Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

x64-BHO & uURLSearchHooks

Do you have BIOS questions or issues? Want to discuss Linux or other non-Microsoft operating systems? Ask your computer related questions that don't quite fit in any other sub-forum here.

x64-BHO & uURLSearchHooks

Unread postby Slim Nelson » March 7th, 2015, 7:53 pm

Hey guys, I hope everyone is doing good. I need some help on a couple entries from a dds log if ya don't mind. ;)
I'm trying to clean my brother-in-law's computer and have a question about the following entries:

uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
BHO: {11111111-1111-1111-1111-110511951168} - <orphaned>
BHO: {11111111-1111-1111-1111-110611111177} - <orphaned>
x64-BHO: {11111111-1111-1111-1111-110511951168} - <orphaned>
x64-BHO: {11111111-1111-1111-1111-110611111177} - <orphaned>

After looking through my past archives from MRU, I don't see any information on 64 bit BHO's or uURLSearchHooks.

I'm going to clean the regular BHO's with a reg file like this...

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951168}]
[-HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110511951168}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611111177}]
[-HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110611111177}]

But I haven't figured out where the 64 bit versions would be located or anything on the search hooks. Are the 64 bit BHO's the same location?

And also, I've cleaned a few entries for him already but noticed that for a few, they never got deleted in my script...
Any troubleshooting steps you could offer on that or could the only real reason be in my script?

Thanks for any help on this guys. :D
User avatar
Slim Nelson
Regular Member
 
Posts: 135
Joined: June 18th, 2013, 2:17 pm
Location: Nul
Advertisement
Register to Remove

Re: x64-BHO & uURLSearchHooks

Unread postby Gary R » March 8th, 2015, 2:02 am

X64 BHOs are found in the following key ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

It would be easier for you though to remove them using a tool like FRST, which can also be used to remove any "rogue" search hooks.

You'll find the Downloads for it (64 and 32 bit versions available) at ...

FRST
FRST64

There's a publicly available tutorial for it at ... http://www.geekstogo.com/forum/topic/33 ... scan-tool/ ... however, if you're not sure about what you're doing, you should post a log in the " Infected? Virus, malware, adware, ransomware, oh my!" forum, and get someone who does to look things over.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: x64-BHO & uURLSearchHooks

Unread postby Slim Nelson » March 8th, 2015, 9:18 pm

Thanks Gary. Much appreciated.

Thanks for tutorial and advice too.

Do you know where the Search Hooks key is located though? Or does it vary between web browsers?

And is that the only key associated with X64 BHO's? I only ask because the 32 bit BHO's has 2.
User avatar
Slim Nelson
Regular Member
 
Posts: 135
Joined: June 18th, 2013, 2:17 pm
Location: Nul

Re: x64-BHO & uURLSearchHooks

Unread postby Gary R » March 9th, 2015, 2:31 am

Yes, there's also an entry in ... HKEY_CLASSES_ROOT\Wow6432Node\CLSID .... for 64 bit BHOs

Search Hooks are found as key values in ...

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks

HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks

So for example an entry of ....

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

.... in a DDS log, equates to ...

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"URLSearchHooks"="AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll"

... in the Registry.


Really though, if you don't know this already, then you shouldn't be playing with your brother's computer, and would be best handing the job over to someone who knows what they're doing.

Also, I hope you backed up your registry before making any changes.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


Return to Other Computer Issues



Who is online

Users browsing this forum: No registered users and 6 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware