Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TornTV


  • Please log in to reply
7 replies to this topic

#1 lonogod

lonogod

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 05 May 2014 - 11:15 AM

I came in to work this morning and opened my browser to find that it was set to a different site than my home page (Sorry, but I didn't think to write down what the website was.).  I set my home page back to what it was and went to see if there had been any recent installed programs.  That's when I saw TornTV and did some research.  Obviously I found that it is Malware.  I'm not feeling any affects right now, but I want to get ahead of this before I do.

 

I am running Windows 8 on a HP laptop.

 

Please help me before this gets out of hand.  Thank you!

 

EDIT:  I opened a different browser, and this was the address.

 

http://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MF2AE387F-88A6-40D4-9A01-9142F3F79C1D&SearchSource=55&CUI=&UM=2&UP=SP03B7BD7A-68EA-4456-9748-F6A8EF54B211&SSPV=


Edited by hamluis, 08 May 2014 - 02:20 PM.
Moved from MRL, no logs, to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:20 AM

Posted 09 May 2014 - 01:32 PM

Hallo lonogod and :welcome:

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Thank you!



#3 lonogod

lonogod
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 11 May 2014 - 07:26 PM

checkup.txt

 

 Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
Windows Defender                  
Norton Internet Security          
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player     13.0.0.206  
 Adobe Reader XI  
 Mozilla Firefox 18.0.2 Firefox out of Date!  
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

 

 

result.txt

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Billy (administrator) on 11-05-2014 at 20:23:46
Running from "C:\Users\Billy\Desktop"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= Event log errors: ===============================

Application errors:
==================
Error: (05/09/2014 05:36:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Mansour)
Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.

Error: (05/09/2014 05:31:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3998539

Error: (05/09/2014 05:31:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3998539

Error: (05/09/2014 05:31:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/09/2014 04:25:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3915

Error: (05/09/2014 04:25:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3915

Error: (05/09/2014 04:25:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/09/2014 04:25:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2480

Error: (05/09/2014 04:25:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2480

Error: (05/09/2014 04:25:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/11/2014 08:12:06 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:23:37 PM on ?5/?9/?2014 was unexpected.

Error: (05/09/2014 04:21:32 PM) (Source: DCOM) (User: Mansour)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (05/09/2014 04:20:51 PM) (Source: DCOM) (User: Mansour)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (05/09/2014 04:02:32 PM) (Source: DCOM) (User: Mansour)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (05/07/2014 05:13:56 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue\SystemRoot\System32\LogFiles\HTTPERR\httperr1.log

Error: (05/05/2014 01:32:38 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/05/2014 11:51:29 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/05/2014 11:09:23 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/02/2014 09:12:49 AM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.10.30 with the system
having network hardware address E8-99-C4-70-35-7C. Network operations on this system may
be disrupted as a result.

Error: (04/19/2014 09:46:04 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (05/09/2014 05:36:43 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Mansour)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos

Error: (05/09/2014 05:31:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3998539

Error: (05/09/2014 05:31:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3998539

Error: (05/09/2014 05:31:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/09/2014 04:25:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3915

Error: (05/09/2014 04:25:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3915

Error: (05/09/2014 04:25:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/09/2014 04:25:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2480

Error: (05/09/2014 04:25:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2480

Error: (05/09/2014 04:25:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2013-07-01 13:27:04.953
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 13:22:46.661
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 13:22:46.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 13:22:46.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 10:04:07.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 10:03:38.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 10:01:56.381
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 10:00:52.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 09:59:43.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 09:58:55.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

4 Elements II (Version: 2.2.0.98)
64 Bit HP CIO Components Installer (Version: 7.2.4)
Adobe Flash Player 13 Plugin (Version: 13.0.0.206)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Fuel (Version: 2012.0808.1024.16666)
AMD Quick Stream (Version: 3.3.26.0)
AMD VISION Engine Control Center (Version: 2012.0808.1024.16666)
Any Video Converter 5.0.9
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
AVG 2013 (Version: 13.0.3469)
AVG 2013 (Version: 13.0.3722)
AVG 2013 (Version: 2013.0.3469)
Bejeweled 3 (Version: 2.2.0.98)
BitTorrent (Version: 7.9.1.30739)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-7840W (Version: 2.0.0.0)
Build-a-lot 4 - Power Source (Version: 2.2.0.98)
calibre (Version: 1.3.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0808.1024.16666)
Catalyst Control Center InstallProxy (Version: 2012.0808.1024.16666)
Catalyst Control Center Localization All (Version: 2012.0808.1024.16666)
CCC Help Chinese Standard (Version: 2012.0808.1023.16666)
CCC Help Chinese Traditional (Version: 2012.0808.1023.16666)
CCC Help Czech (Version: 2012.0808.1023.16666)
CCC Help Danish (Version: 2012.0808.1023.16666)
CCC Help Dutch (Version: 2012.0808.1023.16666)
CCC Help English (Version: 2012.0808.1023.16666)
CCC Help Finnish (Version: 2012.0808.1023.16666)
CCC Help French (Version: 2012.0808.1023.16666)
CCC Help German (Version: 2012.0808.1023.16666)
CCC Help Greek (Version: 2012.0808.1023.16666)
CCC Help Hungarian (Version: 2012.0808.1023.16666)
CCC Help Italian (Version: 2012.0808.1023.16666)
CCC Help Japanese (Version: 2012.0808.1023.16666)
CCC Help Korean (Version: 2012.0808.1023.16666)
CCC Help Norwegian (Version: 2012.0808.1023.16666)
CCC Help Polish (Version: 2012.0808.1023.16666)
CCC Help Portuguese (Version: 2012.0808.1023.16666)
CCC Help Russian (Version: 2012.0808.1023.16666)
CCC Help Spanish (Version: 2012.0808.1023.16666)
CCC Help Swedish (Version: 2012.0808.1023.16666)
CCC Help Thai (Version: 2012.0808.1023.16666)
CCC Help Turkish (Version: 2012.0808.1023.16666)
ccc-utility64 (Version: 2012.0808.1024.16666)
Chuzzle Deluxe (Version: 2.2.0.95)
Corel PaintShop Pro X5 (Version: 15.0.0.183)
Corel PaintShop Pro X5 (Version: 15.1.0.10)
Cradle Of Egypt Collector's Edition (Version: 2.2.0.98)
Cradle of Rome 2 (Version: 2.2.0.98)
CyberLink LabelPrint (Version: 2.5.5.6902)
CyberLink Media Suite 10 (Version: 10.0.4.2928)
CyberLink PhotoDirector (Version: 2.0.1.3119)
CyberLink Power2Go 8 (Version: 8.0.1.1926)
CyberLink PowerDirector 10 (Version: 10.0.1.1925)
CyberLink PowerDVD (Version: 10.0.6.4319)
CyberLink YouCam (Version: 3.5.6.6119)
D3DX10 (Version: 15.4.2368.0902)
Energy Star (Version: 1.0.8)
Farm Frenzy (Version: 2.2.0.98)
FATE: The Cursed King (Version: 2.2.0.97)
Final Drive Fury (Version: 2.2.0.95)
FlatOut 2 (Version: 2.2.0.98)
Free RAR Extract Frog (Version: 4.70)
Google Chrome (Version: 34.0.1847.131)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.24.7)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
High-Logic FontCreator 7
Hoyle Card Games (Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.2.8.1)
HP Connected Music (Meridian - installer) (Version: v1.0)
HP CoolSense (Version: 2.10.62)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.3.0)
HP MyRoom (Version: 9.0.0.0)
HP Postscript Converter (Version: 3.1.3554)
HP Quick Launch (Version: 3.0.3)
HP Recovery Manager (Version: 7.00)
HP Registration Service (Version: 1.0.5976.4186)
HP Software Framework (Version: 4.6.10.1)
HP Support Assistant (Version: 7.4.45.4)
HP Utility Center (Version: 1.0.7)
HP Wireless Button Driver (Version: 1.1.2.1)
ICA (Version: 15.0.0.183)
IDT Audio (Version: 1.0.6425.0)
IPM_PSP_COM (Version: 15.0.0.183)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Jewel Match 3 (Version: 2.2.0.98)
John Deere Drive Green (Version: 2.2.0.95)
LAME v3.99.3 (for Windows)
LeapFrog Connect (Version: 5.3.0.18537)
LeapFrog LeapPad Explorer Plugin (Version: 5.2.1.18456)
Luxor Evolved (Version: 2.2.0.98)
Mahjongg Dimensions Deluxe: Tiles in Time (Version: 2.2.0.98)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (Version: 14.0.6120.5004)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mortimer Beckett and the Crimson Thief Premium Edition (Version: 2.2.0.98)
Mozilla Firefox 18.0.2 (x86 en-US) (Version: 18.0.2)
Mozilla Maintenance Service (Version: 18.0.2)
MSVCRT (Version: 15.4.2862.0708)
Mystery P.I. - Curious Case of Counterfeit Cove (Version: 2.2.0.98)
Norton Internet Security (Version: 20.2.1.22)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Peggle Nights (Version: 2.2.0.98)
Penguins! (Version: 2.2.0.98)
PlayMemories Home (Version: 6.0.02.14151)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.98)
PSPPContent (Version: 15.1.0.9)
PSPPHelp (Version: 15.0.0.183)
PSPPro64 (Version: 15.0.0.183)
Qualcomm Atheros Driver Installation Program (Version: 10.0)
QuickTime (Version: 7.73.80.64)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
Realtek Ethernet Controller Driver (Version: 8.3.730.2012)
Realtek PCIE Card Reader (Version: 6.2.8400.29029)
RealUpgrade 1.1 (Version: 1.1.0)
Roads of Rome 3 (Version: 2.2.0.98)
SaveVid Plug-in (Version: 2.0.0.591)
Setup (Version: 15.0.0.183)
SketchUp 8 (Version: 3.0.16846)
StartIsBack
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.5.3.3)
Tales of Lagoona (Version: 2.2.0.110)
Update Installer for WildTangent Games App
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
Vacation Quest™ - Australia (Version: 2.2.0.98)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WildTangent Games (Version: 1.0.3.0)
WildTangent Games App (Version: 4.0.9.6)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zuma's Revenge (Version: 2.2.0.98)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 5602.26 MB
Available physical RAM: 4289.67 MB
Total Pagefile: 6498.26 MB
Available Pagefile: 5071.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.68 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:439.69 GB) (Free:285.15 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:25.31 GB) (Free:3.02 GB) NTFS

========================= Users: ========================================

User accounts for \\MANSOUR

Administrator            Billy                    Guest                    


**** End of log ****



#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:20 AM

Posted 12 May 2014 - 06:38 AM

Hallo lonogod!

You have two antiviruses and should uninstall one of them.AVG or Norton.If remains Norton disable Windows Firewall.

Do you know what is this - Setup (Version: 15.0.0.183)?

Download and install latest Java - https://www.java.com/en/download/

Download and install latest Firefox - http://www.mozilla.org/en-US/firefox/channel/#firefox

Also Internet Explorer - http://windows.microsoft.com/en-us/internet-explorer/download-ie

Uninstall Malwarebytes 1.75

Please download AdwCleaner by Xplode HERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

 

 Download Malwarebytes' Anti-Malware Free 2.0 HERE to your desktop.
    - Do not accept the Free Trial Version at this time -
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

 

Thank you!



#5 lonogod

lonogod
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 12 May 2014 - 09:08 AM

I tried to uninstall Norton, but it wouldn't let me.  I went to Control Panel to uninstall.  Clicked the uninstall button, but nothing happens.  Nothing opens or anything.

 

I have no idea what Setup (Version: 15.0.0.183) is.  I don't even know where it is.

 

 

AdwCleaner[S0].txt

 

# AdwCleaner v3.208 - Report created 12/05/2014 at 09:14:44
# Updated 11/05/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Billy - MANSOUR
# Running from : C:\Users\Billy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\Billy\AppData\Local\PackageAware
Folder Deleted : C:\Users\Billy\AppData\LocalLow\Torntv V9.0
Folder Deleted : C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com
File Deleted : C:\Users\Billy\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\searchplugins\conduit-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131190}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("extensions.crossrider.bic", "145ccec6cb2416b08cc70914a3bcb2b0");

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MF2AE387F-88A6-40D4-9A01-9142F3F79C1D&SearchSource=55&CUI=&UM=2&UP=SP03B7BD7A-68EA-4456-9748-F6A8EF54B211&SSPV=
Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn

*************************

AdwCleaner[R0].txt - [5100 octets] - [12/05/2014 09:12:30]
AdwCleaner[S0].txt - [4781 octets] - [12/05/2014 09:14:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4841 octets] ##########
 

 

 

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Billy on Mon 05/12/2014 at  9:20:27.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Billy\appdata\local\{0BEF1797-7EB5-41F2-8A12-79112C50C25E}
Successfully deleted: [Empty Folder] C:\Users\Billy\appdata\local\{81DCE2D4-FA95-4DB9-9EE7-D1DA8286F1B3}
Successfully deleted: [Empty Folder] C:\Users\Billy\appdata\local\{89DD57D3-86B8-4E85-950D-C95069DE8D79}
Successfully deleted: [Empty Folder] C:\Users\Billy\appdata\local\{8C5F0666-72F0-4E65-9CCE-354401ED8042}
Successfully deleted: [Empty Folder] C:\Users\Billy\appdata\local\{DDA99CED-7485-4BD4-81C6-2EC8B637F0C8}
Successfully deleted: [Empty Folder] C:\Users\Billy\appdata\local\{EE8F18B8-F7D4-46FF-AEA3-0AE1DBFA3551}
Successfully deleted: [Empty Folder] C:\Users\Billy\appdata\local\{FCD6D35C-F793-4D2E-965D-E7948C8B7D48}



~~~ FireFox

Successfully deleted the following from C:\Users\Billy\AppData\Roaming\mozilla\firefox\profiles\yvasoue2.default\prefs.js

user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.testingGaq.value", "%22hxxp%3A//extclickmedia-maynemyltf.netdna-ss
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.name", "Torntv V9.0");
Emptied folder: C:\Users\Billy\AppData\Roaming\mozilla\firefox\profiles\yvasoue2.default\minidumps [86 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/12/2014 at  9:27:08.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Malwarebytes.txt

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/12/2014
Scan Time: 9:48:04 AM
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.12.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Billy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280754
Time Elapsed: 17 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [6221ba96a1dace68dcf59af69d658d73],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by lonogod, 12 May 2014 - 09:43 AM.


#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:20 AM

Posted 12 May 2014 - 09:44 AM

Hallo lonogod!

So uninstall AVG free.Norton is better.Also disable Windows Firewall to not have conflicts and slow down your PC.

Start AdwCleaner and click Uninstall button and it will disappear.JRT just delete.

Corel PaintShop Pro X5 (Version: 15.0.0.183) related to this Setup (Version: 15.0.0.183).Sorry!

 

Download HitmanPro x64 from HERE onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

Thank you!



#7 lonogod

lonogod
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 13 May 2014 - 07:54 AM

I don't actually have Norton.  It may be in my program list, but I do not have it.  I just need to be able to delete Norton.

 

 

HitmanPro_20140513_0852.txt

 

HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : MANSOUR
   Windows . . . . . . . : 6.2.0.9200.X64/4
   User name . . . . . . : Mansour\Billy
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-05-13 08:45:49
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 57s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 13

   Objects scanned . . . : 1,991,864
   Files scanned . . . . : 63,619
   Remnants scanned  . . : 489,900 files / 1,438,345 keys

Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Web Data

   conduit.search
   C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Web Data


Cookies _____________________________________________________________________

   C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\cookies.sqlite:advertising.com
   C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\cookies.sqlite:apmebf.com
   C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\cookies.sqlite:atdmt.com
   C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\cookies.sqlite:doubleclick.net
   C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\cookies.sqlite:emjcd.com
   C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\cookies.sqlite:fastclick.net
   C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\cookies.sqlite:linksynergy.com
   C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\cookies.sqlite:mediaplex.com
   C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\yvasoue2.default\cookies.sqlite:yieldmanager.net
 

#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:20 AM

Posted 13 May 2014 - 11:26 AM

Hallo lonogod!

Click Next to remove the threads.You may need to acticate trial version.

Also see here - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

Use their removal tool.I saw it was listed- Norton Internet Security.

 

You may uninstall HitmanPro standard way from Programs and Features.

 

Please download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish

 

After that say if you have still problems according your first description.

Thank you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users