Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

DNS Unlocker with Full Force!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

DNS Unlocker with Full Force!

Unread postby stevediacono » December 31st, 2015, 8:15 am

My PC has been infected by DNS Unlocker, again! Last time round I thought I was able to remove the malware - this time can't seem to locate it on my installed programs

The damn adware keeps coming up on most pages rendering some pages unviewable due to constant pop ups and hyperlinks

I'm running on Windows 8 and the malware affects both Chrome and Internet Explorer.

Would be very grateful if someone could assist with the removal of this malware. Thank you!
You do not have the required permissions to view the files attached to this post.
stevediacono
Active Member
 
Posts: 8
Joined: December 31st, 2015, 7:57 am
Advertisement
Register to Remove

Re: DNS Unlocker with Full Force!

Unread postby Gary R » January 3rd, 2016, 8:16 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: DNS Unlocker with Full Force!

Unread postby Gary R » January 3rd, 2016, 8:26 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 8.1, it may be necessary to right click some of the tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There's certainly a number of things showing in your FRST logs that need attending to, but before we do that I'd like you to run a further couple of scans for me, to give me a more complete picture of what needs to be removed.

Once I've got that, we can set about cleaning your machine.

First ....

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

I'd like you to run a search for me using FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;trovi;clientconnect;DNS Unlocker

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: DNS Unlocker with Full Force!

Unread postby stevediacono » January 3rd, 2016, 9:35 am

Thanks for picking this up Gary, both attached
You do not have the required permissions to view the files attached to this post.
stevediacono
Active Member
 
Posts: 8
Joined: December 31st, 2015, 7:57 am

Re: DNS Unlocker with Full Force!

Unread postby Gary R » January 3rd, 2016, 1:36 pm

OK, let's get started on cleaning up your computer. There's quite a bit to do, and it will likely take a few posts before we get your machine completely clean, so stick with it to the end, and don't assume because your symptoms disappear that your problems are resolved ...

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

PortFinale
SectionKeeper
SegmentProvider
SystemBoost
SystemHero


Reboot your computer once they're all uninstalled.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Mobogenie
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1435354048&z=158b77330ce432b711f56a5gez2c5wdc0w8z5edzcm&from=dig2&uid=ST500LM012XHN-M500MBB_S2TUJ9HC700090&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1435354048&z=158b77330ce432b711f56a5gez2c5wdc0w8z5edzcm&from=dig2&uid=ST500LM012XHN-M500MBB_S2TUJ9HC700090&q={searchTerms}
HKU\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=52B5083E8E22A2F8
SearchScopes: HKU\S-1-5-21-2357267511-2638639882-2966789438-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=52B5083E8E22A2F8
SearchScopes: HKU\S-1-5-21-2357267511-2638639882-2966789438-1001 -> {F0B09299-FC52-4C42-BC29-62C4F63D9E89} URL = hxxp://searchsimple-a.akamaihd.net/?affID=dg&q={searchTerms}&r=656
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1435354048&z=158b77330ce432b711f56a5gez2c5wdc0w8z5edzcm&from=dig2&uid=ST500LM012XHN-M500MBB_S2TUJ9HC700090
CHR Extension: (Google Slides) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-06] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-06] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-06] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Google Sheets) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-06] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx <not found>
S2 4dd8d474; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\RelayDouble\RelayDouble.dll",serv
c:\Program Files (x86)\RelayDouble
R1 {027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64; C:\Windows\System32\drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys [48784 2015-07-10] (StdLib)
R1 {2381c708-437b-40af-a3fc-1f3bd1d5172d}Gw64; C:\Windows\System32\drivers\{2381c708-437b-40af-a3fc-1f3bd1d5172d}Gw64.sys [48784 2015-07-23] (StdLib)
R1 {241c48c5-f3a9-4ff5-98b0-c41988c34fff}Gw64; C:\Windows\System32\drivers\{241c48c5-f3a9-4ff5-98b0-c41988c34fff}Gw64.sys [48784 2015-06-26] (StdLib)
R1 {4572b88f-b0f6-490d-ac1d-566e27c62495}Gw64; C:\Windows\System32\drivers\{4572b88f-b0f6-490d-ac1d-566e27c62495}Gw64.sys [48784 2015-06-29] (StdLib)
R1 {7188dc29-5fcb-46e6-baeb-fbd8be71d343}Gw64; C:\Windows\System32\drivers\{7188dc29-5fcb-46e6-baeb-fbd8be71d343}Gw64.sys [48784 2015-07-14] (StdLib)
R1 {972dc55c-c6c0-44f6-8b54-5599004975cf}Gw64; C:\Windows\System32\drivers\{972dc55c-c6c0-44f6-8b54-5599004975cf}Gw64.sys [48784 2015-07-17] (StdLib)
R1 {9c8cca4c-20fb-4af3-ac83-4f7cb79e9eef}Gw64; C:\Windows\System32\drivers\{9c8cca4c-20fb-4af3-ac83-4f7cb79e9eef}Gw64.sys [48784 2015-07-04] (StdLib)
R1 {a099f353-be27-4260-8532-0fab017d0e4f}Gw64; C:\Windows\System32\drivers\{a099f353-be27-4260-8532-0fab017d0e4f}Gw64.sys [48784 2015-07-08] (StdLib)
R1 {d11195b7-3360-435c-8dba-aca103f9bec5}Gw64; C:\Windows\System32\drivers\{d11195b7-3360-435c-8dba-aca103f9bec5}Gw64.sys [48784 2015-07-01] (StdLib)
R1 {e808f110-c3bd-4b41-9d1e-f200058e16fe}Gw64; C:\Windows\System32\drivers\{e808f110-c3bd-4b41-9d1e-f200058e16fe}Gw64.sys [48784 2015-07-22] (StdLib)
R1 {eaa5c94d-f832-4066-99d2-177ee28f0634}Gw64; C:\Windows\System32\drivers\{eaa5c94d-f832-4066-99d2-177ee28f0634}Gw64.sys [48784 2015-07-27] (StdLib)
C:\Windows\System32\drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys
C:\Windows\System32\drivers\{2381c708-437b-40af-a3fc-1f3bd1d5172d}Gw64.sys
C:\Windows\System32\drivers\{241c48c5-f3a9-4ff5-98b0-c41988c34fff}Gw64.sys
C:\Windows\System32\drivers\{4572b88f-b0f6-490d-ac1d-566e27c62495}Gw64.sys
C:\Windows\System32\drivers\{7188dc29-5fcb-46e6-baeb-fbd8be71d343}Gw64.sys
C:\Windows\System32\drivers\{972dc55c-c6c0-44f6-8b54-5599004975cf}Gw64.sys
C:\Windows\System32\drivers\{9c8cca4c-20fb-4af3-ac83-4f7cb79e9eef}Gw64.sys
C:\Windows\System32\drivers\{a099f353-be27-4260-8532-0fab017d0e4f}Gw64.sys
C:\Windows\System32\drivers\{d11195b7-3360-435c-8dba-aca103f9bec5}Gw64.sys
C:\Windows\System32\drivers\{e808f110-c3bd-4b41-9d1e-f200058e16fe}Gw64.sys
C:\Windows\System32\drivers\{eaa5c94d-f832-4066-99d2-177ee28f0634}Gw64.sys
2015-12-31 12:31 - 2014-01-29 18:31 - 00001546 _____ C:\WINDOWS\Tasks\Torntv V6.0-updater.job
2015-12-31 12:31 - 2014-01-29 18:31 - 00001374 _____ C:\WINDOWS\Tasks\Torntv V6.0-enabler.job
2015-12-31 12:30 - 2014-01-29 18:30 - 00002458 _____ C:\WINDOWS\Tasks\Torntv V6.0-firefoxinstaller.job
2015-12-31 12:30 - 2014-01-29 18:30 - 00002202 _____ C:\WINDOWS\Tasks\Torntv V6.0-chromeinstaller.job
2015-12-31 12:30 - 2014-01-29 18:30 - 00001486 _____ C:\WINDOWS\Tasks\Torntv V6.0-codedownloader.job
2015-12-08 10:20 - 2013-03-04 23:34 - 00000000 ____D C:\Users\Steven\AppData\Roaming\uTorrent
2015-06-06 16:17 - 2015-08-12 22:58 - 0000024 _____ () C:\Users\Steven\AppData\Roaming\appdataFr25.bin
2013-04-09 19:42 - 2013-02-09 22:55 - 0114176 _____ () C:\Users\Steven\AppData\Roaming\BabMaint.exe
2013-09-15 19:03 - 2013-09-15 19:03 - 0000021 _____ () C:\Users\Steven\AppData\Roaming\my_intel.sys
2013-03-01 18:56 - 2015-12-31 09:24 - 0000380 _____ () C:\Users\Steven\AppData\Roaming\sp_data.sys
Task: {036AC7E9-23A6-41A7-85DA-5BD7C4B95E77} - System32\Tasks\Torntv V6.0-firefoxinstaller => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe <==== ATTENTION
Task: {1EB59665-D07F-410D-8149-930DB709168C} - System32\Tasks\Torntv V6.0-codedownloader => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-codedownloader.exe <==== ATTENTION
Task: {257E230E-40A4-4561-B721-1ED8C4A9EBDE} - System32\Tasks\FCBfan => C:\Users\Steven\AppData\Roaming\FCBfan\fcbfan.exe [2015-02-20] (FCB Update) <==== ATTENTION
Task: {3A50AD4A-F92E-46C0-B7D6-DD057EDD5B0F} - System32\Tasks\Torntv V6.0-enabler => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-enabler.exe <==== ATTENTION
Task: {4F3B2C10-CC57-422B-82ED-2011DD92BF58} - System32\Tasks\EPUpdater => C:\Users\Steven\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {523942F6-9D3D-475B-9313-65DE5E97B54E} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {9D6F0393-B7F7-4460-A6DE-4CCB0CBFCDAF} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {A338827D-8122-46BB-8A12-32CA6F92C00F} - System32\Tasks\Torntv V6.0-chromeinstaller => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-chromeinstaller.exe <==== ATTENTION
Task: {A5012DB8-C68E-49EF-9ED8-9C554B3CB1EE} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {A801AD36-E8F9-4C1F-888F-1B5CA87C1FB8} - System32\Tasks\Torntv V6.0-updater => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-updater.exe <==== ATTENTION
Task: {CC769FD0-51C7-4028-B46C-D1D9C2E00FD3} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Superclean.job => c:\programdata\{ae31b6ce-000e-3fe2-ae31-1b6ce000db38}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Torntv V6.0-chromeinstaller.job => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-chromeinstaller.exe?/installcrx /agentregpath='Torntv V6.0' /extensionfilepath C:\Program Files (x86)\Torntv V6.0\45960.crx' /appid=45960 /srcid='000686' /subid='0' /zdata='0' /bic=232F7282236C4B42BD7521B2ED4F63CCIE /verifier=c5d04a89191c42209dbc163d753fc6f7 /installerversion=1_34_1_21 /installerfullversion=1.34.1.21 /installationtime=1391016600 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=ahmilhmcinpmpohfoiccaplbhgelbnim /extensionversion=1.26.71 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7jTNxL7h3FB/7RViD415XIgSs8u7OpVFlyS3MJgMtHVkPLpmLyt0lr1jUfjaFytjaPQSJYipB9zgxntsyN9pMFhVI3YuKm2jfCfBc0asZ2Ys4AhxagcKp/y0Ofkp8Rb4xe+gD4tDbDo436Q8GyehUWSHyrPtB4lODcQxHVZ+EzQIDAQAB /defbro=ch /allusers /allprofiles /autoupdateulr='hxxp:/update.srvstatsdata.com/ch_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\Torntv V6.0-codedownloader.job => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-codedownloader.exe?/reinstallapp /runfrom=task /agentregpath='Torntv V6.0' /appid=45960 /srcid='000686' /subid='0' /zdata='0' /bic=232F7282236C4B42BD7521B2ED4F63CCIE /verifier=c5d04a89191c42209dbc163d753fc6f7 /installerversion=1_34_1_21 /installerfullversion=1.34.1.21 /installationtime=1391016600 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /codedownloaddomain=hxxp:/cr.install-daddy.com /defbro=ch /allusers /autoupdateulr='hxxp:/update.srvstatsdata.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\Torntv V6.0-enabler.job => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-enabler.exe?/enablebho /agentregpath='Torntv V6.0' /appid=45960 /srcid='000686' /subid='0' /zdata='0' /bic=232F7282236C4B42BD7521B2ED4F63CCIE /verifier=c5d04a89191c42209dbc163d753fc6f7 /installerversion=1_34_1_21 /installationtime=1391016600 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /bhoguid=11111111-1111-1111-1111-110411591160 /defbro=ch /allusers /autoupdateulr='hxxp:/update.srvstatsdata.com/ie_enable_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\Torntv V6.0-firefoxinstaller.job => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe?/installxpi /agentregpath='Torntv V6.0' /extensionfilepath C:\Program Files (x86)\Torntv V6.0\45960.xpi' /appid=45960 /srcid='000686' /subid='0' /zdata='0' /bic=232F7282236C4B42BD7521B2ED4F63CCIE /verifier=c5d04a89191c42209dbc163d753fc6f7 /installerversion=1_34_1_21 /installerfullversion=1.34.1.21 /installationtime=1391016600 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com /extensionversion=0.93 /prefsbranch=ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960 /updateurl=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/45960.rdf /extensionname='Torntv V6.0' /extensiondesc='The must-have App extensions for Television fans! Watch free TV channels, live sports and more' /publishername='installdaddy' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='hxxp:/update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\Torntv V6.0-updater.job => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-updater.exe?/runupdater /agentregpath='Torntv V6.0' /appid=45960 /srcid='000686' /subid='0' /zdata='0' /bic=232F7282236C4B42BD7521B2ED4F63CCIE /verifier=c5d04a89191c42209dbc163d753fc6f7 /installerversion=1_34_1_21 /installationtime=1391016600 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.srvstatsdata.com /updaterversion=2 /monetizationdomain=hxxp:/stats.syncstatsdata.com /autoupdateulr='hxxp:/update.srvstatsdata.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Reg: reg delete "HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\5e48cdcbc3dec47\2.6.1339.144" /v "chrome homepages" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\5e48cdcbc3dec47\2.6.1519.190" /v "chrome homepages" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\5e48cdcbc3dec47\2.6.1673.238" /v "chrome homepages" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\5e48cdcbc3dec47\2.6.1694.246" /v "chrome homepages" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\5e48cdcbc3dec47\2.7.1769.27" /v "chrome homepages" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\5e48cdcbc3dec47\2.7.1832.68" /v "chrome homepages" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /v "C:\Program Files (x86)\DNS Unlocker\unins000.exe" /f
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
[-HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\DataMngr]
[-HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\BabylonToolbar]
[-HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com]
[-HKEY_USERS\S-1-5-21-2357267511-2638639882-2966789438-1001\Software\Conduit]
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • Fixlog.txt
  • Let me know how your computer is running now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: DNS Unlocker with Full Force!

Unread postby stevediacono » January 3rd, 2016, 2:21 pm

When I try to uninstall the mentioned programs I get a window stating 'The specified module could not be found'

Should I proceed with the other steps just the same?
stevediacono
Active Member
 
Posts: 8
Joined: December 31st, 2015, 7:57 am

Re: DNS Unlocker with Full Force!

Unread postby Gary R » January 3rd, 2016, 6:17 pm

Yes, just follow the rest of the instructions, we'll deal with the programs we need to uninstall in a different manner once I see how the first set of cleanup instructions goes.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: DNS Unlocker with Full Force!

Unread postby stevediacono » January 3rd, 2016, 7:29 pm

Both attached

After a quick session of browsing I have not experienced any of the symptoms I had earlier!
You do not have the required permissions to view the files attached to this post.
stevediacono
Active Member
 
Posts: 8
Joined: December 31st, 2015, 7:57 am

Re: DNS Unlocker with Full Force!

Unread postby Gary R » January 4th, 2016, 2:21 am

OK, things are looking good so far.

What I need you to do now is run an online scan for me. The scans we've run so far have been specific to the infection that I saw in your FRST logs, however that infection often comes with "fellow travellers", so we need to run a more wide ranging scan to see if there's anything left on your computer that we might have missed.

This scan will probably take some hours to complete, but it is very thorough and doesn't often miss much.

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: DNS Unlocker with Full Force!

Unread postby stevediacono » January 4th, 2016, 6:36 am

I tried launching Internet Explorer but for some reason it wouldn't open, the computer just gives no reaction after trying to run IE.

Anyway, so I installed Firefox and ran ESET (log attached)

Should I re-activate my anti-virus (Windows Defender) in the meanwhile?

Thanks!
You do not have the required permissions to view the files attached to this post.
stevediacono
Active Member
 
Posts: 8
Joined: December 31st, 2015, 7:57 am

Re: DNS Unlocker with Full Force!

Unread postby Gary R » January 4th, 2016, 8:43 am

Yes, please reactivate Windows Defender.

Most of what was found by e-set are just the quarantine files for ADWCleaner, and we'll remove them before we finish, but for the moment we'll leave them in place.

So, just the one file/folder to deal with ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\Users\Steven\AppData\Roaming\FCBfan

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Once that is done, reboot your computer then try going online with Internet Explorer again, and let me know if you're still having problems with it.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: DNS Unlocker with Full Force!

Unread postby stevediacono » January 4th, 2016, 9:15 am

Log below;


Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Steven (2016-01-04 14:02:51) Run:2
Running from C:\Users\Steven\Desktop
Loaded Profiles: Steven (Available Profiles: Steven)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Steven\AppData\Roaming\FCBfan
*****************

C:\Users\Steven\AppData\Roaming\FCBfan => moved successfully

==== End of Fixlog 14:02:51 ====


Still same issue with Internet Explorer - but to be honest I never browse with it so this is very much a secondary issue for me

Otherwise, still no symptoms of DNS Unlocker
stevediacono
Active Member
 
Posts: 8
Joined: December 31st, 2015, 7:57 am

Re: DNS Unlocker with Full Force!

Unread postby Gary R » January 4th, 2016, 11:46 am

Could be Internet Explorer has got damaged, in which case the best thing is probably just to uninstall the old copy then install a new copy.

http://windows.microsoft.com/en-US/inte ... ownload-ie

Whether you want to do that or not is up to you, since you say you don't use it.

As far as I can see your computer is now clean of infection, so we now need to do a little tidying up.

First ...

  • Double click AdwCleaner.exe to run it.
  • Click Uninstall.
  • Click Yes to the prompt.
  • AdwCleaner will close and uninstall itself

Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.

Next ...

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes ...
    • Remove disinfection tools
    • Purge system restore

    ... then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

  • If you have any remaining problems please let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: DNS Unlocker with Full Force!

Unread postby stevediacono » January 4th, 2016, 11:56 am

Log below;

# DelFix v1.011 - Logfile created 04/01/2016 at 16:53:07
# Updated 18/08/2015 by Xplode
# Username : Steven - LE-PC-DE-STIEF
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\RegBackup
Deleted : C:\Users\Steven\Desktop\FRST-OlderVersion
Deleted : C:\Users\Steven\Desktop\Addition.txt
Deleted : C:\Users\Steven\Desktop\AdwCleaner (1).exe
Deleted : C:\Users\Steven\Desktop\AdwCleaner[S1].txt
Deleted : C:\Users\Steven\Desktop\Fixlog.txt
Deleted : C:\Users\Steven\Desktop\FRST.txt
Deleted : C:\Users\Steven\Desktop\FRST64.exe
Deleted : C:\Users\Steven\Desktop\Search.txt
Deleted : C:\Users\Steven\Downloads\esetsmartinstaller_enu.exe

~ Cleaning system restore ...

Deleted : RP #115 [Windows Update | 12/18/2015 16:22:22]
Deleted : RP #116 [Windows Update | 12/21/2015 16:25:16]
Deleted : RP #117 [Windows Update | 12/26/2015 11:06:42]
Deleted : RP #118 [Windows Update | 12/29/2015 11:10:55]
Deleted : RP #119 [Windows Update | 01/01/2016 14:04:18]
Deleted : RP #120 [Windows Update | 01/04/2016 14:22:02]

New restore point created !

########## - EOF - ##########


Thank you so much for your help Gary, truly appreciate it.

All the best!
stevediacono
Active Member
 
Posts: 8
Joined: December 31st, 2015, 7:57 am

Re: DNS Unlocker with Full Force!

Unread postby Gary R » January 4th, 2016, 5:53 pm

You're welcome, glad we could help with your problem. :)

Looks like everything has been removed now, you're clear to go.

Keep safe.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware