Tidaltv malware

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

gdwitch

Thread Starter
Joined
Oct 8, 2004
Messages
65
I keep getting a pop up from Malwarebytes about detecting set.tidaltv.com and I can't make it stop.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,130
Go here, then click the large blue "Download Now @ Bleeping Computer" button to download and save AdwCleaner.exe to your desktop.

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the "Scan" button, then allow the scanning process to finish.
(Note: Several seconds may pass before the scanning process starts, so be patient.)

Click the "Logfile" button.

When the log appears, save it.

Return here to your thread, then copy-and-paste the ENTIRE log here.

Note: After you submit the log, close AdwCleaner. When the warning appears, click "Yes".

-------------------------------------------------------------------

When was the last time you ran a "Threat Scan" with Malwarebytes and allowed it to quarantine everything it found?

-------------------------------------------------------------------
 

gdwitch

Thread Starter
Joined
Oct 8, 2004
Messages
65
# AdwCleaner v4.201 - Logfile created 14/04/2015 at 08:35:31
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Lucy - LUCY-PC
# Running from : C:\Users\Lucy\Downloads\adwcleaner_4.201.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\Lucy\Favorites\Coupons
Folder Found : C:\Users\Lucy\Favorites\Coupons

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : [x64] HKLM\SOFTWARE\WebBar
Key Found : HKU\.DEFAULT\Software\AVG Secure Search

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Google Chrome v41.0.2272.118

[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.avg.com/search?cid={6DE74A80-DD07-4B68-9E78-72451B0DD2C0}&mid=7b4c53f7354f86da37b3a9a353dab16f-f4042bf9368560f17731813389c659f9541ec31f&lang=en&ds=AVG&pr=fr&d=2012-11-21 16:17:15&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3247201
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48

*************************

AdwCleaner[R2].txt - [4402 bytes] - [14/12/2014 15:07:13]
AdwCleaner[R3].txt - [4463 bytes] - [14/12/2014 17:45:26]
AdwCleaner[R4].txt - [4526 bytes] - [14/12/2014 18:09:05]
AdwCleaner[R5].txt - [4514 bytes] - [14/12/2014 19:43:14]
AdwCleaner[R6].txt - [1269 bytes] - [15/12/2014 09:18:18]
AdwCleaner[R7].txt - [4805 bytes] - [15/12/2014 11:42:26]
AdwCleaner[R8].txt - [3620 bytes] - [14/04/2015 08:35:31]
AdwCleaner[S2].txt - [4728 bytes] - [15/12/2014 11:45:11]

########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [3738 bytes] ##########
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,130
It looks like you used AdwCleaner several times in December, but you didn't allow it to delete the threats it found.

You didn't answer my question in the bottom part of post #2.

--------------------------------------------------------------------

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the "Scan" button, then allow the scanning process to finish.
(Note: Several seconds may pass before the scanning process starts, so be patient.)

Click the "Cleaning" button, then click "OK".

Allow the cleaning process to finish.

When it's finished, click "OK" in each window that appears.

The computer will restart.

When the log appears during restart, save it.

Return here to your thread, then copy-and-paste the ENTIRE log here.

--------------------------------------------------------------------
 

gdwitch

Thread Starter
Joined
Oct 8, 2004
Messages
65
Here's the log. I could have sworn I deleted the threats in December. I run an automatic Malwarebytes scan every week and since this problem, I ran it again twice. It's coming up with no threats, yet this tidaltv thing persisted in popping up.

# AdwCleaner v4.201 - Logfile created 14/04/2015 at 12:18:53
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Lucy - LUCY-PC
# Running from : C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8NKPUAO\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Lucy\Favorites\Coupons
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
File Deleted : C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\WebBar
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Google Chrome v41.0.2272.118

[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={6DE74A80-DD07-4B68-9E78-72451B0DD2C0}&mid=7b4c53f7354f86da37b3a9a353dab16f-f4042bf9368560f17731813389c659f9541ec31f&lang=en&ds=AVG&pr=fr&d=2012-11-21 16:17:15&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3247201
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48

*************************

AdwCleaner[R2].txt - [4402 bytes] - [14/12/2014 15:07:13]
AdwCleaner[R3].txt - [4463 bytes] - [14/12/2014 17:45:26]
AdwCleaner[R4].txt - [4526 bytes] - [14/12/2014 18:09:05]
AdwCleaner[R5].txt - [4514 bytes] - [14/12/2014 19:43:14]
AdwCleaner[R6].txt - [1269 bytes] - [15/12/2014 09:18:18]
AdwCleaner[R7].txt - [4805 bytes] - [15/12/2014 11:42:26]
AdwCleaner[R8].txt - [3821 bytes] - [14/04/2015 08:35:31]
AdwCleaner[R9].txt - [3948 bytes] - [14/04/2015 12:16:36]
AdwCleaner[S2].txt - [4728 bytes] - [15/12/2014 11:45:11]
AdwCleaner[S3].txt - [3865 bytes] - [14/04/2015 12:18:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3924 bytes] ##########
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,130
Download and save and then install the free version of SUPERAntiSpyware 6.0.1186

Make sure to uncheck and decline to install any extras, such as toolbars and homepages, it may offer.

Make sure to uncheck and decline to use the "Pro" or "Trial" version, if it's offered.

After it's installed, do the following with it:

Click "System Tools".

Click "Preferences", then uncheck "Run in the background (system tray)", then click "Done".

Click "Advanced Settings", then uncheck "Follow shortcuts (*.lnk) during scan", then click "OK - Done".

Click "Click here to check for updates".

When the definition files have updated, click "OK".

Click "Scan This Computer", then click Quick Scan.

If problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Continue".

Make sure that EVERYTHING in the list is selected, then click "Continue".

When the removal process is complete, click "Continue".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "System Tools", then click "Scan Logs".

Select the most current scan log, then click on its magnifying glass icon so it can open and be viewed, then save it on the desktop.

Return here, then copy-and-paste its ENTIRE contents here.

----------------------------------------------------------
 

gdwitch

Thread Starter
Joined
Oct 8, 2004
Messages
65
Luckily I already had this program on my computer.

Scan log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/14/2015 at 05:28 PM

Application Version : 6.0.1186
Database Version : 11828

Scan type : Quick Scan
Total Scan Time : 00:01:13

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 57286
Registry threats detected : 0
File items scanned : 8180
File threats detected : 24

Adware.Tracking Cookie
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\XXALI37V.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\XXALI37V.txt [ /track.adform.net ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\QXS86UNI.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\QXS86UNI.txt [ /adform.net ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\5IA788XG.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\5IA788XG.txt [ /doubleclick.net ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\URHPZRQ2.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\URHPZRQ2.txt [ /atdmt.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\DEMDGLW1.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\DEMDGLW1.txt [ /smartadserver.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\AEF2HSA1.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\AEF2HSA1.txt [ /ru4.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\OEYW7B3L.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\OEYW7B3L.txt [ /imrworldwide.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROKCV0CH.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROKCV0CH.txt [ /ad.360yield.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\3IVUTCAK.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\3IVUTCAK.txt [ /burstnet.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\YL6DGQJL.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\YL6DGQJL.txt [ /247realmedia.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2R0H2HX.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2R0H2HX.txt [ /revsci.net ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\JS5FRRSW.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\JS5FRRSW.txt [ /advertising.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\NH4N1N83.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\NH4N1N83.txt [ /adtechus.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\MY2G2N0T.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\MY2G2N0T.txt [ /serving-sys.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\9O59DYW4.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\9O59DYW4.txt [ /oasc12.247realmedia.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\K09KRL5K.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\K09KRL5K.txt [ /casalemedia.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\IR5I82TI.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\IR5I82TI.txt [ /ads.undertone.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8QVKSCB.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8QVKSCB.txt [ /atwola.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\XTL9AZY0.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\XTL9AZY0.txt [ /statse.webtrendslive.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQSLXJ91.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQSLXJ91.txt [ /amazon-adsystem.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJ1A209Y.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJ1A209Y.txt [ /bs.serving-sys.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\TXKCVUYW.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\TXKCVUYW.txt [ /mediaplex.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y40VKV1E.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y40VKV1E.txt [ /oasc17.247realmedia.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\85A10AK2.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\85A10AK2.txt [ /zedo.com ]

============
End of Log
============
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,130
Go here, then click the large blue "Download Now @ Author's Site" button to download and save TFC.exe (Temp File Cleaner by OldTimer) to your desktop.

After it's downloaded and saved, close all open windows.

Double-click it to load its main window.

Click the "Start" button.

If there are a large number of temp files or if there are multiple user accounts, the temp file deletion process may appear to freeze and may take a few minutes, so don't interfere with or abort it.

After it's finished, restart the computer.

Note: Advise how many temp files in MB's were found and deleted.

---------------------------------------------------------
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,130
AFTER you complete the instructions in post #8, do the following:

Click Start, then type MSCONFIG in the search or run box, then press the Enter key.

When the small "System Configuration" window appears, click the "Startup" tab.

Write down ONLY the names in the "Startup Item" column that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list.

Make sure to spell them EXACTLY as you see them there.

--------------------------------------------------------------
 

gdwitch

Thread Starter
Joined
Oct 8, 2004
Messages
65
TFC.exe Total Cleaned 3,249.00 mb

Start up:
Microsoft Security Client
NVIDIA Backend
NVIDIA Geforce Experience
GoogleToolbarNotifier
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,130
TFC.exe Total Cleaned 3,249.00 mb
That was a lot of temp files. You might want to put it to use at least once a month.

Start up:
Microsoft Security Client
NVIDIA Backend
NVIDIA Geforce Experience
GoogleToolbarNotifier
(y)

----------------------------------------------------------
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,130
Open the Programs And Features" window. This is where your installed programs, etc. are located.

If you see any names in the list that you don't recognize, submit their exact names here.

------------------------------------------------------------
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,130
You may need to get help from the gold shield specialists at the Virus & Other Malware Removal section.

Click the orange "Report" button and then request to have your thread moved there.

----------------------------------------------------------
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top