Jump to content

Removal instructions for myWeddingAdviser


Recommended Posts

  • Staff

What is myWeddingAdviser?

 

The Malwarebytes research team has determined that myWeddingAdviser is adware. These adware applications display advertisements not originating from the sites you are browsing.

 

How do I know if my computer is affected by myWeddingAdviser?

 

You may see this entry in your list of installed programs:

 

warning5.png

this toolbar:

icons.png

these browser extensions:

warning2.png

warning4.png

and these warnings during install:

main.png

warning1.png

warning3.png

 

How did myWeddingAdviser get on my computer?

 

Adware applications use different methods for distributing themselves. This particular one was installed from their site.

 

How do I remove myWeddingAdviser?

 

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of myWeddingAdviser?
  • If you are using Chrome, this hijacker alters the shortcuts for Chrome on your desktop, in the taskbar and in the Startmenu Programs. Read here how to clean your shortcuts.
How would the full version of Malwarebytes Anti-Malware help protect me?

 

We hope our application and this guide have helped you eradicate this hijacker.  

 

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the myWeddingAdviser adware.  It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

 

protection1.png

Technical details for experts

 

You will see these signs in a HijackThis log:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=780CC5E7&p2=^BIF^yyyyyy^YYA^nl&ptb=71A4CDDF-075C-432E-BFD2-518948ACDE11R3 - URLSearchHook: (no name) - {dd518073-8837-44ef-9c2e-56dacb609332} - C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqSrcAs.dllO2 - BHO: Search Assistant BHO - {61a17659-cd56-4801-ac48-e017581f8a49} - C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqSrcAs.dllO2 - BHO: Toolbar BHO - {97ddab8f-ff87-416c-93da-b763b6d5c22e} - C:\PROGRA~1\MYWEDD~2\bar\1.bin\aqbar.dllO3 - Toolbar: MyWeddingAdviser - {3cf27ada-f52d-4aa4-9db8-aa18d2b6509a} - C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqbar.dllO4 - HKLM\..\Run: [MyWeddingAdviser EPM Support] "C:\PROGRA~1\MYWEDD~2\bar\1.bin\aqmedint.exe" T8EPMSUP.DLL,SO4 - HKLM\..\Run: [MyWeddingAdviser AppIntegrator 32-bit] C:\PROGRA~1\MYWEDD~2\bar\1.bin\AppIntegrator.exeO4 - HKLM\..\Run: [MyWeddingAdviser Search Scope Monitor] "C:\PROGRA~1\MYWEDD~2\bar\1.bin\aqsrchmn.exe" /m=2 /w /hO23 - Service: MyWeddingAdviserService (MyWeddingAdviser_aqService) - Mindspark - C:\PROGRA~1\MYWEDD~2\bar\1.bin\aqbarsvc.exe
 

 

Alterations made by the installer:

{ I had to remove a lot of changes from this log, because the post was too long. Full log available on request }

File system details  ---------------------------------------------    Adds the folder C:\Program Files\MyWeddingAdviser_aq\bar\1.bin       Adds the file APPINTEGRATOR.EXE"="10/30/2014 3:12 PM, 225864 bytes, A       Adds the file AppIntegrator64.exe"="10/30/2014 3:12 PM, 258632 bytes, A       Adds the file APPINTEGRATORSTUB.DLL"="10/30/2014 3:12 PM, 197704 bytes, A       Adds the file AppIntegratorStub64.dll"="10/30/2014 3:12 PM, 213576 bytes, A       Adds the file aqbar.dll"="10/30/2014 3:12 PM, 1037896 bytes, A       Adds the file aqbarsvc.exe"="10/30/2014 3:12 PM, 90696 bytes, A       Adds the file aqbprtct.dll"="10/30/2014 3:12 PM, 121928 bytes, A       Adds the file aqdatact.dll"="10/30/2014 3:12 PM, 171592 bytes, A       Adds the file aqdlghk.dll"="10/30/2014 3:12 PM, 121928 bytes, A       Adds the file aqdlghk64.dll"="10/30/2014 3:12 PM, 147528 bytes, A       Adds the file aqfeedmg.dll"="10/30/2014 3:12 PM, 145992 bytes, A       Adds the file aqhighin.exe"="10/30/2014 3:12 PM, 13384 bytes, A       Adds the file aqhkstub.dll"="10/30/2014 3:12 PM, 59976 bytes, A       Adds the file aqhtmlmu.dll"="10/30/2014 3:12 PM, 214088 bytes, A       Adds the file aqhttpct.dll"="10/30/2014 3:12 PM, 151112 bytes, A       Adds the file aqidle.dll"="10/30/2014 3:12 PM, 62024 bytes, A       Adds the file aqmedint.exe"="10/30/2014 3:12 PM, 12872 bytes, A       Adds the file aqmlbtn.dll"="10/30/2014 3:12 PM, 98888 bytes, A       Adds the file aqPlugin.dll"="10/30/2014 3:12 PM, 83016 bytes, A       Adds the file aqregfft.dll"="10/30/2014 3:12 PM, 85064 bytes, A       Adds the file aqreghk.dll"="10/30/2014 3:12 PM, 80968 bytes, A       Adds the file aqregiet.dll"="10/30/2014 3:12 PM, 87112 bytes, A       Adds the file aqscript.dll"="10/30/2014 3:12 PM, 104520 bytes, A       Adds the file aqskin.dll"="10/30/2014 3:12 PM, 212552 bytes, A       Adds the file aqskplay.exe"="10/30/2014 3:12 PM, 55880 bytes, A       Adds the file aqSrcAs.dll"="10/30/2014 3:12 PM, 144968 bytes, A       Adds the file aqtpinst.dll"="10/30/2014 3:12 PM, 179480 bytes, A       Adds the file ASSISTMONITOR.DLL"="10/30/2014 3:12 PM, 225352 bytes, A       Adds the file ASSISTMONITOR64.DLL"="10/30/2014 3:12 PM, 246344 bytes, A       Adds the file BOOTSTRAP.JS"="10/30/2014 3:12 PM, 20480 bytes, A       Adds the file CHROME.MANIFEST"="10/30/2014 3:12 PM, 1024 bytes, A       Adds the file CREXT.DLL"="10/30/2014 3:12 PM, 981576 bytes, A       Adds the file CrExtPaq.exe"="10/30/2014 3:12 PM, 1099336 bytes, A       Adds the file DPNMNGR.DLL"="10/30/2014 3:12 PM, 218696 bytes, A       Adds the file FF-NativeMessagingDispatcher.dll"="10/30/2014 3:12 PM, 486984 bytes, A       Adds the file HKFXMGR.DLL"="10/30/2014 3:12 PM, 348744 bytes, A       Adds the file HKFXMGR64.DLL"="10/30/2014 3:12 PM, 449608 bytes, A       Adds the file HPG.DLL"="10/30/2014 3:12 PM, 237128 bytes, A       Adds the file Hpg64.dll"="10/30/2014 3:12 PM, 220744 bytes, A       Adds the file INSTALL.RDF"="10/30/2014 3:12 PM, 2048 bytes, A       Adds the file installKeys.js"="10/30/2014 3:12 PM, 217 bytes, A       Adds the file LOGO.BMP"="10/30/2014 3:12 PM, 10054 bytes, A       Adds the file T8EPMSUP.DLL"="10/30/2014 3:12 PM, 79432 bytes, A       Adds the file T8EXTEX.DLL"="10/30/2014 3:12 PM, 102984 bytes, A       Adds the file T8EXTPEX.DLL"="10/30/2014 3:12 PM, 108616 bytes, A       Adds the file T8HTML.DLL"="10/30/2014 3:12 PM, 202312 bytes, A       Adds the file T8RES.DLL"="10/30/2014 3:12 PM, 196488 bytes, A       Adds the file T8TICKER.DLL"="10/30/2014 3:12 PM, 171080 bytes, A       Adds the file TOOLBARGUARD.DLL"="10/30/2014 3:12 PM, 240200 bytes, A       Adds the file TOOLBARGUARD64.DLL"="10/30/2014 3:12 PM, 251976 bytes, A       Adds the file TPIMANAGERCONSOLE.EXE"="10/30/2014 3:12 PM, 78216 bytes, A       Adds the file VERIFY.DLL"="10/30/2014 3:12 PM, 70728 bytes, A    Adds the folder C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\assists\ie_default_search_provider       Adds the file ARBITER.DLL"="10/30/2014 3:12 PM, 15432 bytes, A       Adds the file ARBITER64.DLL"="10/30/2014 3:12 PM, 17480 bytes, A       Adds the file ASSIST.EXE"="10/30/2014 3:12 PM, 207944 bytes, A       Adds the file CONFIG.XML"="10/30/2014 3:12 PM, 3242 bytes, A    Adds the folder C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\assists\ie_enable       Adds the file ARBITER.DLL"="10/30/2014 3:12 PM, 12360 bytes, A       Adds the file ARBITER64.DLL"="10/30/2014 3:12 PM, 12360 bytes, A       Adds the file CONFIG.XML"="10/30/2014 3:12 PM, 6564 bytes, A    Adds the folder C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\chrome       Adds the file aqffxtbr.jar"="10/30/2014 3:12 PM, 548864 bytes, A    Adds the folder C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\ThirdPartyInstallers    Adds the folder C:\Program Files\MyWeddingAdviser_aq\bar\assists       Adds the file COMMON.T8S"="10/30/2014 3:12 PM, 138369 bytes, A    Adds the folder C:\Program Files\MyWeddingAdviser_aq\bar\gen1       Adds the file COMMON.T8S"="10/30/2014 3:12 PM, 1547 bytes, A    Adds the folder C:\Program Files\MyWeddingAdviser_aq\bar\Message       Adds the file COMMON.T8S"="10/30/2014 3:12 PM, 100829 bytes, A    Adds the folder C:\Program Files\MyWeddingAdviser_aq\bar\Settings       Adds the file s_pid.dat"="10/30/2014 3:12 PM, 36 bytes, A    Adds the folder C:\Program Files\MyWeddingAdviser_aqEI\Installr\1.bin       Adds the file aqEIPlug.dll"="10/30/2014 3:11 PM, 80776 bytes, A       Adds the file aqEZSETP.dll"="10/30/2014 3:11 PM, 818056 bytes, A       Adds the file NPaqEISb.dll"="10/30/2014 3:11 PM, 47496 bytes, A    Adds the folder C:\Program Files\MyWeddingAdviser_aqEI\Installr\setups    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpfhljdfdfnmdmiohhmoncgnclndehdn\11.87.5.11396_0    Adds the folder C:\Users\{username}\AppData\Local\MyWeddingAdviser_aq    Adds the folder C:\Users\{username}\AppData\LocalLow\MyWeddingAdviser_aq\bar\Cache    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\aqffxtbr@MyWeddingAdviser_aq.com\chrome       Adds the file aqffxtbr.jar"="10/30/2014 3:12 PM, 548864 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{096e745e-3952-409c-a618-6278da4ebb36}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e967114-6006-4a7e-87a5-dc4b8606a79c}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cf27ada-f52d-4aa4-9db8-aa18d2b6509a}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46812bd8-fdb7-41d0-9a70-db1efe4e5d96}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bb434ab-3579-4e8f-98a0-5d3cd42baea9}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57FEFC63-665F-4752-A450-F240C4AF2D57}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59d4d2a9-9547-496b-a31a-567d6d1589b5}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5daedf63-01a1-4950-a3cc-a318dc711c39}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61a17659-cd56-4801-ac48-e017581f8a49}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a05ab28-e7a8-49c3-af53-d7d7090e3bcf}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b6615a5-6adc-4753-b0d5-433b2946596b}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97ddab8f-ff87-416c-93da-b763b6d5c22e}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97fd3251-2e6d-4756-9a49-9d9c91b938df}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e95b4fc-5c49-4df3-a862-d1f034c25bd6}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2482eba-e1cf-4267-9b05-ac142adfb897}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a479c020-fb72-4a0f-9c30-80d6d5768d53}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0015a8a-fe88-46a3-b44f-ab11c5df0b65}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{20FE6556-6C90-403D-942C-67F47E6F6937}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{27AA2519-2FB6-4877-830D-12489407A91F}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A0CA045-3E7B-4279-9AAC-E27C6B527228}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37E94D00-59C2-4E7A-B703-403E71ECDD8E}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4995C11E-8F49-4A0D-92B9-CF0039C31067}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D2267FE-EEB2-4835-B439-E0A3421A399E}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4ECCFFB5-88C5-4899-92B7-FA8D395A18F8}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50EB80FF-6BE4-4BAA-B91F-0BA66C1D718D}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B06DF01-8E07-4ADA-ACB3-16D95F63F3D1}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60B33A8C-B1A1-4686-AC26-6507753CC356}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{725D36AB-0545-4C42-BDAA-3656946F1EA8}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7965E7EB-DFB6-48FD-AAA2-354E9FF74568}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8242DC5D-C50C-4B54-8BAA-7CC8C5EB256B}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{833FD365-E595-483B-BA83-B7E6C2C016D9}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{87F2F162-062E-4F55-B9F4-24AD561516E6}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{88991C59-70BA-4693-97FB-BF3A21E348B2}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89D430EF-18BF-4E2B-BA1F-27D93867CBB4}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9A34B803-6DD2-4DE2-BCD2-DCE5565F9567}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CCB8251-426D-4203-8A9A-F02A2C1653DF}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9E086F93-8E11-4E9C-913E-15861A5CCF72}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B053C539-87B0-423E-9153-6A291D5F22C9}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C30E52DC-1E9E-4DCD-85E8-5E8B3B6D2F0F}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CA0F9C66-C7B0-4F91-ACC9-AF256066F794}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D689AA4B-D95B-4B63-839C-98E7986A0D2B}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DA38E5B6-AC33-4F6B-A924-0CBFC89525D3}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFCA36DF-6B16-477D-80AF-5629A8D5B069}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F0966CE1-A121-4BA8-994D-ECBF146B6DBC}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWeddingAdviser_aq.FeedManager]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWeddingAdviser_aq.HTMLMenu]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWeddingAdviser_aq.HTMLPanel]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWeddingAdviser_aq.MultipleButton]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWeddingAdviser_aq.PseudoTransparentPlugin]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWeddingAdviser_aq.ScriptButton]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWeddingAdviser_aq.SettingsPlugin]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWeddingAdviser_aq.ThirdPartyInstaller]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWeddingAdviser_aq.ToolbarProtector]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{33CCDA1F-AC45-473A-856E-A37560E77E0E}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{38F72F6F-FC7A-4DB3-922C-DE0DDE0932F2}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5EBA3835-C617-44D5-A958-619B8D9D7E75}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{67526503-6F47-4EA3-B34B-D7FBB7887B74}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C46C65B1-DBA4-462B-BADD-A81F05B05AD4}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD71E889-B3F2-49A8-ACE4-08112AF065F3}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA521AA1-359C-4CBB-9F4B-3247AD94F480}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E4073C15-938B-467A-B456-3746357A8CF5}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F737C3F9-BEEC-47EE-851C-0CBAF8AAC50A}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FBEAF5F4-9645-4E54-AA5F-E7B2CAE80CAB}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]       "CrExtPaq.exe"="REG_DWORD", 0    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a6c30d95-6bc7-4529-b64f-ca52b4fb2d8d}]       "(Default)"="REG_SZ", "MyWeddingAdviser_aq"       "DisplayName"="REG_SZ", "Ask Web Search"       "ShowSearchSuggestions"="REG_DWORD", 1       "SuggestionsURL_JSON"="REG_SZ", "http://ssmsp.ask.com/query?li=ff&q={searchTerms}&sstype=prefix"       "URL"="REG_SZ", "http://search.tb.ask.com/search/GGmain.jhtml?p2=^BIF^yyyyyy^YYA^nl&ptb=71A4CDDF-075C-432E-BFD2-518948ACDE11&ind=2014103010&n=780cc5e2&psa=&st=sb&searchfor={searchTerms}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]       "{3cf27ada-f52d-4aa4-9db8-aa18d2b6509a}"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61a17659-cd56-4801-ac48-e017581f8a49}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97ddab8f-ff87-416c-93da-b763b6d5c22e}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]       "MyWeddingAdviser AppIntegrator 32-bit"="REG_SZ", "C:\PROGRA~1\MYWEDD~2\bar\1.bin\AppIntegrator.exe"       "MyWeddingAdviser EPM Support"="REG_SZ", ""C:\PROGRA~1\MYWEDD~2\bar\1.bin\aqmedint.exe" T8EPMSUP.DLL,S"       "MyWeddingAdviser Search Scope Monitor"="REG_SZ", ""C:\PROGRA~1\MYWEDD~2\bar\1.bin\aqsrchmn.exe" /m=2 /w /h"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWeddingAdviser_aqbar Uninstall Firefox]       "UninstallString"="REG_SZ", "rundll32 "C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqBar.dll",O mindsparktoolbarkey="MyWeddingAdviser_aq" uninstalltype=FF"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWeddingAdviser_aqbar Uninstall Internet Explorer]       "DisplayName"="REG_SZ", "MyWeddingAdviser Internet Explorer Toolbar"       "HelpLink"="REG_SZ", "http://support.mindspark.com/"       "Publisher"="REG_SZ", "Mindspark Interactive Network"       "UninstallString"="REG_SZ", "rundll32 "C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqBar.dll",O mindsparktoolbarkey="MyWeddingAdviser_aq" uninstalltype=IE"       "UrlInfoAbout"="REG_SZ", "http://support.mindspark.com/"    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@MyWeddingAdviser_aq.com/Plugin]       "Description"="REG_SZ", "MyWeddingAdviser Plugin"       "Path"="REG_SZ", "C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\NPaqStub.dll"       "vendor"="REG_SZ", "MyWeddingAdviser_aq"       "version"="REG_SZ", "1.1.1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\MyWeddingAdviser_aq\SkinTools]       "PlayerPath"="REG_SZ", ""C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqSkPlay.exe""    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MyWeddingAdviser_aqService]       "DisplayName"="REG_SZ", "MyWeddingAdviserService"       "ErrorControl"="REG_DWORD", 1       "ImagePath"="REG_EXPAND_SZ, "C:\PROGRA~1\MYWEDD~2\bar\1.bin\aqbarsvc.exe"       "ObjectName"="REG_SZ", "LocalSystem"       "Start"="REG_DWORD", 2       "Type"="REG_DWORD", 16    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWeddingAdviser_aq]       "CacheDir"="REG_SZ", "C:\Users\{username}\AppData\LocalLow\MyWeddingAdviser_aq\bar\Cache\"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWeddingAdviser_aq\Settings\PopupProperties221734280]       "ETag"="REG_SZ", ""453254-a76d-506efca7""       "HTMLMenuRevision"="REG_SZ", "358"       "LastHTMLMenuURL"="REG_SZ", "http://www.mywebface.com/menus/widgets/rss-widget/"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWeddingAdviser_aq\Settings\SmileyCentralBtn]       "HTMLMenuPosDeleted"="REG_SZ", "1"    [HKEY_CURRENT_USER\Software\Classes\CLSID\{dd518073-8837-44ef-9c2e-56dacb609332}]    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{a6c30d95-6bc7-4529-b64f-ca52b4fb2d8d}]       "(Default)"="REG_SZ", "MyWeddingAdviser_aq"       "DisplayName"="REG_SZ", "Ask Web Search"       "ShowSearchSuggestions"="REG_DWORD", 1       "SuggestionsURL_JSON"="REG_SZ", "http://ssmsp.ask.com/query?li=ff&q={searchTerms}&sstype=prefix"       "URL"="REG_SZ", "http://search.tb.ask.com/search/GGmain.jhtml?p2=^BIF^yyyyyy^YYA^nl&ptb=71A4CDDF-075C-432E-BFD2-518948ACDE11&ind=2014103010&n=780cc5e2&psa=&st=sb&searchfor={searchTerms}"    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]       "{dd518073-8837-44ef-9c2e-56dacb609332}"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CF27ADA-F52D-4AA4-9DB8-AA18D2B6509A}]       "Flags"="REG_DWORD", 1024    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61A17659-CD56-4801-AC48-E017581F8A49}]       "Flags"="REG_DWORD", 1024    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97DDAB8F-FF87-416C-93DA-B763B6D5C22E}]       "Flags"="REG_DWORD", 1024    [HKEY_CURRENT_USER\Software\MyWeddingAdviser_aq\bar\Switches]
Malwarebytes Anti-Malware log:

<?xml version="1.0" encoding="UTF-16" ?><mbam-log><header><date>2014/10/30 15:49:37 +0100</date><logfile>mbam-log-2014-10-30 (15-49-37).xml</logfile><isadmin>yes</isadmin></header><engine><version>2.00.3.1025</version><malware-database>v2014.10.30.08</malware-database><rootkit-database>v2014.10.22.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows 7 Service Pack 1</osversion><arch>x86</arch><username>Malwarebytes</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>272782</objects><time>206</time><processes>1</processes><modules>0</modules><keys>31</keys><values>5</values><datas>1</datas><folders>0</folders><files>12</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><process><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqhighin.exe</path><vendor>PUP.Optional.MindSpark</vendor><action>delete-on-reboot</action><pid>8452</pid><hash>fce4fe1c0b710f277720249644bd24dc</hash></process><key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MyWeddingAdviser_aqService</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>855ba872017bc96df99e19a18c7514ec</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CLSID\{46812bd8-fdb7-41d0-9a70-db1efe4e5d96}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>855b34e637456bcbfd9af3c79a67629e</hash></key><key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{e4073c15-938b-467a-b456-3746357a8cf5}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>855b34e637456bcbfd9af3c79a67629e</hash></key><key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{DA38E5B6-AC33-4F6B-A924-0CBFC89525D3}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>855b34e637456bcbfd9af3c79a67629e</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CLSID\{61a17659-cd56-4801-ac48-e017581f8a49}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>10d073a7e3991c1aeea9dbdf26dbf50b</hash></key><key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{61A17659-CD56-4801-AC48-E017581F8A49}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>10d073a7e3991c1aeea9dbdf26dbf50b</hash></key><key><path>HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{61A17659-CD56-4801-AC48-E017581F8A49}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>10d073a7e3991c1aeea9dbdf26dbf50b</hash></key><key><path>HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{61A17659-CD56-4801-AC48-E017581F8A49}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>10d073a7e3991c1aeea9dbdf26dbf50b</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CLSID\{61A17659-CD56-4801-AC48-E017581F8A49}\INPROCSERVER32</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>10d073a7e3991c1aeea9dbdf26dbf50b</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CLSID\{3cf27ada-f52d-4aa4-9db8-aa18d2b6509a}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3CF27ADA-F52D-4AA4-9DB8-AA18D2B6509A}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CF27ADA-F52D-4AA4-9DB8-AA18D2B6509A}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CLSID\{97ddab8f-ff87-416c-93da-b763b6d5c22e}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{97DDAB8F-FF87-416C-93DA-B763B6D5C22E}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{97DDAB8F-FF87-416C-93DA-B763B6D5C22E}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{97DDAB8F-FF87-416C-93DA-B763B6D5C22E}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CLSID\{b0015a8a-fe88-46a3-b44f-ab11c5df0b65}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{da521aa1-359c-4cbb-9f4b-3247ad94f480}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{50EB80FF-6BE4-4BAA-B91F-0BA66C1D718D}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{5B06DF01-8E07-4ADA-ACB3-16D95F63F3D1}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{89D430EF-18BF-4E2B-BA1F-27D93867CBB4}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9E086F93-8E11-4E9C-913E-15861A5CCF72}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{D689AA4B-D95B-4B63-839C-98E7986A0D2B}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{F0966CE1-A121-4BA8-994D-ECBF146B6DBC}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\MyWeddingAdviser_aq.SettingsPlugin.1</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\MyWeddingAdviser_aq.SettingsPlugin</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B0015A8A-FE88-46A3-B44F-AB11C5DF0B65}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B0015A8A-FE88-46A3-B44F-AB11C5DF0B65}</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyWeddingAdviser_aqbar Uninstall Firefox</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyWeddingAdviser_aqbar Uninstall Internet Explorer</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CLSID\{97DDAB8F-FF87-416C-93DA-B763B6D5C22E}\INPROCSERVER32</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></key><value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>MyWeddingAdviser AppIntegrator 32-bit</valuename><vendor>PUP.Optional.MindSpark</vendor><action>success</action><valuedata>C:\PROGRA~1\MYWEDD~2\bar\1.bin\AppIntegrator.exe</valuedata><hash>7b6562b8b0cc092d494e3783a75a7b85</hash></value><value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>MyWeddingAdviser EPM Support</valuename><vendor>PUP.Optional.MindSpark</vendor><action>success</action><valuedata>"C:\PROGRA~1\MYWEDD~2\bar\1.bin\aqmedint.exe" T8EPMSUP.DLL,S</valuedata><hash>cc149387d0ac9a9cdabd8832f011817f</hash></value><value><path>HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{3CF27ADA-F52D-4AA4-9DB8-AA18D2B6509A}</valuename><vendor>PUP.Optional.MindSpark</vendor><action>success</action><valuedata>Úzò<-õ¤J¸ªÒ¶Pš</valuedata><hash>d50ba3775329df576e29b4067a87d12f</hash></value><value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{3CF27ADA-F52D-4AA4-9DB8-AA18D2B6509A}</valuename><vendor>PUP.Optional.MindSpark</vendor><action>success</action><valuedata></valuedata><hash>d50ba3775329df576e29b4067a87d12f</hash></value><value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>MyWeddingAdviser Search Scope Monitor</valuename><vendor>PUP.Optional.MindSpark</vendor><action>success</action><valuedata>"C:\PROGRA~1\MYWEDD~2\bar\1.bin\aqsrchmn.exe" /m=2 /w /h</valuedata><hash>ffe1ce4c9edebf770732c2d41be904fc</hash></value><data><path>HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.AskWebSearch</vendor><action>replaced</action><valuedata>http://home.tb.ask.com/index.jhtml?n=780CC5E7&p2=^BIF^yyyyyy^YYA^nl&ptb=A5F27D1D-752B-4B66-B8A3-D1FD68BCBD59</valuedata><baddata>http://home.tb.ask.com/index.jhtml?n=780CC5E7&p2=^BIF^yyyyyy^YYA^nl&ptb=A5F27D1D-752B-4B66-B8A3-D1FD68BCBD59</baddata><gooddata>www.google.com</gooddata><hash>f2eeb862a6d67cba5bf80a29c243e51b</hash></data><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\APPINTEGRATORSTUB.DLL</path><vendor>PUP.Optional.MindSpark</vendor><action>delete-on-reboot</action><hash>aa36ea3084f84fe7c1d69c1e29d86898</hash></file><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqbarsvc.exe</path><vendor>PUP.Optional.MindSpark</vendor><action>delete-on-reboot</action><hash>855ba872017bc96df99e19a18c7514ec</hash></file><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqhighin.exe</path><vendor>PUP.Optional.MindSpark</vendor><action>delete-on-reboot</action><hash>fce4fe1c0b710f277720249644bd24dc</hash></file><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\APPINTEGRATOR.EXE</path><vendor>PUP.Optional.MindSpark</vendor><action>delete-on-reboot</action><hash>7b6562b8b0cc092d494e3783a75a7b85</hash></file><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\ASSISTMONITOR.DLL</path><vendor>PUP.Optional.MindSpark</vendor><action>delete-on-reboot</action><hash>0dd3c2585b21cb6b60378238738eae52</hash></file><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\HPG.DLL</path><vendor>PUP.Optional.MindSpark</vendor><action>delete-on-reboot</action><hash>c020f228413bb086fe9911a936cb13ed</hash></file><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqdlghk.dll</path><vendor>PUP.Optional.MindSpark</vendor><action>delete-on-reboot</action><hash>855b34e637456bcbfd9af3c79a67629e</hash></file><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqSrcAs.dll</path><vendor>PUP.Optional.MindSpark</vendor><action>delete-on-reboot</action><hash>10d073a7e3991c1aeea9dbdf26dbf50b</hash></file><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\TOOLBARGUARD.DLL</path><vendor>PUP.Optional.MindSpark</vendor><action>delete-on-reboot</action><hash>667a9d7ded8f1b1b2e693882e91815eb</hash></file><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL</path><vendor>PUP.Optional.MindSpark</vendor><action>delete-on-reboot</action><hash>4f911802ceae81b50b8cb00a5ba6e41c</hash></file><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqmedint.exe</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>cc149387d0ac9a9cdabd8832f011817f</hash></file><file><path>C:\Program Files\MyWeddingAdviser_aq\bar\1.bin\aqbar.dll</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>d50ba3775329df576e29b4067a87d12f</hash></file></items></mbam-log>
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.