Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Generic17.AMPT


  • Please log in to reply
20 replies to this topic

#1 adskiam

adskiam

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 28 April 2014 - 04:27 PM

Hey and thanks in advance for any help.

 

I keep getting a warning message from AVG Anitvirus about Trojan Horse Generic17.AMPT. Typically it is a few times a day and i keep clicking Remove. It is starting to get annoying and (i assume) something I should get rid of. I have tried various scans including, Symantec, AVG, spybot, TDSSKiller, Sophos and Avast (maybe even a few others i forgot about) of which none has solved the problem. I am currently actively running Symantec and AVG. So, now i am calling out for some more tech-savy people for help because it is over my head and i am trying to avoid wiping my hard drive and starting from scratch. 

 

The typical message I get from AVG is "Trojan Horse Generic17.AMPT" ...... "c:\users\adam\appdata\local\temp\dwhXXXX.exe" for the XXXX - the end of the extension changes each time. Result "infected". I have already tried to clear my temp data since that is there the file is, but that has done nothing. 

 

I am running Windows 7 Ultimate 64 bit with SP1

 

Thanks again



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 28 April 2014 - 07:38 PM

Hello -

The item you list is the AVG "Generic" version of the infection -

 

Please run these programs to try and flush it out.

 

First -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Please Copy and Paste the small log back here

 

Important: Do not reboot your computer until you complete the next step.

 

Now:  Download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button. (only Once)
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.
• NOW : If you're ready to clean it all up.....click the Clean button. (only Once)
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next -

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virus
This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3 in this post

1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
a - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
b - Double click on the  icon on your desktop.
4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as this will take some time (first time scans are always longer).
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.

 

Please reply with ... Security Check log

RKill log

AdwCleaner log

Any ESET log

Tell us if the situation has inproved or ............


Edited by noknojon, 28 April 2014 - 07:46 PM.


#3 adskiam

adskiam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 29 April 2014 - 02:07 PM

I have completed everything in the above list....here are my results:

 

Security check log:

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
Symantec Endpoint Protection      
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Java 7 Update 55  
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
RKill Log:
Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/29/2014 12:03:17 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\user32.dll : 1,008,640 : 01/07/2012 09:36 PM : 2c353b6ce0c8d03225caa2af33b68d79 [NoSig]
 +-> C:\Windows\SysWOW64\user32.dll : 833,024 : 01/07/2012 09:36 PM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/20/2010 11:24 PM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/20/2010 11:24 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
 
  20 out of 15490 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 04/29/2014 12:03:42 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)
 
ADWCleaner Log:

# AdwCleaner v3.205 - Report created 29/04/2014 at 12:14:39
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Adam - ADAM_COMPUTER
# Running from : C:\Users\Adam\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
[x] Not Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Adam\.android
[x] Not Deleted : C:\Users\Adam\AppData\Local\AVG Secure Search
[x] Not Deleted : C:\Users\Adam\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Adam\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Adam\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Adam\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Adam\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\Adam\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf
Folder Deleted : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf
Key Deleted : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Torntv Downloader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8660E5B3-6C41-44DE-8503-98D99BBECD41}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : banjjklfojcdbofbhbgiedekefohoaff
Deleted [Extension] : cnpkmcjgpcihgfnkcjapiaabbbplkcmf
 
*************************
 
AdwCleaner[R0].txt - [11659 octets] - [29/04/2014 12:07:34]
AdwCleaner[S0].txt - [11041 octets] - [29/04/2014 12:14:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11102 octets] ##########
 
ESET Log:

C:\AdwCleaner\Quarantine\C\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.400.4_0\APISupport\APISupport.dll.vir a variant of Win32/Toolbar.Conduit.Z potentially unwanted application deleted - quarantined
C:\Temp\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\Adam\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
 
 
I will keep an eye on the situation for the next day or two and report back. Let me know if there is anything else that I will have to do. Thanks again for any help you can give. 


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 29 April 2014 - 06:36 PM

Hi -

Just a few included items -

 

You must reduce these to 1 Antivirus program and 1 Firewall program only.
Windows Firewall Enabled! 
Spybot - Search & Destroy
AVG AntiVirus Free Edition 2014  
Symantec Endpoint Protection
Symantec Endpoint Protection, developed by Symantec Corporation, is an Antivirus and personal Firewall product leveled at centrally managed corporate environments security for servers and workstations.

 

Please make a decision, and I will link the correct Uninstall Methods for the other programs.

Please read Symantec Endpoint Protection for the Norton description -Type - Antivirus and personal firewall

 

Update Adobe Reader from HERE (it should be Version X1 ((Eleven))
Delete all old versions of Adobe Reader from Programs and Features.
Do not accept the Advertising offer from them to add Google Extra toolbar and change your home page.

 

This => ESET Log: C:\AdwCleaner\Quarantine is just emptying out AdwCleaner Quarantine.

 

Last check -


•Download new Malwarebytes Anti-Malware Free V2.0.1 and save it to your desktop
•Double click the desktop icon, click Run, then OK
•Click Next
•Select I accept the agreement then continue to click Next then finally click Install
•Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
•If you are notified the Database is out of date click Update Now
•Click Scan Now >>
----------

•Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
•Click Start (Start, Search, All files and folders for Windows XP) then type mbam
•Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan
mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

•When completed click the down arrow on Export Log and select Text file (*.txt)
•Save the file to your desktop as MBAM
•Click Apply Actions then restart your computer if requested
•Copy and past the contents of MBAM.txt in your reply

 

 

Once all is completed -

Please download Temp File Cleaner by Old Timer
* Close ALL running applications as TFC will terminate them before cleaning up the temporary files only.
* Double-click on the TFC icon.
* Vista / Windows 7 & 8 users Right click on the icon and select Run as Administrator
* When the program opens, click on the Start button. 
* TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
* When done, press OK and reboot your computer to fully finish the cleanup.

No log is produced -



#5 adskiam

adskiam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 29 April 2014 - 07:03 PM

Just so I am clear...if i am choosing to keep Symantec Endpoint Protection, then i should disable Windows Firewall and uninstall Spybot and AVG because Symantec acts as both a firewall and antivirus? 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 29 April 2014 - 07:12 PM

Yes -

That is correct, and that is why I left the link to Symantic above -

 

Please read Symantec Endpoint Protection for the Norton description -Type - Antivirus and personal firewall



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 29 April 2014 - 07:18 PM

EXTRA -

This was included as it was a quote from Wiki -

 

Symantec Endpoint Protection, developed by Symantec Corporation, is an Antivirus and personal Firewall product leveled at centrally managed corporate environments security for servers and workstations.



#8 adskiam

adskiam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 29 April 2014 - 07:20 PM

Ok, then i will leave Symantec active and disable/uninstall the others. I assume for Spybot and AVG I can uninstall via the control panel add/remove programs?



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 29 April 2014 - 07:30 PM

There is an AVG Uninstall page HERE if you wish to follow it.
The others should uninstall from Programs and Features.
Basically, open the M/soft Security page and just Disable the Firewall there.
 

Too many Antivirus programs will produce False results in their scans -


Edited by noknojon, 29 April 2014 - 07:30 PM.


#10 adskiam

adskiam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 29 April 2014 - 07:42 PM

I have uninstalled AVG and Spybot. When I go to the windows firewall settings, there is a yellow box stating that "These settings are being managed by vendor application Symantec Endpoint Protection". How should I go about disabling the firewall sense Symantec is controlling it? I just want to make sure I get the correct thing. Thanks again 



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 29 April 2014 - 07:50 PM

No Problem ....

Symantec is looking after that for you and using the required settings

 

Thanks for asking and being concerned (doing very good) -



#12 adskiam

adskiam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 29 April 2014 - 08:37 PM

Here is the MBAM Log:

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 4/29/2014
Scan Time: 9:20:32 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.30.01
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Adam
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351151
Time Elapsed: 19 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-403547546-3893159886-2499932581-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{66516A07-F617-488A-90CF-4E690CFB3C5F}, , [e8911f11c1ba6cca778e4ecfb9496e92], 
 
Registry Values: 2
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ShopAtHomeWatcher, C:\Users\Adam\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe, , [ee8b46ea45363ef8f9ec790724debd43]
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ShopAtHomeUpdater, C:\Users\Adam\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe, , [8aef33fd2556fa3c28bcfc84d52d6e92]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.ShopAtHome.A, C:\Users\Adam\AppData\Roaming\ShopAtHome, , [da9f55db205b45f15091285826dc1be5], 
PUP.Optional.ShopAtHome.A, C:\Users\Adam\AppData\Roaming\ShopAtHome\ShopAtHomeHelper, , [da9f55db205b45f15091285826dc1be5], 
 
Files: 4
PUP.Optional.ShopAtHome.A, C:\Users\Adam\AppData\Roaming\ShopAtHome\ShopAtHomeAppInstaller_C104247480_D1_R1042637.exe, , [a2d7f838d1aa999de7743e1e936e5aa6], 
PUP.Optional.ShopAtHome.A, C:\Users\Adam\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\HttpHandle302.dll, , [3445ba76e794c472f6640854a75a6997], 
PUP.Optional.ShopAtHome.A, C:\Users\Adam\AppData\Roaming\ShopAtHome\install.log, , [da9f55db205b45f15091285826dc1be5], 
PUP.Optional.ShopAtHome.A, C:\Users\Adam\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\install.log, , [da9f55db205b45f15091285826dc1be5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
--Temp File Cleaner has been run as well...


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 29 April 2014 - 08:41 PM

That is good -

Now can you run a scan with Symantic please -



#14 adskiam

adskiam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 29 April 2014 - 08:45 PM

Is this a full scan or an active scan?

#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 29 April 2014 - 09:13 PM

Sorry, I was on another topic.

 

I want you to pick the type of scan, as I do not have the program installed.

If you have a Full Scan listed, please hit that and see if it will run -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users