Malware clean up is needed for this computer

My friend asked me for a clean up of his computer. I used avast to have a check. A few malware and junk is found.
Most are generic detection of the application “PPTV” (Win32:Malware-gen)
with Win32:Trojan-gen and Win32:GenMalicious-ANH [trj]
There is also an ugly warning about bad reputation pluggin in IE by avast.
Attached are picture showing the deep scan result and the pluggin warning

I know I need the scan log of MBAM and FRST, please wait, I will provide them in a few minutes

Edit: Oh boy! The link to download MBAM is hijacked to Chinese site ??? ???
Original: https://www.malwarebytes.org/getmbam
Now: htxp://malwarebytes-anti-malware.softonic.cn/download?ptn=malwarebytes
Is it safe?
Look like there IS a pluggin doing this. Did you guy heard of softonic?

Edit2: FRST download also failed. The page won’t even load, leaving a weird page layout. The attached picture “weird screen.jpg” show the half loaded webpage. :frowning:

access to another computer? download and move tools over using a USB stick…

or try click these direct links

MBAM http://www.malwarebytes.org/mwb-download/confirm/

FRST 32bit http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
FRST 64bit http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

IE is flooded with weird download agent plugin which need remove.
Using a freshly installed Firefox, I am able to download MBAM and FRST. Log attached.

Weird there is google chrome entries even though chrome is not installed ???

I will initially disable the IE plugins for Baidu and QQ as they are readily hijacked

Let me know if there is any change after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: BHO: QQDownload IE Left Helper -> {00000000-12C9-4305-82F9-43058F20E8D2} -> C:\Program Files (x86)\Tencent\QQDownload\QQIEHelper64.dll [2013-07-31] (Tencent Technology (Shenzhen) Company Limited) BHO-x32: QQDownload IE Left Helper -> {00000000-12C9-4305-82F9-43058F20E8D2} -> C:\Program Files (x86)\Tencent\QQDownload\QQIEHelper02.dll [2013-07-31] (Tencent Technology (Shenzhen) Company Limited) BHO-x32: NavigateBHO Class -> {CD79381A-F551-4E4E-9FE5-68105416C550} -> C:\Users\user\AppData\Roaming\baidu\BaiduPlayerBrowser\2.6.1.57_1\ProtectBHO.dll No File DPF: HKLM-x32 {8AFB38D0-67A4-49D3-8822-401755FC6573} http://hk.beanfun.com/beanfun_block/embeds/BFService.cab FF Plugin-x32: @baidu.com/npxbdsetup -> C:\Windows\Downloaded Program Files\1468078\npxbdsetup.dll [2012-12-26] () FF Plugin-x32: @qq.com/QQDownloadPlugin -> C:\Program Files (x86)\Tencent\QQDownload\Browser\751\npXFPlugin.dll [2013-07-31] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\npSSOAxCtrlForPTLogin.dll [2013-01-25] (Tencent) Task: {9E7EE08F-E915-4FAE-8F2F-4DD16FC08933} - System32\Tasks\{8876E257-B921-40C2-8130-705213219B03} => pcalua.exe -a "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W336JY9O\install_flashplayer11x32ax_gtbp_chra_aih[1].exe" -d C:\Users\user\Desktop Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Fixlog and adwclaner[S0] attached.
I disabled the pluggins, leaving only those from microsoft and google, yet MBAM official site is hijacked to softonic only in IE.
But getting to http://www.malwarebytes.org/mwb-download/ from http://www.malwarebytes.org/ is no problem

Hmm that is intriguing, next step is to reset IE

First though export your favourites to a desktop file http://www.7tutorials.com/how-import-or-export-bookmarks-when-using-internet-explorer-11

Then go to Control Panel > Internet options > Advanced tab
Click Reset
Reboot and then try IE again

I did a reset on IE, still get to softonic using https://www.malwarebytes.org/getmbam
Did a total clean up on the game (the computer is too slow, and this free up some 10GB from it) and QQ, Updated from IE8 to IE11 (you can see this computer is having very old set of software :-\ )
Though there is some leftover files:
C:\xuanfeng*
C:\Program Files (x86)\Garena Plus*
C:\Program Files (x86)\GarenaLoLTW*
C:\Program Files (x86)\Gunz2*
C:\Program Files (x86)\RC語音*

Still get the softtonic site
From google safe browsing, this is not a very good site for software. See http://www.google.com/safebrowsing/diagnostic?site=softonic.com
Weird mbam fail to catch the pluggin for this

Edit: Now I know why pptv is not good! :frowning: Even though I use the uninstaller, there is still a lot of folder leftover, especially the junk and adware in C:\Users\user\AppData\Roaming\PPlive. Software that is “Made in China” are usually rogue in this way :frowning:

run a fresh frst log for essexboy to look at

a fresh frst log

Edit: Sad new of this machine!! The harddisk suddenly beggin to produce sound and then all of a sudden I got a bsod of 0x0000007A. Since then I cannot boot successfully without a freeze or the message about not founding a boot media (guess it mean the harddisk). I guess this thread can end now.

That sounds as though you need a new hard drive