Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Frequent popup ads in internet browsers (Chrom, FireFox, Internet Explorer)  (Read 1612 times)

0 Members and 1 Guest are viewing this topic.

darksoul

    Topic Starter


    Rookie

    • Experience: Familiar
    • OS: Windows XP
    I am currently helping a friend repair their computer.  Symptoms: popup ads in Chrome, Internet Explorer, and FireFox; Slow computer; ntldr file missing which I replaced, using a Windows XP SP2 CD.

    Thank you for any advice.

    Requested Logs:
    Results of screen317's Security Check version 0.99.79 
     Windows XP Service Pack 3 x86   
     Internet Explorer 8 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
     Microsoft Security Essentials   
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     CCleaner     
     Java 2 Runtime Environment Standard Edition v1.3.1
     Java version out of Date!
     Adobe Flash Player    12.0.0.44 
     Adobe Reader XI 
     Mozilla Firefox (27.0)
     Google Chrome 32.0.1700.102 
     Google Chrome 32.0.1700.107 
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     Microsoft Security Essentials MSMpEng.exe
     Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C:: 3%
    ````````````````````End of Log``````````````````````[/u]

    # AdwCleaner v3.018 - Report created 07/02/2014 at 20:35:13
    # Updated 28/01/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Norman - HOME
    # Running from : C:\Documents and Settings\Norman\Desktop\adwcleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : SProtection

    ***** [ Files / Folders ] *****

    File Found : C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\k1ntbvvo.default-1391812259765\user.js
    File Found : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
    File Found : C:\windows\system32\roboot.exe
    Folder Found C:\DOCUME~1\Norman\LOCALS~1\Temp\Iminent
    Folder Found C:\Documents and Settings\All Users\Application Data\Systweak
    Folder Found C:\Documents and Settings\Norman\Application Data\IminentToolbar
    Folder Found C:\Documents and Settings\Norman\Application Data\Systweak
    Folder Found C:\Documents and Settings\Norman\My Documents\optimizer pro
    Folder Found C:\Program Files\Common Files\Umbrella
    Folder Found C:\Program Files\Iminent
    Folder Found C:\Program Files\IminentToolbar
    Folder Found C:\Program Files\MyPC Backup
    Folder Found C:\Program Files\MyPC Backup
    Folder Found C:\Program Files\Viewpoint

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\Iminent
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
    Key Found : HKCU\Software\systweak
    Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Classes\esrv.iminentESrvc
    Key Found : HKLM\SOFTWARE\Classes\esrv.iminentESrvc.1
    Key Found : HKLM\SOFTWARE\Classes\I
    Key Found : HKLM\SOFTWARE\Classes\Iminent
    Key Found : HKLM\SOFTWARE\Classes\iminent.iminentappCore
    Key Found : HKLM\SOFTWARE\Classes\iminent.iminentappCore.1
    Key Found : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd
    Key Found : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd.1
    Key Found : HKLM\SOFTWARE\Classes\iminent.iminentHlpr
    Key Found : HKLM\SOFTWARE\Classes\iminent.iminentHlpr.1
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
    Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\Software\MetaStream
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Found : HKLM\Software\systweak
    Key Found : HKLM\Software\Umbrella
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v27.0 (en-US)

    [ File : C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\k1ntbvvo.default-1391812259765\prefs.js ]


    -\\ Google Chrome v32.0.1700.107

    [ File : C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [6805 octets] - [07/02/2014 20:35:13]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6865 octets] ##########

    # AdwCleaner v3.018 - Report created 07/02/2014 at 20:38:35
    # Updated 28/01/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Norman - HOME
    # Running from : C:\Documents and Settings\Norman\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : SProtection

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Systweak
    Folder Deleted : C:\Program Files\Iminent
    Folder Deleted : C:\Program Files\IminentToolbar
    Folder Deleted : C:\Program Files\MyPC Backup
    Folder Deleted : C:\Program Files\Viewpoint
    Folder Deleted : C:\Program Files\Common Files\Umbrella
    Folder Deleted : C:\DOCUME~1\Norman\LOCALS~1\Temp\Iminent
    Folder Deleted : C:\Documents and Settings\Norman\Application Data\IminentToolbar
    Folder Deleted : C:\Documents and Settings\Norman\Application Data\Systweak
    Folder Deleted : C:\Documents and Settings\Norman\My Documents\optimizer pro
    File Deleted : C:\windows\system32\roboot.exe
    File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
    File Deleted : C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\k1ntbvvo.default-1391812259765\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.iminentESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.iminentESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\I
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent
    Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentappCore
    Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
    Key Deleted : HKCU\Software\Iminent
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\Umbrella
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v27.0 (en-US)

    [ File : C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\k1ntbvvo.default-1391812259765\prefs.js ]


    -\\ Google Chrome v32.0.1700.107

    [ File : C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [6945 octets] - [07/02/2014 20:35:13]
    AdwCleaner[S0].txt - [7007 octets] - [07/02/2014 20:38:35]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7067 octets] ##########


    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.02.08.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Norman :: HOME [administrator]

    2/7/2014 8:58:30 PM
    MBAM-log-2014-02-07 (21-18-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 234242
    Time elapsed: 19 minute(s), 50 second(s)

    Memory Processes Detected: 1
    C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Adpeak) -> 1696 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 26
    HKCR\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4} (PUP.Optional.Iminent.A) -> No action taken.
    HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> No action taken.
    HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> No action taken.
    HKCR\CLSID\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.AirInstaller) -> No action taken.
    HKCR\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} (PUP.Optional.FreshyToolbar) -> No action taken.
    HKCR\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} (PUP.Optional.FreshyToolbar) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C93C258D-EAF7-41F6-8DE1-C5D066E2AAD0} (PUP.Optional.FreshyToolbar) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWordTool (PUP.Optional.MyWordTool.A) -> No action taken.
    HKLM\SYSTEM\CurrentControlSet\Services\Level Quality Watcher (PUP.Optional.Adpeak) -> No action taken.
    HKCU\SOFTWARE\IminentToolbar (PUP.Optional.Iminent.A) -> No action taken.
    HKCU\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> No action taken.
    HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin (PUP.Optional.TidyNetwork.A) -> No action taken.
    HKCU\Software\MozillaPlugins\@tnt2npapi.com/Plugin (PUP.Optional.TidyNetwork.A) -> No action taken.
    HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> No action taken.
    HKLM\SOFTWARE\IminentToolbar (PUP.Optional.Iminent.A) -> No action taken.
    HKLM\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> No action taken.
    HKLM\SYSTEM\CurrentControlSet\Services\WinkHandler (PUP.Optional.Iminent.A) -> No action taken.
    HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> No action taken.
    HKCR\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A} (PUP.Optional.TidyNetwork.A) -> No action taken.
    HKCR\CLSID\{DDE92238-1E66-45D9-A225-9F090E0FD227} (PUP.Optional.TidyNetwork.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DDE92238-1E66-45D9-A225-9F090E0FD227} (PUP.Optional.TidyNetwork.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDE92238-1E66-45D9-A225-9F090E0FD227} (PUP.Optional.TidyNetwork.A) -> No action taken.

    Registry Values Detected: 5
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Data: Iminent Toolbar -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Data:  -> No action taken.
    HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{DDE92238-1E66-45D9-A225-9F090E0FD227} (PUP.Optional.TidyNetwork.A) -> Data: 8"éÝfŮE˘%ź   Ň' -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{DDE92238-1E66-45D9-A225-9F090E0FD227} (PUP.Optional.TidyNetwork.A) -> Data:  -> No action taken.

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Iminent.A) -> Bad: (http://start.iminent.com/?appId=D4299943-B778-4BA9-AFCA-BF8D77C9CF8F) Good: (http://www.Google.com) -> No action taken.

    Folders Detected: 13
    C:\Documents and Settings\Norman\Application Data\MyWordTool (PUP.Optional.MyWordTool.A) -> No action taken.
    C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\mt_ffx\IminentToolbar (PUP.Optional.Iminent.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\mt_ffx\IminentToolbar\iminent (PUP.Optional.Iminent.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\mt_ffx\IminentToolbar\iminent\1.8.28.3 (PUP.Optional.Iminent.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2 (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676 (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Common (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755 (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn (PUP.Optional.MyWordTool.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0 (PUP.Optional.MyWordTool.A) -> No action taken.

    Files Detected: 94
    C:\Documents and Settings\Norman\Application Data\MyWordTool\temp.dat (PUP.Optional.MyWordTool.A) -> No action taken.
    C:\Documents and Settings\Norman\My Documents\Downloads\Adobe%20Flash%20Player%2011.exe (PUP.Optional.Bundler) -> No action taken.
    C:\Documents and Settings\Norman\My Documents\Downloads\delugetorrentclient-setup.exe (PUP.Optional.FullSpectrumAdmin) -> No action taken.
    C:\Documents and Settings\Norman\My Documents\Downloads\Setup.exe (PUP.Optional.AirInstaller) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nsb137.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nsc134.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nseF2.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nsg13A.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nsg13D.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nshED.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nsj93.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nsoEA.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nsp140.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nst131.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nstF1.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nsvE7.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\nsyF3.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\RegClean7.exe (PUP.Optional.RegCleanerPro) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\n567\Iminent_1712-b2fcad5e.exe (PUP.Optional.Iminent.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temp\n567\RegClean_1612-230a802f.exe (PUP.Optional.RegCleanerPro) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\TNT2User.exe (PUP.Optional.FreshyToolbar) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\8SN1OPZE\MinibarFirefox[1].exe (PUP.Optional.Iminent.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\8SN1OPZE\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\BJ0UNJOV\IMinentToolbar[1].exe (PUP.Optional.Iminent) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\BJ0UNJOV\metro[1].exe (PUP.Optional.Iminent.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\HNH5Q8V3\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\X3O20ENY\IminentMinibarIE[1].exe (PUP.Optional.Iminent.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\X3O20ENY\SPIdentifierImpl[1].exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Program Files\Mozilla Firefox\browser\searchplugins\StartWeb.xml (PUP.Optional.Iminent.A) -> No action taken.
    C:\Documents and Settings\Norman\Application Data\MyWordTool\.build (PUP.Optional.MyWordTool.A) -> No action taken.
    C:\Documents and Settings\Norman\Application Data\MyWordTool\.user (PUP.Optional.MyWordTool.A) -> No action taken.
    C:\Documents and Settings\Norman\Application Data\MyWordTool\uninst.exe (PUP.Optional.MyWordTool.A) -> No action taken.
    C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Adpeak) -> No action taken.
    C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Adpeak) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\Autorun.inf (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\crx.tar (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\GameApps.ini (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\GameConsole.exe (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\GameEngine.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\hmac.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\iestage2.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\LastSession.log (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\log.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\MinecraftShims64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\npTNT2.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\npTNT2Ghost.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\passport.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\passport64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\progress.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\regsvr.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\sqlite.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\tnt2chrome.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\TntMagicDel.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\UnInjLib.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\UnInjLib64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\UninstallDlg.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\untar.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\xpi.tar (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\zipunzip.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Common\GameConsole.exe (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Common\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\icon.ico (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\inst.ini (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\LastSession.log (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\os10755.xml (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\PARTNER.1.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\partner.dat (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\passport.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\passport64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\runt.ini (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\tnt_32x32.png (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\toolbar10755@findwide.com.xpi (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\yah10755.xml (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\1e9028fb17b03c9857fe82e37db03e49 (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\5f9f36157429bedf799b0e93ace40a74 (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\9ee6deec492971441eeb405bbafb4c72 (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\b7d73a9a17988e27fe817c3afd99a6e6 (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\f53fa0c1784cb861b48c6f9a2ad9331f (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\ff0ade92be2a9b2c4dba0cd480fb941a (PUP.Optional.TidyNetwork.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\build.json (PUP.Optional.MyWordTool.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\manifest.json (PUP.Optional.MyWordTool.A) -> No action taken.
    C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\script.js (PUP.Optional.MyWordTool.A) -> No action taken.

    (end)

    SuperDave

    • Malware Removal Specialist


    • Sage
    • Thanked: 840
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please run MBAM again. Make sure all infections have a checkmark and click on "Remove Selected".
    *************************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message
    ****************************************
    Download Security Check by screen317 from one of the following links and save it to your desktop.

    Link 1
    Link 2

    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.

    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

    darksoul

      Topic Starter


      Rookie

      • Experience: Familiar
      • OS: Windows XP
      I apologize for the late response.  I scheduled Thursday with my friend to work on her computer some more.  I will post the MBAM log, JRT log, and security check log on Thursday, Febuary 13 2014. 

      Thank you for your patience.

      SuperDave

      • Malware Removal Specialist


      • Sage
      • Thanked: 840
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      No problem. I'll wait for the logs.
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

      darksoul

        Topic Starter


        Rookie

        • Experience: Familiar
        • OS: Windows XP
        I printed out the instructions and handed them to my friend.  She has been very busy lately.   I will reply back to this thread as soon as anything changes and with any logs requested.

        Thank you for all the advice and assistance.  Especially your patience.


        darksoul

          Topic Starter


          Rookie

          • Experience: Familiar
          • OS: Windows XP

          Thank you for your patience.  Here are the logs requested:

          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          Junkware Removal Tool (JRT) by Thisisu
          Version: 6.1.2 (02.20.2014:1)
          OS: Microsoft Windows XP x86
          Ran by Norman on Sun 02/23/2014 at 12:07:19.10
          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




          ~~~ Services



          ~~~ Registry Values

          Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
          Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
          Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
          Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
          Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
          Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3723271197-429115175-1203367206-1007\Software\Microsoft\Internet Explorer\Main\\Start Page
          Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
          Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



          ~~~ Registry Keys

          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
          Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
          Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\crossrider
          Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.BHO
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.BHO.1
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.Sandbox
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.Sandbox.1
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411411150}
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422412250}
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455415550}
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466416650}
          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444414450}
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.BHO
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.BHO.1
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.Sandbox
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.Sandbox.1
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455415550}
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466416650}
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}
          Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411411150}
          Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411411150}
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}



          ~~~ Files

          Successfully deleted: [File] C:\windows\Tasks\amiupdxp.job
          Successfully deleted: [File] "C:\end"



          ~~~ Folders

          Successfully deleted: [Folder] "C:\Documents and Settings\Norman\Application Data\swvupdater"
          Successfully deleted: [Folder] "C:\Documents and Settings\Norman\Local Settings\Application Data\conduit"
          Successfully deleted: [Folder] "C:\Program Files\conduit"
          Successfully deleted: [Folder] "C:\Program Files\mypc backup"



          ~~~ FireFox

          Successfully deleted: [Folder] C:\Documents and Settings\Norman\Application Data\mozilla\firefox\profiles\k1ntbvvo.default-1391812259765\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
          Successfully deleted the following from C:\Documents and Settings\Norman\Application Data\mozilla\firefox\profiles\k1ntbvvo.default-1391812259765\prefs.js

          user_pref("browser.search.defaultenginename", "Conduit Search");
          user_pref("extensions.crossrider.bic", "144583a05b2ebdec1e5a5869b2e1281a");

          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          Scan was completed on Sun 02/23/2014 at 12:14:47.56
          End of JRT log
          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


           Results of screen317's Security Check version 0.99.79 
           Windows XP Service Pack 3 x86   
           Internet Explorer 8 
          ``````````````Antivirus/Firewall Check:``````````````[/u]
           Windows Firewall Enabled! 
           Microsoft Security Essentials   
          `````````Anti-malware/Other Utilities Check:`````````[/u]
           Malwarebytes Anti-Malware version 1.75.0.1300 
           CCleaner     
           Java 2 Runtime Environment Standard Edition v1.3.1
           Java 7 Update 51 
           Adobe Flash Player    12.0.0.70 
           Adobe Reader XI 
           Mozilla Firefox (27.0.1)
           Google Chrome 32.0.1700.107 
           Google Chrome 33.0.1750.117 
          ````````Process Check: objlist.exe by Laurent````````[/u] 
           Microsoft Security Essentials MSMpEng.exe
           Microsoft Security Essentials msseces.exe
          `````````````````System Health check`````````````````[/u]
           Total Fragmentation on Drive C:: 5%
          ````````````````````End of Log``````````````````````[/u]


          ===================================

          Malwarebytes Anti-Malware 1.75.0.1300
          www.malwarebytes.org

          Database version: v2014.02.23.08

          Windows XP Service Pack 3 x86 NTFS
          Internet Explorer 8.0.6001.18702
          Norman :: HOME [administrator]

          2/23/2014 1:06:26 PM
          mbam-log-2014-02-23 (13-06-26).txt

          Scan type: Quick scan
          Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
          Scan options disabled: P2P
          Objects scanned: 237232
          Time elapsed: 13 minute(s), 23 second(s)

          Memory Processes Detected: 0
          (No malicious items detected)

          Memory Modules Detected: 0
          (No malicious items detected)

          Registry Keys Detected: 9
          HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
          HKCR\TypeLib\{4A36AF02-3E2F-47DD-A102-784D22E8C2B8} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
          HKCR\Interface\{B71BC738-1C95-4784-B6AF-5B0964B895D9} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
          HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
          HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
          HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
          HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
          HKLM\SOFTWARE\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

          Registry Values Detected: 0
          (No malicious items detected)

          Registry Data Items Detected: 0
          (No malicious items detected)

          Folders Detected: 0
          (No malicious items detected)

          Files Detected: 3
          C:\Documents and Settings\Norman\My Documents\Downloads\Setup.exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Norman\My Documents\Downloads\Unconfirmed 763285.crdownload (PUP.Optional.InstallBrain) -> Quarantined and deleted successfully.
          C:\Temp\InstallFilter32.msi (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

          (end)

          SuperDave

          • Malware Removal Specialist


          • Sage
          • Thanked: 840
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Malwarebytes' Anti-Rootkit

          Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
          • Be sure to print out and follow the instructions provided on that same page for performing a scan.
          • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
          • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
          • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
          • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
          • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
          • Copy and paste the contents of these two log files in your next reply.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

          darksoul

            Topic Starter


            Rookie

            • Experience: Familiar
            • OS: Windows XP
            Thank you for the quick reply.  I will email her and text her the importance of running a scan with Malwarebytes' Anti-Rootkit.  Is there evidence of a Rootkit stealing personal information?  If so, then would it by advisable to recommend she change all account passwords, update retrieval information, and especially remove all credit cards/debit cards associated to any online stores?

            I forgot to mention in my last reply, that a VuuPc installer appears on the screen after bootup and during normal operations on the computer.  I looked it up and its a third party application for Remote Assistance.

            Thank you for the quick response.

            SuperDave

            • Malware Removal Specialist


            • Sage
            • Thanked: 840
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Quote
            Is there evidence of a Rootkit stealing personal information?
            Not yet but I just want to be sure.
            Quote
            I forgot to mention in my last reply, that a VuuPc installer appears on the screen after bootup and during normal operations on the computer.
            Look in Control Panel, Remove Programs and see if it's there. If it is, please uninstall it.
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

            darksoul

              Topic Starter


              Rookie

              • Experience: Familiar
              • OS: Windows XP
              I looked in the Add/Remove programs control panel and VuuPc was not listed. 

              I will run Malwarebytes' Anti-Rootkit the next time she is available.  I am hoping its soon, so her computer doesn't end up loosing her school work.  She says its backed up on a flash drive :)

              Her computer had an NTLDR file missing screen, awhile back.  I read an article on how to replace it using the Windows XP installation CD or a recovery console CD.  A computer repair shop made a Windows XP Home SP2 CD for recovery purposes.  I think it was the wrong version of the NTLDR file.  Her computer is running Windows XP Home SP3 and the NTLDR I replaced with was a SP2 version.  Is it possible this could cause the computer to be unstable as well?

              Thank you again for any advice.

              SuperDave

              • Malware Removal Specialist


              • Sage
              • Thanked: 840
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: Frequent popup ads in internet browsers (Chrom, FireFox, Internet Explorer)
              « Reply #10 on: February 27, 2014, 11:07:36 AM »
              Let's check the MBR(master boot record)
              Here is some info on NTLDR problem.

              Please download aswMBR.exe ( 511KB ) to your desktop.

              Double click the aswMBR.exe to run it



              Click the "Scan" button to start scan

              Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



              On completion of the scan click save log, save it to your desktop and post in your next reply
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

              darksoul

                Topic Starter


                Rookie

                • Experience: Familiar
                • OS: Windows XP
                I hope to keep this thread open longer.  I am in the process of scheduling a day, as it's my friends' computer,  to check out the Master Boot Record  using aswMBR by AVAST.

                Thank you for patience and understanding. 

                SuperDave

                • Malware Removal Specialist


                • Sage
                • Thanked: 840
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Ok, I'll wait for your reply.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender