I have cleaned massive ADware since Friday night
Avast blocked a download from a video site
and put ShopperReports.dll in Virus Chest
your scan afterwards on Friday night was clean
but Saturday morning I checked and used
SuperAntiSpyware
MalwareBytes
ESET
ComboFix
(from old instructions from another help website)
they found massive amounts of the ADware and in applications too.
after thinking all cleaned
I went to UNINSTALL programs and saw Shopper Reports and Click Potato were still applications so I UNinstalled
I think the Shopper Reports uninstall unleashed a new attack on Saturday
more cleaning
Where I am now
after MBAM’d and ComboFix
ESET online scan Saturday night was clean
Avast scan Sunday morning is clean
but I cannot use any SET UP to reinstall Firefox which I UNinstalled due to constant pop up messages that it could not UPDATE
or could not install the Kaspersky virus scan SET UP
also
I get the “WINDOWS HAS BLOCKED SOME STARTUP PROGRAMS” pop up balloon
pop up message I get about SET UP is
“A required privilege is not held by the client”
has something been deleted by ComboFix?
it deleted this item:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat.
.
do you want my logs from MBAM ESET Super Anti Spy?
thank you for any help - I fear going further alone
Look, this is Smart Shopper Adware, well HotBar is hosted on the same IP as this product,
you’d better be without it, I guess: http://www.freefixer.com/library/file/60535/
could be deleted with Windows Add/Remove programs, or else
use Toolbarcop to remove it, read how to use,
and download toolbarcop from here: http://www.majorgeeks.com/download4126.html
If you want to be absolutely and utterly certain for it to be gone, use Essexboy’s proposed cleansing routine: http://forum.avast.com/index.php?topic=53253.0
Nothing against doing the MBAM combined OTS routine, hope you get rid of it soon, loads of success,
Lets have a quick look with OTS to see if there is anything lingering… Are you still getting clickpotato and friends ?
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
What error do you get when you try to save a favourite ?
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\staples\AppData\Roaming\Mozilla\FireFox\Profiles\t675kg47.default\prefs.js
YN -> browser.search.selectedEngine -> "DAEMON Search"
YN -> extensions.enabledItems -> {21b88860-5e00-44dd-bdac-fca1f791837e}:0.2.0.7
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
< FireFox Extensions [User Folders] > ->
YY -> Kaboodle -> C:\Users\staples\AppData\Roaming\Mozilla\Firefox\Profiles\t675kg47.default\extensions\{21b88860-5e00-44dd-bdac-fca1f791837e}
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3886293462-2656852358-2641576973-1000\] > -> HKEY_USERS\S-1-5-21-3886293462-2656852358-2641576973-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY -> Comfix21450C -> C:\Comfix21450C
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.