Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Powelik and AdClicker malware/COM Surrogate issue
Message
<blockquote data-quote="ds7782" data-source="post: 284914" data-attributes="member: 29561"><p>Hi, TwinHeadedEagle,</p><p></p><p>Thanks for the quick reply.</p><p></p><p>I've finished the three scans. Fixlog.txt is attached.</p><p></p><p>Here is the contents of AdwCleaner[S0].txt:</p><p></p><p># AdwCleaner v4.001 - Report created 26/10/2014 at 13:17:30</p><p># DB v2014-10-26.2</p><p># Updated 20/10/2014 by Xplode</p><p># Operating System : Windows 8 (64 bits)</p><p># Username : DES - HP_ENVY_11_2012</p><p># Running from : C:\Users\DES\Desktop\AdwCleaner.exe</p><p># Option : Clean</p><p></p><p>***** [ Services ] *****</p><p></p><p></p><p>***** [ Files / Folders ] *****</p><p></p><p>Folder Deleted : C:\Users\CAS\AppData\Local\Browsersafeguard</p><p>Folder Deleted : C:\ProgramData\NCH Software</p><p>Folder Deleted : C:\Users\CAS\AppData\Roaming\NCH Software</p><p>Folder Deleted : C:\Users\CAS\AppData\Local\Speedial</p><p>Folder Deleted : C:\Users\CAS\AppData\Local\CrashRpt</p><p>File Deleted : C:\Users\Public\Desktop\eBay.lnk</p><p>File Deleted : C:\Users\CAS\AppData\Roaming\Mozilla\Firefox\Profiles\53teacw9.default\searchplugins\safesearch.xml</p><p>File Deleted : C:\Users\CAS\AppData\Roaming\Mozilla\Firefox\Profiles\53teacw9.default\searchplugins\Speedial.xml</p><p>File Deleted : C:\Users\CAS\AppData\Roaming\Mozilla\Firefox\Profiles\53teacw9.default\user.js</p><p>File Deleted : C:\Users\CAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_<a href="http://www.superfish.com_0.localstorage" target="_blank">www.superfish.com_0.localstorage</a></p><p>File Deleted : C:\Users\CAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_<a href="http://www.superfish.com_0.localstorage-journal" target="_blank">www.superfish.com_0.localstorage-journal</a></p><p></p><p>***** [ Scheduled Tasks ] *****</p><p></p><p></p><p>***** [ Shortcuts ] *****</p><p></p><p></p><p>***** [ Registry ] *****</p><p></p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1</p><p>Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094</p><p>Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536</p><p></p><p>***** [ Browsers ] *****</p><p></p><p>-\\ Internet Explorer v10.0.9200.17116</p><p></p><p></p><p>-\\ Mozilla Firefox v23.0.1 (en-US)</p><p></p><p></p><p>*************************</p><p></p><p>And here is the contents of the Malwarebytes log:</p><p></p><p>Malwarebytes Anti-Malware</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p></p><p>Scan Date: 10/26/2014</p><p>Scan Time: 1:25:42 PM</p><p>Logfile: Malwarebytes log.txt</p><p>Administrator: Yes</p><p></p><p>Version: 2.00.3.1025</p><p>Malware Database: v2014.10.26.04</p><p>Rootkit Database: v2014.10.22.01</p><p>License: Free</p><p>Malware Protection: Disabled</p><p>Malicious Website Protection: Disabled</p><p>Self-protection: Disabled</p><p></p><p>OS: Windows 8</p><p>CPU: x64</p><p>File System: NTFS</p><p>User: DES</p><p></p><p>Scan Type: Threat Scan</p><p>Result: Completed</p><p>Objects Scanned: 408078</p><p>Time Elapsed: 17 min, 12 sec</p><p></p><p>Memory: Enabled</p><p>Startup: Enabled</p><p>Filesystem: Enabled</p><p>Archives: Enabled</p><p>Rootkits: Disabled</p><p>Heuristics: Enabled</p><p>PUP: Enabled</p><p>PUM: Enabled</p><p></p><p>Processes: 0</p><p>(No malicious items detected)</p><p></p><p>Modules: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys: 8</p><p>PUP.Optional.BrowserSafeGuard, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowserSafeguard, Quarantined, [004c2aefea926acc3c6068c3b94ad22e],</p><p>PUP.Optional.BrowserSafeGuard.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowserSafeguardInstalled, Quarantined, [f953a574196381b5274d221406fdee12],</p><p>PUP.Optional.Speedial.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\speedial, Quarantined, [d577ca4f126a5bdbd96dea59c93a7f81],</p><p>PUP.Optional.InstallCore.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [9fada47514687db9970281d8887b857b],</p><p>PUP.Optional.Speedial.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\Speedial, Quarantined, [4c0086935f1d70c643000043a55e26da],</p><p>PUP.Optional.InstallCore.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [1f2dda3f26564fe760835d1221e36f91],</p><p>PUP.Optional.SuperFish.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [d3791aff097352e4180959dd3ec5c937],</p><p>PUP.Optional.Softonic.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [b19b0019f08c5cda22b987c15ca78c74],</p><p></p><p>Registry Values: 1</p><p>PUP.Optional.InstallCore.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 1V2X1Q1R1M1F, Quarantined, [1f2dda3f26564fe760835d1221e36f91]</p><p></p><p>Registry Data: 0</p><p>(No malicious items detected)</p><p></p><p>Folders: 0</p><p>(No malicious items detected)</p><p></p><p>Files: 7</p><p>PUP.Optional.YourFileDownloader, C:\Users\CAS\Downloads\shes-so-high-tal-bachman_downloader.exe, Quarantined, [371572a7a8d4c274dd691d0129d7be42],</p><p>PUP.Optional.InstallCore, C:\Users\CAS\Downloads\FileOpenerSetup.exe, Quarantined, [113bb960c8b45bdb1a8143bf6e974eb2],</p><p>PUP.Optional.SoftInstall, C:\Users\CAS\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe, Quarantined, [61eb46d3146891a554b7f41627de06fa],</p><p>PUP.Optional.Spigot, C:\Users\CAS\Downloads\YTDSetup.exe, Quarantined, [26267c9d2854dd5916f48928c43d5ea2],</p><p>PUP.Optional.FullSpectrumAdmin, C:\Users\CAS\Downloads\uplayermediaplayer-setup.exe, Quarantined, [d478af6a87f5d3631486ad361be929d7],</p><p>PUP.Optional.MindSpark.A, C:\Users\CAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, Quarantined, [ad9fae6baad21e185cdaed57f60d26da],</p><p>PUP.Optional.MindSpark.A, C:\Users\CAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, Quarantined, [c28a7b9eacd0a69031054afa758e639d],</p><p></p><p>Physical Sectors: 0</p><p>(No malicious items detected)</p><p></p><p></p><p>(end)</p></blockquote><p></p>
[QUOTE="ds7782, post: 284914, member: 29561"] Hi, TwinHeadedEagle, Thanks for the quick reply. I've finished the three scans. Fixlog.txt is attached. Here is the contents of AdwCleaner[S0].txt: # AdwCleaner v4.001 - Report created 26/10/2014 at 13:17:30 # DB v2014-10-26.2 # Updated 20/10/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : DES - HP_ENVY_11_2012 # Running from : C:\Users\DES\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\CAS\AppData\Local\Browsersafeguard Folder Deleted : C:\ProgramData\NCH Software Folder Deleted : C:\Users\CAS\AppData\Roaming\NCH Software Folder Deleted : C:\Users\CAS\AppData\Local\Speedial Folder Deleted : C:\Users\CAS\AppData\Local\CrashRpt File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Users\CAS\AppData\Roaming\Mozilla\Firefox\Profiles\53teacw9.default\searchplugins\safesearch.xml File Deleted : C:\Users\CAS\AppData\Roaming\Mozilla\Firefox\Profiles\53teacw9.default\searchplugins\Speedial.xml File Deleted : C:\Users\CAS\AppData\Roaming\Mozilla\Firefox\Profiles\53teacw9.default\user.js File Deleted : C:\Users\CAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_[url="http://www.superfish.com_0.localstorage"]www.superfish.com_0.localstorage[/url] File Deleted : C:\Users\CAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_[url="http://www.superfish.com_0.localstorage-journal"]www.superfish.com_0.localstorage-journal[/url] ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.17116 -\\ Mozilla Firefox v23.0.1 (en-US) ************************* And here is the contents of the Malwarebytes log: Malwarebytes Anti-Malware [url="http://www.malwarebytes.org"]www.malwarebytes.org[/url] Scan Date: 10/26/2014 Scan Time: 1:25:42 PM Logfile: Malwarebytes log.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.26.04 Rootkit Database: v2014.10.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: NTFS User: DES Scan Type: Threat Scan Result: Completed Objects Scanned: 408078 Time Elapsed: 17 min, 12 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 8 PUP.Optional.BrowserSafeGuard, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowserSafeguard, Quarantined, [004c2aefea926acc3c6068c3b94ad22e], PUP.Optional.BrowserSafeGuard.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowserSafeguardInstalled, Quarantined, [f953a574196381b5274d221406fdee12], PUP.Optional.Speedial.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\speedial, Quarantined, [d577ca4f126a5bdbd96dea59c93a7f81], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [9fada47514687db9970281d8887b857b], PUP.Optional.Speedial.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\Speedial, Quarantined, [4c0086935f1d70c643000043a55e26da], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [1f2dda3f26564fe760835d1221e36f91], PUP.Optional.SuperFish.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [d3791aff097352e4180959dd3ec5c937], PUP.Optional.Softonic.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [b19b0019f08c5cda22b987c15ca78c74], Registry Values: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-3341315182-2024668397-1482437408-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 1V2X1Q1R1M1F, Quarantined, [1f2dda3f26564fe760835d1221e36f91] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 7 PUP.Optional.YourFileDownloader, C:\Users\CAS\Downloads\shes-so-high-tal-bachman_downloader.exe, Quarantined, [371572a7a8d4c274dd691d0129d7be42], PUP.Optional.InstallCore, C:\Users\CAS\Downloads\FileOpenerSetup.exe, Quarantined, [113bb960c8b45bdb1a8143bf6e974eb2], PUP.Optional.SoftInstall, C:\Users\CAS\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe, Quarantined, [61eb46d3146891a554b7f41627de06fa], PUP.Optional.Spigot, C:\Users\CAS\Downloads\YTDSetup.exe, Quarantined, [26267c9d2854dd5916f48928c43d5ea2], PUP.Optional.FullSpectrumAdmin, C:\Users\CAS\Downloads\uplayermediaplayer-setup.exe, Quarantined, [d478af6a87f5d3631486ad361be929d7], PUP.Optional.MindSpark.A, C:\Users\CAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, Quarantined, [ad9fae6baad21e185cdaed57f60d26da], PUP.Optional.MindSpark.A, C:\Users\CAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, Quarantined, [c28a7b9eacd0a69031054afa758e639d], Physical Sectors: 0 (No malicious items detected) (end) [/QUOTE]
Insert quotes…
Verification
Post reply
Top