go.wvydeo.com crawler? Help please!

My computer has slowed down to a crawl lately and my avast Antivirus software keeps blocking a malicious website (go,wvydeo.com/resultsa/…) over and over in addition to others, even when I don’t have my browser open. I found many instances of dllhost.exe (COM Surrogate) running. I could end them and get the CPU freed up for a short amount of time, but they would always come back fairly quickly.

I ran scans with avast! and Malwarebytes and all that was found (and repaired) were PUPS. I am attaching the requested log files in hopes that you can help me clean up the mess I now have.

Thanks in advance for your guidance!

Hi :slight_smile:

https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Accept the disclaimer and agree if prompted to install Recovery Console.
[*]Do not take any actions while ComboFix goes through your System - it may cause it to stall!
[]This scan may take some time!
[
]When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

http://forum.programosy.pl/images/smilies/icon_idea.gif
If you’ll encounter any issues with internet connection after running ComboFix, please visit this link.

http://forum.programosy.pl/images/smilies/icon_idea.gif
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

http://forum.programosy.pl/images/smilies/icon_idea.gif
Don’t forget to re-enable your previously switched-off protection software!

Thanks for helping Naathim!
ComboFix scan done and log attached.

ComboFix didn’t make it. I need to see fresh FRST reports.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.

XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Done. New logs attached.

Hi :slight_smile:

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/remove%20outdated.jpg
Uninstall some programs

We need to uninstall some programs.

[*]Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png

  • R on your keyboard at the same time. Type appwiz.cpl and click OK.
    [*]Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

[*]Ask Toolbar

After completing uninstalls, please manually reboot your machine!

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]

Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png

  • R on your keyboard at the same time. Type Notepad and click OK.

[*]Copy the entire content of the codebox below and paste into the Notepad document:

start
CloseProcesses:
HKU\S-1-5-21-293655139-2097187613-2028248552-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM - DefaultScope {78882031-6432-4DFF-A69B-FE6A3586E248} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM - {78882031-6432-4DFF-A69B-FE6A3586E248} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=DIC2V5&o=13732&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D5&apn_dtid=gog187YYUS&apn_uid=5333EA2B-5ACC-4389-B1E9-46F416396723&apn_sauid=0F28AB25-182D-4B08-9442-51D426AE563E
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=lzhuHnGIkM0EIVrfMYdA0XmvvvY?q={searchTerms}
SearchScopes: HKCU - {78882031-6432-4DFF-A69B-FE6A3586E248} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_en___US346
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm0806Wus&ptb=sE_AvbRGx_TwjGG1octdSw&ind=2011031120&ptnrS=ZUxdm0806Wus&si=&n=77dde650&psa=&st=kwd&searchfor=
FF NetworkProxy: "type", 0
FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
C:\Program Files\CouponAlert_2pEI
FF SearchPlugin: C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\wctui4in.default\searchplugins\mywebsearch.xml
C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\wctui4in.default\searchplugins\mywebsearch.xml
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
U3 catchme; \??\C:\Users\Graham\AppData\Local\Temp\catchme.sys [X]
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
CustomCLSID: HKU\S-1-5-21-293655139-2097187613-2028248552-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {A08CECC7-E3B9-4F21-9E10-8365538EC1B1} - System32\Tasks\RunAsStdUser Task => C:\Users\Graham\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe <==== ATTENTION
Task: {CDA6B8B2-AE0E-4EC2-A554-0C036BC361F0} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTION
C:\Program Files\Ask.com
 C:\Users\Graham\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
EmptyTemp:
end

[*]Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.

XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

When uninstalling the Ask toolbar, I got an error that read:
“Error 1905.Module C:\Program Files\Ask.com\GenericAsk Toolbar.dll failed to unregister.
HRESULT -2147220472. Contact your support personnel.”
Otherwise it looked like it uninstalled. I rebooted.

I also keep getting a message “powershell has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.”

I am running the Fix now and will include the log in my next post.
Thanks for your help!

Okay. Fix run and log attached.

Update me how is your machine after these steps.

https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and let this process run uninterrupted.
[*]This scan can take a while, depending on your System specs.
[*]Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

[*]Right-click on
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]The program will begin to update the database (if internet connection is operational). Please wait a little bit.
[*]Follow the prompts and click Scan.
[*]When finished, please click Clean.
[*]Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

JRT and Adwcleaner run. Logs attached.

So far so good. Haven’t seen any blocked URLs, but I’ll give this computer back to my husband and see how it works for him.

Thanks for all your help Naat!

I’m glad to hear that. Now let’s take another look on what’s going on there, after these procedures.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.

XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Computer is behaving much better, but still got a few malware blocks. It’s a little slow, but much better than it was. New logs attached.

Hi :slight_smile:

https://sites.google.com/site/cannedfixes/activescan/panda-av.jpg
Scan with Panda Cloud Cleaner

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Install the scanner by right-click on
https://sites.google.com/site/cannedfixes/activescan/panda-av.jpg
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator.
[*]It should start itself automaticaly after the installation.
[*]In the main console click Accept and Scan.
[*]This scan won’t take long, about several minutes (depending on your system specs). Let it run uninterrupted.
[*]At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
[*]Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
[*]A notepad window named PCloudCleaner.log will open. Save it to your desktop.

Please include the contents of that file in your next reply.
Don’t forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.

Scan done, but not cleaned. Log Report is attached.

This looks OK. Cookies are often detected as malware, so it’s up to you whether you clean them or not.

https://sites.google.com/site/cannedfixes/security-check/51c9d14017fa0-SecurityCheck.PNG
Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

[*]Right-click on
https://sites.google.com/site/cannedfixes/security-check/51c9d14017fa0-SecurityCheck.PNG
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow onscreen instructions inside the black box. This scan won’t take long.
[*]Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.

XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

New logs attached. The blocks from avast have mostly stopped now, but the computer seems to be very slow, but that’s not really a new thing…

Again, thanks for your time and help with this. It is greatly appreciated!

Malware experts will be online later, please be patient.

For the performance issues your computer may just need a good cleanup :slight_smile:

Is your hard drive HDD or SSD?

It is HDD. It is an old Celeron computer that my husband uses. I’m used to a newer computer with SDD/HDD hybrid, so that could be why it seems slow to me. ::slight_smile:

His computer is SO MUCH BETTER than it was!! Thanks!!! 8)

We’re still not done…

Look here:
Defragment your hard drive soon! (Do NOT defrag if SSD!)

THis is from SC report. This is probably the reason for the slowness.

https://sites.google.com/site/cannedfixes/updating-software/updates.png
Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your software needs updating.

https://sites.google.com/site/cannedfixes/updating-software/adobe-flash-player.jpeg.png
Updating Adobe Flash Player manually

[*]Visit Adobe website.
[*]You will see a download option there for the newest Adobe Flash Player version.
[*]In the center part you will be prompted to install Google Chrome as a recommended bundled installation. This is foistware. Remember to leave the box for Chrome UNCHECKED.
[*]Click on Install, save the file to a convenient location, double-click it and follow the prompts.

https://sites.google.com/site/cannedfixes/updating-software/firefox-256.jpg
Updating Mozilla Firefox manually

[*]Please open Firefox.
[*]Click the
https://sites.google.com/site/cannedfixes/updating-software/firefoxmenu.png
icon.
[*]Click Help and select About Firefox.
[]Firefox will search for any updates and start downloading them automatically
[
]When the updates will be ready you will be prompted to restart Firefox. Please do it.

Remember to keep them always updated.

https://sites.google.com/site/cannedfixes/delfix/51a5ce45263de-delfix.png
Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

[*]Right-click on
https://sites.google.com/site/cannedfixes/delfix/51a5ce45263de-delfix.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
[*]Push Run.
[*]When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.