Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cloudfront.net [Solved]


  • This topic is locked This topic is locked

#16
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
We don't recommend running Hitman here, as it can make your computer unbootable.

Do you recognize this task on your PC: PAV.job?

Run this fix and let me know what symptoms remain.


Step 1: Run OTL fix.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKU\S-1-5-21-4093085210-3276581103-882992531-1000\..\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}: "URL" = http://www.ffgoo.com...8&oe=utf-8&aq=t
    
    FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
    [2013/06/28 14:03:02 | 000,000,000 | ---D | M] (InfoSeeker) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
    
    O2 - BHO: (InfoSeeker) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\InfoSeeker\IE\common.dll (Big Water Applications, LLC)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    
    [2013/06/28 14:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\We-Care Reminder
    [2013/06/28 14:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\InfoSeeker
    
    :Files
    dir C:\779b0474515dc822bb3a872e281e35bd\*.* /S /c
    dir C:\3a81e36f66334a4c95c7ae\*.* /S /c
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Step 2: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3: Run FSS


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the all of the options are checked:

    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things I need in your next reply:
  • OTL fix log
  • adwCleaner log
  • FSS log
  • What symptoms remain on your computer?

  • 0

Advertisements


#17
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I see there is a PAV.job in the C:\Windows\Tasks but I do not know how to run it? Did you want me to run it or just the OTL fix...
Kathy
  • 0

#18
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
No, I don't want you to run it. I just wanted to know if you created it/knew what it was for.

Proceed with the fix.
  • 0

#19
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Results of OTL (fix Log) Found in C:\_OTL\Moved Files\date

V========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4093085210-3276581103-882992531-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin\ deleted successfully.
C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ deleted successfully.
C:\Program Files\InfoSeeker\IE\common.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\We-Care Reminder folder moved successfully.
C:\Program Files\InfoSeeker\IE folder moved successfully.
C:\Program Files\InfoSeeker\Firefox\chrome\content folder moved successfully.
C:\Program Files\InfoSeeker\Firefox\chrome folder moved successfully.
C:\Program Files\InfoSeeker\Firefox folder moved successfully.
C:\Program Files\InfoSeeker\Chrome\unzip folder moved successfully.
C:\Program Files\InfoSeeker\Chrome folder moved successfully.
C:\Program Files\InfoSeeker folder moved successfully.
========== FILES ==========
< dir C:\779b0474515dc822bb3a872e281e35bd\*.* /S /c >
Volume in drive C is OS
Volume Serial Number is F8FC-2A5A
Directory of C:\779b0474515dc822bb3a872e281e35bd
06/27/2013 02:24 PM <DIR> .
06/27/2013 02:24 PM <DIR> ..
06/02/2013 05:28 PM 3,862,040 mrt.exe._p
06/02/2013 05:20 PM 93,832 mrtstub.exe
2 File(s) 3,955,872 bytes
Total Files Listed:
2 File(s) 3,955,872 bytes
2 Dir(s) 40,753,483,776 bytes free
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
< dir C:\3a81e36f66334a4c95c7ae\*.* /S /c >
Volume in drive C is OS
Volume Serial Number is F8FC-2A5A
Directory of C:\3a81e36f66334a4c95c7ae
06/17/2013 06:02 PM <DIR> .
06/17/2013 06:02 PM <DIR> ..
06/02/2013 05:28 PM 3,862,040 mrt.exe._p
06/02/2013 05:20 PM 93,832 mrtstub.exe
2 File(s) 3,955,872 bytes
Total Files Listed:
2 File(s) 3,955,872 bytes
2 Dir(s) 40,752,992,256 bytes free
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 07022013_223150
  • 0

#20
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
adwCleaner log:Found 2 of them this one marked [R1]

# AdwCleaner v2.303 - Logfile created 07/02/2013 at 22:54:46
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\WeCareReminder

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2922 octets] - [02/07/2013 22:54:46]

########## EOF - C:\AdwCleaner[R1].txt - [2982 octets] ##########
  • 0

#21
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Here's the second adwcleaner results:

# AdwCleaner v2.303 - Logfile created 07/02/2013 at 23:32:52
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\WeCareReminder

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3051 octets] - [02/07/2013 22:54:46]
AdwCleaner[S1].txt - [3034 octets] - [02/07/2013 23:32:52]

########## EOF - C:\AdwCleaner[S1].txt - [3094 octets] ##########
  • 0

#22
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
FSS log:

Farbar Service Scanner Version: 27-06-2013
Ran by User (administrator) on 02-07-2013 at 23:46:57
Running from "C:\Users\User\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-12 19:22] - [2010-06-16 12:39] - 0912776 ____A (Microsoft Corporation) 6A10AFCE0B38371064BE41C1FBFD3C6B

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#23
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Current Symptoms:

No more scareware popping up.
Seems to be running faster, but the internet is still a little slow.

Should Windows Defender be running?

With all the tools now on this machine which ones should be used, deleted, or hidden for future use?
1. SUPERANTISPYWARE,
2. MALWAREBYTES,
3. ADWCLEANER,
4. MICROSOFT SECURITY ESSENTIALS,
5. TDSS,
6. IEXPLORE,
7. RKILL,
8. FSS,
9. OLT,
10.aswMBR
11. Hitman
  • 0

#24
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
For everyday protection, I recommend just Microsoft Security Essentials and Malwarebytes (free version). All of our tools are just for removal and are updated regularly, so we will remove them when we are done.

For now, let's scan for any remnants.


Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.
  • Open and update Malwarebytes.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Tell me about the internet slowness. Is it just in one browser? Any particular site?

  • 0

#25
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Everything appears to be running fine. No pop-ups and the internet seems back to normal speed. The 3 logs will be coming in 3 messages. The first Security Check Log: oops still looking for it - here is the ESET log

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4d983327a7e8cf49b5bc914eaa6adaab
# engine=14274
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-05 01:13:30
# local_time=2013-07-04 09:13:30 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 0 209594382 0 0
# scanned=164566
# found=0
# cleaned=0
# scan_time=4793
  • 0

Advertisements


#26
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Here is the MBAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6002 Service Pack 2

7/3/2013 10:14:42 PM
mbam-log-2013-07-03 (22-14-42).txt

Scan type: Quick Scan
Objects scanned: 84076
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#27
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I never did find the SecurityCheck log. so I ran the sequence again.

Here's the Security check:

Results of screen317's Security Check version 0.99.68
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
Java™ 6 Update 5
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````




Here's the MBAM log:


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6002 Service Pack 2

7/5/2013 7:49:45 PM
mbam-log-2013-07-05 (19-49-45).txt

Scan type: Quick Scan
Objects scanned: 83803
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here's the ESET log:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4d983327a7e8cf49b5bc914eaa6adaab
# engine=14274
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-05 01:13:30
# local_time=2013-07-04 09:13:30 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 0 209594382 0 0
# scanned=164566
# found=0
# cleaned=0
# scan_time=4793
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4d983327a7e8cf49b5bc914eaa6adaab
# engine=14286
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-06 01:43:06
# local_time=2013-07-05 09:43:06 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 0 209682558 0 0
# scanned=165145
# found=4
# cleaned=0
# scan_time=6281
sh=38A6B92B9972311CE872814FD9C66FAEFA0EA467 ft=1 fh=1e15ad8a177b2f24 vn="Win32/Toolbar.MyWebSearch application" ac=I fn="C:\Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll"
sh=5408427EB7F7C237112D6D1B43CBD94D284D0F2A ft=1 fh=779be9eb498d6830 vn="Win32/Toolbar.MyWebSearch application" ac=I fn="C:\Program Files\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll"
sh=36E136980445B9DF69B0B4ACACF255C5EF6CD968 ft=1 fh=88903a7f24aaef61 vn="a variant of Win32/ExFriendAlert.B application" ac=I fn="C:\_OTL\MovedFiles\07022013_223150\C_Program Files\InfoSeeker\IE\common.dll"
sh=C6DA3DC8713ED168E4A53F19EABB6B9D4FC392DB ft=1 fh=dcb51e3aa98c50e8 vn="Win32/Toolbar.MyWebSearch application" ac=I fn="C:\_OTL\MovedFiles\07022013_223150\C_Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll"



However I also caught this file at the end of the scan - it looks like what's in the log:

C:\Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\07022013_223150\C_Program Files\InfoSeeker\IE\common.dll a variant of Win32/ExFriendAlert.B application
C:\_OTL\MovedFiles\07022013_223150\C_Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll Win32/Toolbar.MyWebSearch application


Kathy
  • 0

#28
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
p.s. I noticed when I come back to the forum to update the topic - I see two identical entries. Am I not sending the reply in the proper manner?
  • 0

#29
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I don't see a double post, but sometimes it happens.

We need to uninstall TVFanatic. See if you can find it and uninstall it from the Add/Remove Programs menu of the Control Panel. If not, we will do it manually.
  • 0

#30
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
It is not in the add/remove programs. Found C:\program files\Television FanaticEI, folder Installr, folder 1.bin, folder chrome (noting in it) and 64EIplug.dll and 64EZsetp.dll. Did not look in the registry.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP