Need Help Removing Some PUP's

Hi all I did a scan with Hitman Pro and it found two files called:

It classes them as PUP’s

HKU.DEFAULT\Software\AppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-18\Software\AppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)

Because I don’t have the paid version, I’m unable to remove them, could anybody help?

I’ve attached the Hitman Pro Log.

Attach the required logs as instructed here and a helper will assist you.

You should bee able to remove this using AdwCleaner and Malwarebytes

Pondus, please let Valinorum do his thing as their may be more then 1 issue. He is also training here :).

Ok, here’s my Malwarebytes Threat Scan log nothing was found.

I also, did run AdwCleaner couple days while these were still on the system but none of these were removed.

And my OTL Log

Hello,

I’m not taking Valinorum’s place. He is assigned to you. Some things I find suspicious. You are missing a fair amount of things. And a lack of files.


DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [File_System | On_Demand | Stopped] -- pjmtullb.sys -- (pjmtullb)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (kgcgfewq)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (hhdqhmgz)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (bivfnsof)

You also appear to be missing the Restore Point service. Which is very abnormal to see in a log file… Also you appear to be missing certain


Net Services?  NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: LanmanServer -  File not found
NetSvcs: LanmanWorkstation -  File not found
NetSvcs: Messenger -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
System Restore Service not available.

Is this computer a domain (School, Work, government computer)?

Edit: Screwed up the HTML coding…

I also see in the log files you use uTorrent. I would recommend that. Also I see you have remnants of Panda Security.

Valinorum currently has his maximum cases so I will be taking this one :slight_smile:

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (kgcgfewq)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (hhdqhmgz)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bivfnsof)
DRV - [2014/03/17 08:52:46 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti3ndu1.sys -- (uti3ndu1)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
[2014/04/13 17:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Avg2014
[2014/04/07 17:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/01/27 21:04:52 | 000,096,277 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1390853043.bdinstall.bin
[2014/01/27 21:04:03 | 000,037,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1390853024.bdinstall.bin
[2014/01/27 20:58:50 | 000,031,929 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1390852726.bdinstall.bin
[2014/01/27 20:58:13 | 000,031,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1390852689.bdinstall.bin
[2014/01/27 20:56:19 | 000,058,059 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1390852530.bdinstall.bin
[2014/01/27 20:55:29 | 000,037,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1390852508.bdinstall.bin
[2014/01/27 20:31:52 | 000,186,405 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1390850899.bdinstall.bin

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Before Essexboy comes let’s look at another scenario.

We have detected a version of Windows XP in your system. Please note that Microsoft has terminated their support for XP. It is recommended that you upgrade yourself to Windows Vista or above else making yourself vulnerable against malware attacks since no Microsoft support or patch for XP will be released. Also, I recommend this article for your perusal.

Regards,
Valinorum

Edit: Dragon has come. Please disregard this post. Thank you. :slight_smile:

Right now, I haven’t got the money for a new OS.

But I do plan on upgrading to Windows 7 at the end of the year

Here’s my OTL Quick Scan log
and the Adwcleaner Log

How is the computer behaving now ?

Perfectly fine ;D

Thanks

In that case methinks I will send you on your merry way :slight_smile:

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

Seems like that I’m getting an error upon running Delfix :o
Is this normal?

Picture has been attached

Just re-ran a Hitman Pro scan, seems that the files are still here and its found something new, that apparently needs to be repaired

Screenshot and Log has been attached

What Hitman Pro found was 2 dead Reg Keys and Drivers/etc. Which could be anything (Has no extension) so I presume it’s a file folder. HitmanPro can be a bit dangerous and I’d personally consider them FP’s.


HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : JOESCOMPUTER
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : JOESCOMPUTER\user
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-04-15 10:52:30
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 49s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 3

   Objects scanned . . . : 491,240
   Files scanned . . . . : 8,340
   Remnants scanned  . . : 153,592 files / 329,308 keys

Potential Unwanted Programs _________________________________________________

   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)

Repairs _____________________________________________________________________

   hosts
   C:\WINDOWS\system32\drivers\etc\



That is the log file from HMP.

Something else to add…

Essex made the Hosts files reset. ([resethosts]). Just another reason for a FP.

Ok, thanks for the input. I personally find Hitman Pro very helpful at times

I would personally think they are FP’s. Wait for Essex to have last word. But that’d be my guess.

I’ll see what Essex wants me to do.