Jump to content
Sign in to follow this  
water101

n10.adshostnet.com

Recommended Posts

OK hopefully I don't miss anything here. Trying to help a family member out with a computer issue and I have never run across this one before. When ever you open a web browser and click on anything in that browser a pop up for n10.adshostnet.com pops up. I have reset the browser, and run numerous virus scan and malware scans. The program is not installed any where as I have been to the add and remove programs sections and it is not there. It is not in application data as well.It is not in the browser add on either. I have no idea what else to check. I did the normal google search as well and tried about 5 different steps people suggested with no luck. I have run adwcleaner 4.01 which I will post a report of.I have also run jtr and maleware bytes and hit man pro. My browsers are not hijacked just the pop up which slow things down. I am going to run a full housecall scan as well. The computer is running windows 8 64 bit.

 

Any thoughts would be great.

 

Thanks

Water

Edited by water101

Share this post


Link to post
Share on other sites
# AdwCleaner v4.101 - Report created 15/11/2014 at 00:28:34

# Updated 09/11/2014 by Xplode

# Database : 2014-11-13.1 [Live]

# Operating System : Windows 8.1 (64 bits)

# Username : Owner - HP

# Running from : C:\Users\Owner\Downloads\adwcleaner_4.101.exe

# Option : Clean


***** [ Services ] *****



***** [ Files / Folders ] *****


Folder Deleted : C:\Users\Owner\AppData\Local\CheckCode

File Deleted : C:\Program Files (x86)\distribution-installer.exe


***** [ Scheduled Tasks ] *****



***** [ Shortcuts ] *****



***** [ Registry ] *****


Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com


***** [ Browsers ] *****


-\\ Internet Explorer v11.0.9600.17416



-\\ Google Chrome v38.0.2125.122


[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}


*************************


AdwCleaner[R0].txt - [7253 octets] - [14/11/2014 20:25:41]

AdwCleaner[R1].txt - [1413 octets] - [14/11/2014 22:31:00]

AdwCleaner[R2].txt - [1477 octets] - [14/11/2014 22:34:58]

AdwCleaner[R3].txt - [1537 octets] - [14/11/2014 22:40:57]

AdwCleaner[R4].txt - [1597 octets] - [14/11/2014 23:17:33]

AdwCleaner[R5].txt - [1695 octets] - [15/11/2014 00:26:42]

AdwCleaner[s0].txt - [7137 octets] - [14/11/2014 20:26:43]

AdwCleaner[s1].txt - [1630 octets] - [15/11/2014 00:28:34]


########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1690 octets] ##########

Share this post


Link to post
Share on other sites

sounds like it's hidden in extensions.

 

You reset all browsers back to default?

 

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

I have reset both browsers and still the same issue. I realize that Conduit was in the system. I did a system restore and Conduit was in the system. I removed it using the above listed programs and have reset the browsers and still no luck. With IE if I set pop up blocker to the highest level it will stop them but always ask if I want to allow it. If you allow it one time you get about 5 new tabs opened with ad's. I have checked for Conduit and SearchProvider in the registry and deleted all of them as well as the ones in App Data. There have been 4 different virus scans done and all came back negative.

 

Any other idea's or programs to try.

 

Share this post


Link to post
Share on other sites

Clean all temporary files now ........download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

 

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! Manually reboot the machine to ensure a complete clean.

Share this post


Link to post
Share on other sites

This is the hijack this report

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:59:00 PM, on 2014-11-15
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

Boot mode: Normal

Running processes:
C:\Users\Owner\AppData\Local\ContextualODBCRuby\MBRScreenshotWiget.exe
C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp\mmamain.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\IE\8ZSR5WRU\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [CloudSystemBooster] "C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe" /hide /autorun
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Sage Accpac .NET Remoting Service (a4wnetMgrService) - Sage Software, Inc. - C:\Program Files (x86)\Common Files\Sage\Sage Accpac\a4wnetMgrService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Anvi Cloud System Booster Speed Service (AnviCsbSvc) - Anvisoft - C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BIOSFreewareMinimal - Unknown owner - C:\WINDOWS\SysWOW64\BIOSFreewareMinimal\BIOSFreewareMinimal.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CodecDatabaseMemory.exe - Unknown owner - C:\Users\Owner\AppData\Local\CodecDatabaseMemory\CodecDatabaseMemory.exe (file missing)
O23 - Service: ContextualODBCRuby.exe - Unknown owner - C:\Users\Owner\AppData\Local\ContextualODBCRuby\ContextualODBCRuby.exe
O23 - Service: DriverRepositoryScrolling.exe - Unknown owner - C:\Users\Owner\AppData\Local\DriverRepositoryScrolling\DriverRepositoryScrolling.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10692 bytes

Share this post


Link to post
Share on other sites

Ok I created the host files saved them to my desktop. Renamed the other host files as old and when I did that it created a new on all on it's own. I deleted that one and dragged the one I created as a text file in. It then created another host file and saved it as a file not a text file.

 

Still have the same issue

Share this post


Link to post
Share on other sites

We need to send you over to the other forum.

http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/

 

Start a new topic, supply the logs from the following scanners.

 

Malwarebytes Anti-Rootkit

 

Download 51a5f31352b88-icon_MBAR.png

 

Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"
  • ***

    Scan with FRST in normal mode

     

    Please download Farbar's Recovery Scan Tool to your desktop:

     

    FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)

    (To use correct version for your system.....Which system am I using?)

  • Run FRST
FRSTicon.jpg
  • Don´t change the checkboxes just click on Scan.
  • Logfiles are created on your desktop.
  • Post the FRST.txt
  • The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...