Jump to content

HP laptop - Windows 8 - infected - please help

Jetter

By Jetter
in Resolved Malware Removal Logs

 Share

Recommended Posts

Jetter

Jetter

Posted
Posted

Hello.  This laptop belongs to an elderly friend of mine.  He's having problems with it and doesn't know what to do about it.  I can see that there is malware on it but don't know enough myself to ensure that it gets cleaned thoroughly so I am asking for assistance.

 

All I have done so far is download mbam, run a Quick Scan and DL and run DDS.  The logs are below.  If someone here could help me with them, I would be most grateful.

 

Thank you so much.

 

MBAB log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.05.04
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
lee :: LIVINGROOM [administrator]
 
Protection: Enabled
 
1/5/2014 2:25:58 PM
mbam-log-2014-01-05 (14-25-58).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208828
Time elapsed: 9 minute(s), 57 second(s)
 
Memory Processes Detected: 4
C:\Program Files (x86)\Swift Browse\updateSwiftBrowse.exe (PUP.Optional.SwiftBrowse.A) -> 1896 -> Delete on reboot.
C:\Program Files (x86)\Swift Browse\bin\utilSwiftBrowse.exe (PUP.Optional.SwiftBrowse.A) -> 1960 -> Delete on reboot.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.Optional.MindSpark) -> 11324 -> Delete on reboot.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.Optional.MindSpark) -> 8164 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 30
HKLM\SYSTEM\CurrentControlSet\Services\Update Swift Browse (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util Swift Browse (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411361128} (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440444364428} (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550455365528} (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0043628.BHO.1 (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411361128} (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411361128} (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411361128} (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{808dc83c-d35b-4fba-a5b5-9a52103204df} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4addd3d1-433d-4547-b2bd-6a74ff6c2d03} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCR\Interface\{47ADEAA5-2986-44B2-A914-5D8516E58443} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{808DC83C-D35B-4FBA-A5B5-9A52103204DF} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{808DC83C-D35B-4FBA-A5B5-9A52103204DF} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{808DC83C-D35B-4FBA-A5B5-9A52103204DF} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncher (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0043628.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0043628.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0043628.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\weDownload (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
HKLM\Software\Wow6432Node\Swift Browse (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.AskWebSearch) -> Bad: (http://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^XP^xdm044^YYA^us&ptb=C57935AE-F2EF-42C4-A2A7-3C0089334729&si=CI2vwKmc0boCFcYRMwodelgAtA) Good: (http://www.google.com) -> Quarantined and repaired successfully.
 
Folders Detected: 3
C:\Program Files (x86)\Swift Browse (PUP.Optional.SwiftBrowse.A) -> Delete on reboot.
C:\Program Files (x86)\Swift Browse\bin (PUP.Optional.SwiftBrowse.A) -> Delete on reboot.
C:\Program Files (x86)\Swift Browse\bin\plugins (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
 
Files Detected: 28
C:\Program Files (x86)\Swift Browse\updateSwiftBrowse.exe (PUP.Optional.SwiftBrowse.A) -> Delete on reboot.
C:\Program Files (x86)\Swift Browse\bin\utilSwiftBrowse.exe (PUP.Optional.SwiftBrowse.A) -> Delete on reboot.
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Swift Browse\SwiftBrowseBHO.dll (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64sknlcr.dll (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\lee\AppData\Local\Temp\SwiftBrowse_s3.exe (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Users\lee\Local Settings\Temporary Internet Files\Content.IE5\336JGUEX\Free_Download_Manager_Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\lee\Local Settings\Temporary Internet Files\Content.IE5\47EA85R0\TelevisionFanatic.exe (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\lee\Local Settings\Temporary Internet Files\Content.IE5\91C1Q5FO\solitaire setup.exe (PUP.Soft32Downloader) -> Quarantined and deleted successfully.
C:\Users\lee\Local Settings\Temporary Internet Files\Content.IE5\91C1Q5FO\VideoDownloadConvert (1).exe (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\lee\Local Settings\Temporary Internet Files\Content.IE5\FZEAB8MX\FilmFanatic.exe (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\lee\Local Settings\Temporary Internet Files\Content.IE5\FZEAB8MX\Setup[1].exe (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Users\lee\Local Settings\Temporary Internet Files\Content.IE5\FZEAB8MX\teamviewer setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Swift Browse\SwiftBrowse.ico (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Swift Browse\SwiftBrowseUninstall.exe (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Swift Browse\updateSwiftBrowse.InstallState (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Swift Browse\bin\sqlite3.dll (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Swift Browse\bin\utilSwiftBrowse.InstallState (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Swift Browse\bin\plugins\SwiftBrowse.CompatibilityChecker.dll (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Swift Browse\bin\plugins\SwiftBrowse.FFUpdate.dll (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Swift Browse\bin\plugins\SwiftBrowse.GCUpdate.dll (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Swift Browse\bin\plugins\SwiftBrowse.IEUpdate.dll (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\weDownload Manager Pro-enabler.job (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\weDownload Manager Pro-updater.job (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.Optional.MindSpark) -> Delete on reboot.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
 
(end)
 
 
DDS.txt:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by lee at 15:08:24 on 2014-01-05
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3682.2217 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Users\lee\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Users\lee\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
mWinlogon: Userinit = userinit.exe,
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
uRun: [Pokki] C:\Windows\System32\rundll32.exe "C:\Users\lee\AppData\Local\Pokki\Engine\Launcher.dll",RunLaunchPlatform
uRun: [AVG-Secure-Search-Update_1013b] "C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe" /PROMPT /CMPID=1013b
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1C05CFEE-B541-475B-A176-F2BF5167C315} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E75B2510-B35C-4F18-A70C-A7F791A45570} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [TelevisionFanatic Home Page Guard 64 bit] "C:\PROGRA~2\TELEVI~2\bar\1.bin\AppIntegrator64.exe"
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-23 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-23 26280]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-11-3 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-11-3 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-2 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-5 701512]
R2 TelevisionFanaticService;TelevisionFanaticService;C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe [2013-11-6 44752]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [2013-12-8 1771544]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-1-5 25928]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-11-3 266896]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-11-3 683664]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-11-3 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-11-3 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-11-3 43832]
.
=============== Created Last 30 ================
.
2014-01-05 22:23:03 -------- d-----w- C:\Users\lee\AppData\Roaming\Malwarebytes
2014-01-05 22:22:48 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-05 22:22:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-05 22:22:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-05 22:22:02 -------- d-----w- C:\Users\lee\AppData\Local\Programs
2014-01-05 16:51:08 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8035BE48-8F71-493A-B8EF-A9025CE903F8}\mpengine.dll
2014-01-04 20:30:09 10315576 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-01-03 20:13:05 -------- d-----w- C:\Users\lee\AppData\Local\Google
2014-01-03 20:04:00 -------- d-----w- C:\Users\lee\AppData\Roaming\TeamViewer
2013-12-16 00:34:02 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-16 00:33:58 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-11 22:59:55 965000 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C8CEF50-51A1-4680-AD5C-5497232CEC3D}\gapaengine.dll
2013-12-11 22:59:02 62976 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-11 22:59:01 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-11 22:56:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-12-11 22:56:48 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-12-11 22:56:10 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-12-11 22:56:04 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2013-12-11 22:56:04 365568 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-12-11 22:56:03 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-12-11 22:56:03 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2013-12-11 22:56:03 245248 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-12-11 22:54:59 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll
2013-12-11 22:54:59 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-11 22:54:59 146944 ----a-w- C:\Windows\System32\cscript.exe
2013-12-11 22:54:59 115712 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-11 22:54:58 312320 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 22:54:57 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-11 22:54:52 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-11 22:54:52 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
.
==================== Find3M  ====================
.
2013-12-04 00:53:54 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53:54 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-03 23:54:46 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys
2013-11-04 01:12:10 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2013-11-04 01:12:09 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-11-04 01:12:09 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-11-04 00:32:54 0 ----a-w- C:\Windows\ativpsrm.bin
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-10 11:53:35 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-10-10 09:24:02 143872 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-10 09:22:46 222720 ----a-w- C:\Windows\System32\scrobj.dll
2013-10-10 09:22:46 194048 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-10 09:21:20 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-10-08 22:30:32 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\Windows\System32\storewuauth.dll
.
============= FINISH: 15:09:21.70 ===============
 
Attach.txt:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 11/3/2013 7:14:42 PM
System Uptime: 1/5/2014 2:47:05 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 188B
Processor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 274 GiB total, 244.477 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 2.824 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP9: 12/15/2013 4:35:48 PM - Windows Update
RP10: 12/26/2013 11:21:34 AM - Scheduled Checkpoint
RP11: 1/5/2014 12:32:44 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
AVG SafeGuard toolbar
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
Energy Star
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.0.0
HP Customer Experience Enhancements
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Pokki
Pokki Download Helper
Qualcomm Atheros Driver Installation Program
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Swift Browse 2013.11.07.203600
Synaptics Pointing Device Driver
TelevisionFanatic Internet Explorer Toolbar
weDownload Manager Pro
YouTube
.
==== Event Viewer Messages From Past Week ========
.
1/2/2014 1:27:45 PM, Error: Service Control Manager [7022]  - The Security Center service hung on starting.
1/2/2014 1:25:05 PM, Error: Service Control Manager [7022]  - The HP Support Assistant Service service hung on starting.
.
==== End Of File ===========================
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Jetter! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

AVG SafeGuard toolbar

Pokki

Pokki Download Helper

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites
Jetter

Jetter

Posted
  • Author
Posted

Hello Borislav.

 

Thank you for helping me.  I can see that you all are very busy there and I appreciate the time taken.

Here are the logs that you requested:

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 8 x64
Ran by lee on Mon 01/06/2014 at 13:23:08.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [service] televisionfanaticservice 
Successfully deleted: [service] televisionfanaticservice 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\televisionfanatic search scope monitor
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422362228}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422362228}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Failed to delete: [Folder] "C:\Users\lee\appdata\local\televisionfanatic"
Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\televisionfanatic"
Failed to delete: [Folder] "C:\Program Files (x86)\televisionfanatic"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/06/2014 at 13:41:04.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
AdwCleaner:
 
# AdwCleaner v3.016 - Report created 06/01/2014 at 14:04:24
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : lee - LIVINGROOM
# Running from : C:\Users\lee\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\TelevisionFanatic
Folder Deleted : C:\Program Files (x86)\weDownload Manager Pro
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\lee\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\lee\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\lee\AppData\Local\TelevisionFanatic
Folder Deleted : C:\Users\lee\AppData\LocalLow\weDownload Manager Pro
Folder Deleted : C:\Users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb
File Deleted : C:\Users\lee\AppData\Local\Temp\Uninstall.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wedownload manager pro-bg_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wedownload manager pro-bg_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\weDownload Manager Pro-codedownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\weDownload Manager Pro-codedownloader_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13a747ac-0f75-4834-889a-033e8f849beb}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ff0943e-3ec4-4e3a-94c4-b7a2d3650ff6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c325bb22-92cd-42c3-99e5-6cb47d88377c}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c93b67c2-12bf-469d-9b8c-a20a807e7d99}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d71aadf3-fa71-478f-bd7a-c531dd46acb2}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0696F815-A3A9-490A-BB14-9EC3350B1276}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13a747ac-0f75-4834-889a-033e8f849beb}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ff0943e-3ec4-4e3a-94c4-b7a2d3650ff6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c325bb22-92cd-42c3-99e5-6cb47d88377c}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c93b67c2-12bf-469d-9b8c-a20a807e7d99}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d71aadf3-fa71-478f-bd7a-c531dd46acb2}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Swift Browse
Key Deleted : HKCU\Software\TelevisionFanatic
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanatic
Key Deleted : HKCU\Software\AppDataLow\Software\weDownload Manager Pro
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\TelevisionFanatic
Key Deleted : HKLM\Software\weDownload Manager Pro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload Manager Pro
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Browse
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\lee\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : search_url
Deleted : suggest_url
 
*************************
 
AdwCleaner[R0].txt - [9820 octets] - [06/01/2014 14:00:09]
AdwCleaner[s0].txt - [6829 octets] - [06/01/2014 14:04:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6889 octets] ##########
 
MBAM:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.06.07
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
lee :: LIVINGROOM [administrator]
 
Protection: Enabled
 
1/6/2014 2:23:28 PM
mbam-log-2014-01-06 (14-23-28).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM | P2P
Scan options disabled: Heuristics/Shuriken
Objects scanned: 206217
Time elapsed: 7 minute(s), 27 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Well done, looks fine.

One last additional scan:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
Jetter

Jetter

Posted
  • Author
Posted

Here you go, Maniac.  PC seems to be behaving ok.  Thanks again.

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\utils.exe.vir multiple threats cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil64.dll.vir probably a variant of Win64/Toolbar.Crossrider.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.B application cleaned by deleting - quarantined
C:\Users\lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47EA85R0\AA_v3.exe a variant of Win32/RemoteAdmin.Ammyy.B application cleaned by deleting - quarantined
C:\Users\lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47EA85R0\VideoDownloadConvert.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
C:\Users\lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZEAB8MX\VideoDownloadConvert.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
C:\Users\lee\AppData\Local\Temp\1385723452_wedownload_manager_pro.exe Win32/Packed.ScrambleWrapper.G application cleaned by deleting - quarantined
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Well done! :)

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
When you are done here, let me know how is your system.
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Glad I could help! :)

Step 1

  • Download OTL to your desktop and run it.
  • Click on CleanUp button.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner .

Step 4

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.