Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
22 replies to this topic

#16 decon21

decon21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 19 November 2016 - 03:22 PM

C:\Users\All Users\InstallMate\{111B4319-A119-4669-A482-E93BCAF861EF}\Custom.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dl Win32/Toolbar.SearchSuite potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Win32/Toolbar.SearchSuite potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dl a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Zynga\tbZyng.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application cleaned by deleting
C:\ProgramData\InstallMate\{111B4319-A119-4669-A482-E93BCAF861EF}\Custom.dll a variant of Win32/InstalleRex.T potentially unwanted application cleaned by deleting
C:\Users\Shawn\AppData\LocalLow\Zynga\ldrtbZyn0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
C:\Users\Shawn\AppData\LocalLow\Zynga\tbZyn0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
C:\Windows\System32\dmwu.exe_old a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\Windows\System32\ljkb\lmrn.dll a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\Windows\System32\ljkb\stij.exe a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\Windows\System32\tprb\dnkt.exe a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\Windows\System32\tprb\5108\nsib.dll a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\Windows\System32\tprb\5113\nsib.dll a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\Windows\System32\tprb\5154\nsib.dll a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\Windows\SysWOW64\mjcm\dnkt.exe a variant of Win32/Toolbar.Perion.H potentially unwanted application cleaned by deleting
C:\Windows\SysWOW64\mjcm\5108\nsib.dll a variant of Win32/Toolbar.Perion.H potentially unwanted application cleaned by deleting
C:\Windows\SysWOW64\mjcm\5113\nsib.dll a variant of Win32/Toolbar.Perion.H potentially unwanted application cleaned by deleting
C:\Windows\SysWOW64\mjcm\5154\nsib.dll a variant of Win32/Toolbar.Perion.H potentially unwanted application cleaned by deleting


BC AdBot (Login to Remove)

 


#17 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:04 PM

Posted 19 November 2016 - 04:51 PM

Thanks for that decon21

This just proves one thing... never take anything for granted.
Hopefully that should have got everything..... but let's run another check to be absolutely sure.

Please download RogueKiller Anti-malware (Free) onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on RogueKiller Anti-malware to install the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Select Accept the User Agreement then continue to click Next then finally click Install
  • Click Finish
    .
  • When the program opens..... click Scan

    rk1_zpsn7bfbew7.png
  • Click Start Scan

    rk2_zpszu8aygv0.png

    rk4_zpsj0fwsy1w.png
  • Double check anything found and tick to select items to be removed

    rk3_zps0k0uqbtb.png
  • Click Remove Selected
  • When the items have been removed.... Click Open Report >> Open TXT.
  • Copy and paste that report into your next reply.
Thanks

BBPP6nz.png


#18 decon21

decon21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 20 November 2016 - 12:52 AM

RogueKiller V12.8.1.0 (x64) [Nov 14 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shawn [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/19/2016 22:22:27 (Duration : 00:34:05)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 49 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\ilivid -> Deleted
[PUP] (X64) HKEY_CLASSES_ROOT\Search.BrowserWndAPI -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Web Assistant -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\APN -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\ilivid -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\ParetoLogic -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Web Assistant -> Deleted
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Deleted
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\IM -> Deleted
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Deleted
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\IM -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\APN -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\IGearSettings -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\ilivid -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\IM -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Surf Canyon -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\YahooPartnerToolbar -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\APN -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\IGearSettings -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\ilivid -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\IM -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Surf Canyon -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\YahooPartnerToolbar -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\IM -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\IM -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\AppDataLow\Toolbar -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\AppDataLow\Toolbar -> Deleted
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar -> Deleted
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\AppDataLow\Software\Conduit -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\AppDataLow\Software\Conduit -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.toshiba.ca/welcome  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.toshiba.ca/welcome  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.16.1.254 142.165.21.5 ([][-])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 172.16.1.254 142.165.21.5 ([][-])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{32190FDF-D106-47AD-A6BE-AE4AA606D184} | DhcpNameServer : 172.16.1.254 ([])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4F43E652-8F57-4562-9BF6-DC8F939389B0} | DhcpNameServer : 172.16.1.254 142.165.21.5 ([][-])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{32190FDF-D106-47AD-A6BE-AE4AA606D184} | DhcpNameServer : 172.16.1.254 ([])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4F43E652-8F57-4562-9BF6-DC8F939389B0} | DhcpNameServer : 172.16.1.254 142.165.21.5 ([][-])  -> Replaced ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 15 ¤¤¤
[PUP][Folder] C:\ProgramData\EmailNotifier -> Deleted
[PUP][File] C:\ProgramData\EmailNotifier\EmailNotifier.exe -> Deleted
[PUP][File] C:\ProgramData\EmailNotifier\EmailNotifierAPI.dll -> Deleted
[PUP][File] C:\ProgramData\EmailNotifier\EmailNotifierEN.lng -> Deleted
[PUP][File] C:\ProgramData\EmailNotifier\EmailNotifierFR.lng -> Deleted
[PUP][Folder] C:\ProgramData\Partner -> Deleted
[PUP][File] C:\ProgramData\Partner\debug.log -> Deleted
[PUP][Folder] C:\ProgramData\Premium -> Deleted
[PUP][Folder] C:\ProgramData\Premium\Setup -> Deleted
[PUP][Folder] C:\Users\Shawn\AppData\Roaming\Uniblue -> Deleted
[PUP][Folder] C:\Users\Shawn\AppData\Roaming\Yahoo!\Companion -> Deleted
[PUP][Folder] C:\Users\Shawn\AppData\Roaming\Yahoo!\Companion\Buttons -> Deleted
[PUP][Folder] C:\Users\Shawn\AppData\Roaming\Yahoo!\Companion\CrashLogs -> Deleted
[PUP][File] C:\Users\Shawn\AppData\Roaming\Yahoo!\Companion\inq_data.inq -> Deleted
[PUP][File] C:\Users\Shawn\AppData\Roaming\Yahoo!\Companion\inq_settings.xml -> Deleted
[PUP][File] C:\Users\Shawn\AppData\Roaming\Yahoo!\Companion\resources.inq -> Deleted
[PUP][Folder] C:\Users\Shawn\AppData\Local\Ilivid Player -> Deleted
[PUP][File] C:\Users\Shawn\AppData\Local\Ilivid Player\script.qscript -> Deleted
[PUP][Folder] C:\Users\Shawn\AppData\Local\PackageAware -> Deleted
[PUP][Folder] C:\ProgramData\EmailNotifier -> ERROR [3]
[PUP][Folder] C:\ProgramData\Partner -> ERROR [3]
[PUP][Folder] C:\ProgramData\Premium -> ERROR [3]
[PUP][Folder] C:\Program Files (x86)\iLivid -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\ilivid.exe -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\ilivid.ico -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\imageformats\qgif4.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\imageformats\qjpeg4.dll -> Deleted
[PUP][Folder] C:\Program Files (x86)\iLivid\imageformats -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\libeay32.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\libgcc_s_dw2-1.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\mingwm10.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\phonon4.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\QtCore4.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\QtGui4.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\QtNetwork4.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\QtScript4.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\QtSvg4.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\QtWebKit4.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\QtXmlPatterns4.dll -> Deleted
[PUP][File] C:\Program Files (x86)\iLivid\ssleay32.dll -> Deleted
[PUP][Folder] C:\Program Files (x86)\Playalot Games -> Deleted
[PUP][File] C:\Program Files (x86)\Playalot Games\cache\data_0 -> Deleted
[PUP][File] C:\Program Files (x86)\Playalot Games\cache\data_1 -> Deleted
[PUP][File] C:\Program Files (x86)\Playalot Games\cache\data_2 -> Deleted
[PUP][File] C:\Program Files (x86)\Playalot Games\cache\data_3 -> Deleted
[PUP][File] C:\Program Files (x86)\Playalot Games\cache\index -> Deleted
[PUP][Folder] C:\Program Files (x86)\Playalot Games\cache -> Deleted
[PUP][File] C:\Program Files (x86)\Playalot Games\debug.log -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\intermediate_views.dat -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\latest_scan_results.xsl -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\library.dat -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\br\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\br\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\br -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\de\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\de\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\de -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\dk\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\dk\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\dk -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\en\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\en\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\en -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\es\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\es\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\es -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\fi\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\fi\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\fi -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\fr\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\fr\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\fr -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\it\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\it\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\it -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\jp\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\jp\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\jp -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\nl\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\nl\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\nl -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\no\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\no\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\no -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\ru\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\ru\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\ru -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\se\LC_MESSAGES\messages.mo -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\se\LC_MESSAGES -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\se -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\repair_transform.xsl -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\comtypes.txt -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\cwebpage.dll.html -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\decorator.py.txt -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\ordereddict.py.txt -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\py2exe.txt -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\python-changes.txt -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\python.txt -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\simplejson.txt -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\wmi.txt -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\unins000.dat -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\unins000.msg -> Deleted
[PUP][File] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\views.dat -> Deleted
[PUP][Folder] C:\Program Files (x86)\Uniblue\SpeedUpMyPC -> Deleted
[PUP][Folder] C:\Program Files (x86)\Windows iLivid Toolbar -> Deleted
[PUP][File] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngrUI.exe -> Deleted
[PUP][Folder] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64 -> Deleted
[PUP][Folder] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr -> Deleted
[PUP][File] C:\Program Files (x86)\Windows iLivid Toolbar\sysid.ini -> Deleted
[PUP][File] C:\Program Files (x86)\Windows iLivid Toolbar\uninstall.exe -> Deleted
[PUP][Folder] C:\Program Files (x86)\Zynga -> Deleted
[PUP][File] C:\Program Files (x86)\Zynga\INSTALL.LOG -> Deleted
[PUP][File] C:\Program Files (x86)\Zynga\toolbar.cfg -> Deleted
[PUP][File] C:\Program Files (x86)\Zynga\UNWISE.EXE -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] c7494dff0a6b55afe4277a7cd7bfec40
[BSP] 4797c6e5584cd40bb7863832d53de1bb : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 274365 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 564973568 | Size: 18493 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 602847232 | Size: 10886 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#19 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:04 PM

Posted 20 November 2016 - 03:03 PM

Hi decon21

That looks good.
RK has gone deeper and removed a bit more to what Eset found.

How is the system running now?
Any problems?

BBPP6nz.png


#20 decon21

decon21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 20 November 2016 - 06:14 PM

All is good thanks so so much for all your help!



#21 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:04 PM

Posted 20 November 2016 - 06:41 PM

Hi decon21

All is good thanks

That's good to hear :)

thanks so so much for all your help!

No problem, you are more than welcome.

Just one thing before we finish off...

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE 8u111 / 8u112 and save it to your desktop.
  • Scroll down to where it says "Java SE 8u111 / 8u112".
  • Click the "Download JRE " button.

    java111_zpsfbxpbbcv.png
  • Accept the license agreement.
  • select 'Windows x64'offline from the list.

    java113_zpsjgqwyjte.png
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
Let's finish the cleaning process and remove the tools we have used.

Step 1
Restart MBAM.
Click on the History tab >> Quarantine
Tick to select all items (if any there ) and then click the Delete button.
Close MBAM.

Step 2
FRST can now be removed:

Right click on the FRST icon and select delete.
Right click on any fixlog.txt or fixlist.txt files and select delete.
Navigate to: C:\frst and delete the frst folder

Step 3
RogueKiller AntiMalware (if you want to remove it) and Eset Online Scanner can be uninstalled from the uninstall list:

Win7:
Click the Start button >> Control Panel >> Programs >> Programs and Features.

Win8:
Right click on the Start button >> select Programs and Features

Win10:
Right click on the Start button >> select Programs and Features


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program at a time

Use a Firewall

Only install one software Firewall

Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Install an AdBlocker
Firefox: uBlock Origin
Google Chrome: uBlock Origin

uBlock Origin is NOT an "ad blocker" as such: it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker".
The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites
.

Internet Explorer:
Adblock Plus for Internet Explorer

P2P programs/Torrents
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Beware of PuP's when installing 'free' software
(Potentially Unwanted Program) An application that is installed along with the desired application the user actually asked for.
In most cases, the PUP is spyware, adware or some other unwanted software.
However, what makes spyware or adware a PUP rather than pure malware is the fact that the end user license agreement (EULA) does inform the user that this additional program is being installed.
Considering hardly anyone ever reads the license agreement, the distinction is a subtle one.

Understanding PuP's (Adware)


Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

BBPP6nz.png


#22 decon21

decon21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 20 November 2016 - 10:20 PM

done and done. thanks again! :D



#23 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:04 PM

Posted 21 November 2016 - 11:17 AM

done and done.

Thanks for letting me know.

As this topic has been resolved this thread will now be closed.

If you need this topic reopened, please contact one of the moderating team by PM and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users