Results 1 to 4 of 4

Thread: Toolbar added itself, and no browser history is appearing

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Sep 2012
    Posts
    14

    Default Toolbar added itself, and no browser history is appearing

    Pretty much the problem is in the title. Ken was helping me a few weeks ago here (http://forums.spybot.info/showthread...315#post432315).

    Edit
    Original topic started Sep 18th, 2012, archived Oct 20th.


    I ran MBAM and deleted all of the toolbar nonsense. Below is my DDS log and MBAM log.

    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Owner at 14:15:16.78 on Sat 11/10/2012
    Internet Explorer: 9.0.8112.16421
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1810 [GMT -6:00]
    .
    AV: Webroot AntiVirus with AntiSpyware *Enabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
    SP: Webroot AntiVirus with AntiSpyware *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
    C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Owner\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.att.net/
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1700
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1700
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
    BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uRun: [Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
    uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
    uRun: [googletalk] "c:\users\owner\appdata\roaming\google\google talk\googletalk.exe" /autostart
    uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
    mRun: [Acer Empowering Technology Monitor] "c:\program files\acer\empowering technology\SysMonitor.exe"
    mRun: [eDataSecurity Loader] "c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe"
    mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [Skytel] "Skytel.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-13 29808]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2009-1-18 269448]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
    R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-18 24576]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-2-13 4048240]
    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-2-23 1180976]
    R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-1-18 338432]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-10-11 116648]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 250808]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-10-11 116648]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-11-10 19:11:02 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2012-11-10 12:58:15 -------- d-----w- c:\program files\TelevisionFanatic
    2012-11-09 09:59:23 6918632 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{74ea7b7f-05b5-43bc-a67c-8e42c6aad73e}\mpengine.dll
    2012-10-31 15:33:34 -------- d-----w- c:\program files\PopCap Games
    2012-10-31 15:33:34 -------- d-----w- c:\progra~2\PopCapY
    2012-10-31 15:33:34 -------- d-----w- c:\progra~2\PopCap Games
    .
    ==================== Find3M ====================
    .
    2012-10-09 17:52:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-09 17:52:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-09 17:52:13 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2006-05-31 13:24:34 2248984 ----a-w- c:\program files\dsetup32.dll
    2006-05-31 13:23:38 484632 ----a-w- c:\program files\DXSETUP.exe
    2006-05-31 13:22:50 74520 ----a-w- c:\program files\DSETUP.dll
    .
    ============= FINISH: 14:17:42.40 ===============

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.10.08

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: OWNER-PC [administrator]

    11/10/2012 1:34:40 PM
    mbam-log-2012-11-10 (13-34-40).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 221885
    Time elapsed: 18 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 93
    HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{aed3b1e0-fabb-4c27-a2da-ec8352ee7e30} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{952c6f00-cba7-47be-baf3-cfc5808e6c7b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{73cadbbd-4dc5-419d-84f1-e7bf4c3b20c4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{a378fd9d-b406-44bb-96d2-8cdaa668713f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{34979cb5-728d-4727-81bf-01850a3bb89b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{026fd9ba-112b-4d9f-86ea-589e28016e8c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{6784d08d-cdc3-419d-9b97-744a351ed908} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{608f7340-e221-4afb-a848-c4dad297cd58} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 7
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe" -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|64ffxtbr@TelevisionFanatic.com (PUP.MyWebSearch) -> Data: C:\Program Files\TelevisionFanatic\bar\1.bin -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 3
    C:\Program Files\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Files Detected: 48
    C:\Program Files\TelevisionFanatic\bar\1.bin\64hkstub.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\C00IUXJF\TelevisionFanatic.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\1jfuweif.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64sknlcr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\CREXT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\CrExtP64.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\T8TICKER.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    (end)
    Last edited by tashi; 2012-11-11 at 00:53. Reason: Added date

  2. #2
    Junior Member
    Join Date
    Sep 2012
    Posts
    14

    Default

    I just found out that the toolbar was downloaded by a family a member. I'd still like assistance in fixing the no browser history problem (and any other problems you find).

  3. #3
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Moonbaby312 ,

    Based on the contents in the previous topic, I strongly suggest you reformat and reinstall the computer.

    Have a read on the concerns:
    Remote Access Infections ... (why you should repave)

  4. #4
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Due to lack of response, this topic is now closed.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log.

    If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    Everyone else please begin a New Topic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •