-8861-8051-87FE-C892A27A9AFB}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Data Recovery Pro (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 2.1.1.0 - ParetoLogic, Inc.)
Dell Dock (HKLM\...\{C73A3942-84C8-4597-9F9B-EE227DCBA758}) (Version: 2.0 - Stardock Corporation) Hidden
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Google Chrome (HKLM-x32\...\{93AC3E1B-6EB7-3F2E-A187-CE742EF09CCD}) (Version: 66.65.49242 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.13.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

**** End of log ****



#4 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 01 August 2015 - 01:37 AM

I also need logs from other tools.



#5 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 01 August 2015 - 01:18 PM

# AdwCleaner v4.208 - Logfile created 01/08/2015 at 13:12:46
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

***** [ Scheduled tasks ] *****

Task Deleted : paretologic registration3
Task Deleted : paretologic update version3
Task Deleted : ParetoLogic Update Version3 Startup Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\uus3url-pl
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\data-recovery-pro.en.softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.driverupdate.net

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909

-\\ Mozilla Firefox v39.0 (x86 en-US)

-\\ Google Chrome v44.0.2403.125

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://start.iminent.com/?appId=4797ee70-48c8-452e-b852-936c503f7cdb

*************************

AdwCleaner[R0].txt - [1228 bytes] - [13/07/2015 13:16:34]
AdwCleaner[R1].txt - [3350 bytes] - [26/07/2015 16:23:11]
AdwCleaner[R2].txt - [1146 bytes] - [28/07/2015 17:21:38]
AdwCleaner[R3].txt - [2223 bytes] - [01/08/2015 13:00:13]
AdwCleaner[S0].txt - [3331 bytes] - [26/07/2015 16:30:58]
AdwCleaner[S1].txt - [1213 bytes] - [28/07/2015 17:22:12]
AdwCleaner[S2].txt - [2133 bytes] - [01/08/2015 13:12:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2192  bytes] ##########



#6 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 01 August 2015 - 01:29 PM

How is the situation now ?



#7 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 01 August 2015 - 05:44 PM

Better. Not fixed. Sorry, I'm doing this as I can. Been running Zemana for quite some time.



#8 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 01 August 2015 - 07:23 PM

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.08.01.06
  rootkit: v2015.07.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
Owner :: OWNER-PC [administrator]

8/1/2015 6:45:35 PM
mbar-log-2015-08-01 (18-45-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 357076
Time elapsed: 13 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#9 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 02 August 2015 - 02:15 AM

Try to reset your browser settings with Avast! Browser Cleanup

 

You have reset settings in bottom :

 

browser-cleanup-gui.png



#10 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 02 August 2015 - 12:14 PM

Ok, I've done it all now. Seems to be ok.



#11 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 02 August 2015 - 12:18 PM

If everything is good, do last step and you're done :)

 

Download Delfix by Xplode and save it to your desktop.

 

Make sure that these are checked :

 

  • Remove disinfection tools
  • Reset system settings
  • Purge system restore 

Click Run and log attach in your reply .

 

==========================================

 

Recommended software :

 

  • Macrium Reflect - Backup and restore your PC in case of disaster.
  • Unchecky - Unchecks unwanted stuff during installations.
  • Secunia PSI - Scans for outdated software and helps you to update them.


#12 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 02 August 2015 - 12:31 PM

I'm getting this: http://link446.com/sup/arr8a_cir9a/cc001/lp/?ubn=MSIE&kw=nokws&aid=12254&cid=eit19f&lp=jlp2d&sxid=qv88764u35uu

 

When I click on links occasionally. It pops up and covers the link I've actually clicked.



#13 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 02 August 2015 - 12:40 PM

Just to let you know in future do not post malicious links in reply, post a screenshot instead.

 

Since you have Malwarebytes installed, update it and run a Threat Scan.



#14 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 02 August 2015 - 01:04 PM

# DelFix v10.8 - Logfile created 02/08/2015 at 12:55:42
# Updated 29/07/2014 by Xplode
# Username : Owner - OWNER-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Owner\Desktop\mbar
Deleted : C:\Users\Owner\Desktop\adwcleaner_4.208.exe
Deleted : C:\Users\Owner\Desktop\JRT.exe
Deleted : C:\Users\Owner\Desktop\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #58 [Revo Uninstaller's restore point - TomorrowGames | 07/25/2015 21:52:42]
Deleted : RP #59 [JRT Pre-Junkware Removal | 07/26/2015 21:38:18]
Deleted : RP #60 [JRT Pre-Junkware Removal | 07/26/2015 22:14:27]
Deleted : RP #61 [Windows Update | 07/28/2015 09:23:36]
Deleted : RP #62 [Checkpoint by HitmanPro | 07/28/2015 21:37:15]
Deleted : RP #63 [Checkpoint by HitmanPro | 07/28/2015 21:38:06]
Deleted : RP #64 [Installed ParetoLogic Data Recovery. | 07/29/2015 00:31:51]
Deleted : RP #65 [Windows Update | 07/29/2015 08:00:10]
Deleted : RP #66 [Windows Update | 08/01/2015 18:27:52]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########



#15 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 02 August 2015 - 01:10 PM

How is situation now ?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users