dslreports logo
    All Forums Hot Topics Gallery
Search Topic:
share rss forum feed

Charlottesville, VA
reply to dolphins

Re: SafeSearch hijack

Hi Dolphins.

Please download AdwCleaner by Xplode onto your desktop.

- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Delete.
- Follow the prompts to reboot the computer. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.

Your Java is outdated and vulnerable.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 7.
- In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
- In the Window that opens, click the "Accept License Agreement" button
- Download the file for Windows x86 Offline (jre-7u11-windows-i586.exe) and save to your Desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
--- Java(TM) 6 Update 38
--- Java(TM) 6 Update 5
--- Any other older version you may have installed
- Then from your Desktop double-click on the new version you downloaded and install it.
- I recommend that Go into the Java Control Panel (Start > Control Panel > Java), and in the Security tab UNCHECK the box for "Enable Java content in the browser". Even better might be to not reinstall it if you don't really need it.

Your Adobe Acrobat Reader is outdated and vulnerable. I would also uninstall that and download the new version from »get.adobe.com/reader/. Be sure you UNCHECK the box for the optional download of McAfee Security Scan Plus unless you really want it.

Please post the log for AdwCleaner and note any errors encountered.

Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Clean Up Our Oceans
Westville, NJ
Hmmm... that's a nice little tool.

# AdwCleaner v2.109 - Logfile created 01/30/2013 at 00:23:39
# Updated 26/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Compaq - COMPAQ-PC
# Boot Mode : Normal
# Running from : C:\Users\Compaq\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\MyFunCards_5m
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej
Folder Deleted : C:\Users\Compaq\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Compaq\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Compaq\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Compaq\AppData\LocalLow\MyFunCards_5m

***** [Registry] *****

Key Deleted : HKCU\Software\5268a88b135bd46
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Google\Chrome\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DA71D6D0-86E6-4E56-8D0C-091B3BDE27BA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA71D6D0-86E6-4E56-8D0C-091B3BDE27BA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\cjh9tsv9.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


AdwCleaner[S1].txt - [6326 octets] - [30/01/2013 00:23:39]

########## EOF - C:\AdwCleaner[S1].txt - [6386 octets] ##########
Stop The Mindless Killings Stop Over Fishing

Charlottesville, VA
Let's scan your system with an online scanner other than the one you have installed are your real-time scanner.

Please scan your system with ESET Online Scanner

- Click the "Run ESET Online Scanner" button.
-- For browsers other then Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
-- Click on esetsmartinstaller_enu.exe
-- Save it to your desktop, and double-click to run it.
- Check "YES, I accept the Terms of Use."
- Click the Start button.
- Accept any security warnings from your browser.
- Under scan settings, check "Scan Archives" and "Remove found threats"
- Click Advanced settings and select the following:
-- Scan potentially unwanted applications
-- Scan for potentially unsafe applications
-- Enable Anti-Stealth technology
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click List Threats
- Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Click the Back button.
- Click the Finish button.

Please post the log from ESET Online Scanner.

Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Clean Up Our Oceans
Westville, NJ
ESET scan results:
C:\Users\Compaq\AppData\Roaming\PicBadges Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
Stop The Mindless Killings Stop Over Fishing

Charlottesville, VA

1 recommendation

I think we are through unless there is a remaining issue.

To remove all of the tools we used and the files and folders they created, please download OTC.exe by OldTimer:

- Save it to your Desktop.
- Double click OTC.exe.
- Click the CleanUp! button.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

To help keep malware off your system:
- Keep Windows updated at Windows Update or Microsoft Update.
- Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
- Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
- Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
- Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
- Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
- Don't click on links received in instant message programs.
- In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
- A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at »www.mvps.org/winhelp2002/hosts.h ··· osts.htm
- A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at »www.javacoolsoftware.com/product ··· cts.html
- I recommend reading Tony Klein's article So How did I get Infected in the First Place? at »www.spywareinfoforum.com/index.p ··· ic=60955
Does your problem appear resolved?

Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Clean Up Our Oceans
Westville, NJ
Thank you, much appreciated.

Charlottesville, VA
I'm glad we could help.