Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

# Trojans, Adware, Browser Hijack, "Television Fanatic" "Waj

### #46 kepayne228 Posted 18 September 2014 - 06:46 PM

kepayne228

Member

• Topic Starter
• Member
• 79 posts

ESET Scan

C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\NewVideoPlayer.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\NewVideoPlayerUpdater.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir JS/Superfish.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir JS/Superfish.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\references\NewPlayerChecker.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\supporter\Supporter.dll.vir a variant of Win32/SProtector.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64auxstb.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64auxstb64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64bprtct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64brmon64.exe.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64brstub.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64brstub64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64dlghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64dlghk64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64feedmg.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64htmlmu.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64httpct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64idle.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64ieovr.dll.vir Win32/Toolbar.MyWebSearch.AG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64mlbtn.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64Plugin.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64regfft.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64regiet.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64script.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64srchmr.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64tpinst.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe.vir a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\AppIntegratorStub64.dll.vir a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\ASSISTMONITOR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\ASSISTMONITOR64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\CREXT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\CrExtP64.exe.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\DPNMNGR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\EXEMANAGER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\FF-NativeMessagingDispatcher.dll.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\Hpg64.dll.vir a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll.vir Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\T8EPMSUP.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\T8HTML.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\T8TICKER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\TPIMANAGERCONSOLE.EXE.vir Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\VERIFY.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE.vir Win32/Toolbar.MyWebSearch.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll.vir a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll.vir a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\3585214E.exe.vir a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\LocalLow\TotalRecipeSearch_14EI\Installr\Cache\A2FF5539.exe.vir a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application
C:\FRST\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected]\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected]\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\C\Users\Pat\Desktop\TelevisionFanaticSetup2.5.14.84.^XP^man000^YYA^.exe.xBAD a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application
C:\Users\Pat\AppData\Local\NSManager\manager.exe Win32/Itsalike.A potentially unwanted application

• 0

### #47 LiquidTension Posted 18 September 2014 - 06:57 PM

LiquidTension

Expert

• Expert
• 1,151 posts

Hi Keisha,

In actual fact, everything (bar one) identified in the ESET log are files we've already removed. If you have a look at the file paths, you'll either see AdwCleaner Quarantine or FRST Quarantine; both of which tools we've used to remove the files. At the end of this process I will provide instructions on how to remove the tools we've used. This will automatically remove the quarantine folders as well.

Are there any outstanding issues with your computer?

• 0

### #48 kepayne228 Posted 18 September 2014 - 07:13 PM

kepayne228

Member

• Topic Starter
• Member
• 79 posts

Oh yay! I was worried there for a second. There are no outstanding issues with this computer.

• 0

### #49 LiquidTension Posted 18 September 2014 - 07:28 PM

LiquidTension

Expert

• Expert
• 1,151 posts

There are no outstanding issues with this computer.

Very good.

STEP 1
Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
start
C:\Users\Pat\AppData\Local\NSManager
EmptyTemp:
end
• Click FileSave As and type fixlist.txt as the File Name
• Important: The file must be saved in the same location as FRST.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST.exe and select  Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
Update Outdated Software

STEP 3
Remove Outdated Software

• Press the Windows Key  + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for the following programmes, right-click and click Uninstall one at a time.
• Note: The programmes below may not be present. If so, please move on.
• Adobe Flash Player 10 Plugin
• Java™ SE Runtime Environment 6 Update 1
• Follow the prompts and reboot if necessary.

STEP 4
Security Check

• Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
• A log (checkup.txt) will automatically open on your Desktop.
• Copy the contents of the log and paste in your next reply.

======================================================

STEP 5
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• checkup.txt
• How is your computer performing? Are there any outstanding issues?

• 0

### #50 kepayne228 Posted 18 September 2014 - 07:56 PM

kepayne228

Member

• Topic Starter
• Member
• 79 posts

I don't see anywhere on the Java website that it has a version for 32-bit Windows. Can I just uninstall Java?

• 0

### #51 LiquidTension Posted 18 September 2014 - 07:59 PM

LiquidTension

Expert

• Expert
• 1,151 posts

Yes, if you have no specific purpose for the programme.
Here's some interesting information on Java.

Using  Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.

• 0

### #52 kepayne228 Posted 18 September 2014 - 08:11 PM

kepayne228

Member

• Topic Starter
• Member
• 79 posts

I had heard those questionable things about it. I am going to uninstall it.

• 0

### #53 LiquidTension Posted 18 September 2014 - 09:04 PM

LiquidTension

Expert

• Expert
• 1,151 posts

Okay, good idea.

Post up checkup.txt when you're ready.

• 0

### #54 kepayne228 Posted 18 September 2014 - 09:07 PM

kepayne228

Member

• Topic Starter
• Member
• 79 posts

Results of screen317's Security Check version 0.99.87
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
Internet Explorer 8
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
Adobe Flash Player 10 Flash Player out of Date!
Mozilla Firefox (32.0.1)
Process Check: objlist.exe by Laurent
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
System Health check
Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
End of Log

The computer seems to be doing very well now Adam
• 0

### #55 LiquidTension Posted 18 September 2014 - 09:17 PM

LiquidTension

Expert

• Expert
• 1,151 posts

Hi Keisha,

If you wish to install Internet Explorer 9, you can do so here.

Adobe Flash Player 10 Flash Player out of Date!

Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

If you don't have a Solid State Drive (SSD), you may wish to perform a defrag.
Instructions can be found here.

All Clean!
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful

My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation.

STEP 1
DelFix

• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
• Activate UAC
• Remove disinfection tools
• Create registry backup
• Purge system restore
• Reset system settings
• Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.

======================================================

Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

•  Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus.
•  Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
•  Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus.
•  NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
•  Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file.
•  Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
•  SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
•  Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs.
•  Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website.

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.

======================================================

Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread.

Thank you for using Geeks to Go.

Safe Surfing.

• 0

### #56 kepayne228 Posted 19 September 2014 - 01:18 AM

kepayne228

Member

• Topic Starter
• Member
• 79 posts

Hi Adam. It seems good for now. I want to go back over there in a couple of days to check on things. I don't know if you want to close the topic or not just yet. You are welcome to. If you can wait a couple of days that would be great too.

Sent you a little something. Sorry but the dollar to pound exchange rate is crappy!

Have a good night.

• 0

### #57 LiquidTension Posted 19 September 2014 - 03:08 AM

LiquidTension

Expert

• Expert
• 1,151 posts
Hi Keish,

I am more than happy to keep the thread open for the time being. Please keep me informed.

Thank you very much for your donation.
• 0

### #58 kepayne228 Posted 19 September 2014 - 01:40 PM

kepayne228

Member

• Topic Starter
• Member
• 79 posts

I will have a final update for you on Sunday

• 0

### #59 LiquidTension Posted 19 September 2014 - 01:41 PM

LiquidTension

Expert

• Expert
• 1,151 posts

Sounds good, Keisha.

• 0

### #60 LiquidTension Posted 22 September 2014 - 02:36 AM

LiquidTension

Expert

• Expert
• 1,151 posts

Hi Keisha,

Just checking in to see how you've been getting on with your computer?

• 0

### Similar Topics

#### 0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users