Moonbaby312
2012-11-10, 22:20
Pretty much the problem is in the title. Ken was helping me a few weeks ago here (http://forums.spybot.info/showthread.php?p=432315#post432315).
Edit
Original topic started Sep 18th, 2012, archived Oct 20th.
I ran MBAM and deleted all of the toolbar nonsense. Below is my DDS log and MBAM log.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 14:15:16.78 on Sat 11/10/2012
Internet Explorer: 9.0.8112.16421
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1810 [GMT -6:00]
.
AV: Webroot AntiVirus with AntiSpyware *Enabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with AntiSpyware *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1700
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1700
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [googletalk] "c:\users\owner\appdata\roaming\google\google talk\googletalk.exe" /autostart
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
mRun: [Acer Empowering Technology Monitor] "c:\program files\acer\empowering technology\SysMonitor.exe"
mRun: [eDataSecurity Loader] "c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Skytel] "Skytel.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-13 29808]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2009-1-18 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-18 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-2-13 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-2-23 1180976]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-1-18 338432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-10-11 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-10-11 116648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-10 19:11:02 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-11-10 12:58:15 -------- d-----w- c:\program files\TelevisionFanatic
2012-11-09 09:59:23 6918632 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{74ea7b7f-05b5-43bc-a67c-8e42c6aad73e}\mpengine.dll
2012-10-31 15:33:34 -------- d-----w- c:\program files\PopCap Games
2012-10-31 15:33:34 -------- d-----w- c:\progra~2\PopCapY
2012-10-31 15:33:34 -------- d-----w- c:\progra~2\PopCap Games
.
==================== Find3M ====================
.
2012-10-09 17:52:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 17:52:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:52:13 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2006-05-31 13:24:34 2248984 ----a-w- c:\program files\dsetup32.dll
2006-05-31 13:23:38 484632 ----a-w- c:\program files\DXSETUP.exe
2006-05-31 13:22:50 74520 ----a-w- c:\program files\DSETUP.dll
.
============= FINISH: 14:17:42.40 ===============
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org (http://www.malwarebytes.org)
Database version: v2012.11.10.08
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
11/10/2012 1:34:40 PM
mbam-log-2012-11-10 (13-34-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221885
Time elapsed: 18 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 93
HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{aed3b1e0-fabb-4c27-a2da-ec8352ee7e30} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{952c6f00-cba7-47be-baf3-cfc5808e6c7b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{73cadbbd-4dc5-419d-84f1-e7bf4c3b20c4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a378fd9d-b406-44bb-96d2-8cdaa668713f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{34979cb5-728d-4727-81bf-01850a3bb89b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{026fd9ba-112b-4d9f-86ea-589e28016e8c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{6784d08d-cdc3-419d-9b97-744a351ed908} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{608f7340-e221-4afb-a848-c4dad297cd58} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|64ffxtbr@TelevisionFanatic.com (PUP.MyWebSearch) -> Data: C:\Program Files\TelevisionFanatic\bar\1.bin -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\Program Files\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Files Detected: 48
C:\Program Files\TelevisionFanatic\bar\1.bin\64hkstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\C00IUXJF\TelevisionFanatic.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\1jfuweif.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64sknlcr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\CREXT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\CrExtP64.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8TICKER.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
(end)
Edit
Original topic started Sep 18th, 2012, archived Oct 20th.
I ran MBAM and deleted all of the toolbar nonsense. Below is my DDS log and MBAM log.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 14:15:16.78 on Sat 11/10/2012
Internet Explorer: 9.0.8112.16421
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1810 [GMT -6:00]
.
AV: Webroot AntiVirus with AntiSpyware *Enabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with AntiSpyware *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1700
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1700
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [googletalk] "c:\users\owner\appdata\roaming\google\google talk\googletalk.exe" /autostart
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
mRun: [Acer Empowering Technology Monitor] "c:\program files\acer\empowering technology\SysMonitor.exe"
mRun: [eDataSecurity Loader] "c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Skytel] "Skytel.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-13 29808]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2009-1-18 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-18 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-2-13 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-2-23 1180976]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-1-18 338432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-10-11 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-10-11 116648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-10 19:11:02 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-11-10 12:58:15 -------- d-----w- c:\program files\TelevisionFanatic
2012-11-09 09:59:23 6918632 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{74ea7b7f-05b5-43bc-a67c-8e42c6aad73e}\mpengine.dll
2012-10-31 15:33:34 -------- d-----w- c:\program files\PopCap Games
2012-10-31 15:33:34 -------- d-----w- c:\progra~2\PopCapY
2012-10-31 15:33:34 -------- d-----w- c:\progra~2\PopCap Games
.
==================== Find3M ====================
.
2012-10-09 17:52:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 17:52:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:52:13 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2006-05-31 13:24:34 2248984 ----a-w- c:\program files\dsetup32.dll
2006-05-31 13:23:38 484632 ----a-w- c:\program files\DXSETUP.exe
2006-05-31 13:22:50 74520 ----a-w- c:\program files\DSETUP.dll
.
============= FINISH: 14:17:42.40 ===============
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org (http://www.malwarebytes.org)
Database version: v2012.11.10.08
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
11/10/2012 1:34:40 PM
mbam-log-2012-11-10 (13-34-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221885
Time elapsed: 18 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 93
HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{aed3b1e0-fabb-4c27-a2da-ec8352ee7e30} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{952c6f00-cba7-47be-baf3-cfc5808e6c7b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{73cadbbd-4dc5-419d-84f1-e7bf4c3b20c4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a378fd9d-b406-44bb-96d2-8cdaa668713f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{34979cb5-728d-4727-81bf-01850a3bb89b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{026fd9ba-112b-4d9f-86ea-589e28016e8c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{6784d08d-cdc3-419d-9b97-744a351ed908} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{608f7340-e221-4afb-a848-c4dad297cd58} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|64ffxtbr@TelevisionFanatic.com (PUP.MyWebSearch) -> Data: C:\Program Files\TelevisionFanatic\bar\1.bin -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\Program Files\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Files Detected: 48
C:\Program Files\TelevisionFanatic\bar\1.bin\64hkstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\C00IUXJF\TelevisionFanatic.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\1jfuweif.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64sknlcr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\CREXT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\CrExtP64.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\T8TICKER.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
(end)