Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: darksoul on February 10, 2014, 03:34:16 AM
-
I am currently helping a friend repair their computer. Symptoms: popup ads in Chrome, Internet Explorer, and FireFox; Slow computer; ntldr file missing which I replaced, using a Windows XP SP2 CD.
Thank you for any advice.
Requested Logs:
Results of screen317's Security Check version 0.99.79
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````[/u]
CCleaner
Java 2 Runtime Environment Standard Edition v1.3.1
Java version out of Date!
Adobe Flash Player 12.0.0.44
Adobe Reader XI
Mozilla Firefox (27.0)
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````[/u]
# AdwCleaner v3.018 - Report created 07/02/2014 at 20:35:13
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Norman - HOME
# Running from : C:\Documents and Settings\Norman\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : SProtection
***** [ Files / Folders ] *****
File Found : C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\k1ntbvvo.default-1391812259765\user.js
File Found : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
File Found : C:\windows\system32\roboot.exe
Folder Found C:\DOCUME~1\Norman\LOCALS~1\Temp\Iminent
Folder Found C:\Documents and Settings\All Users\Application Data\Systweak
Folder Found C:\Documents and Settings\Norman\Application Data\IminentToolbar
Folder Found C:\Documents and Settings\Norman\Application Data\Systweak
Folder Found C:\Documents and Settings\Norman\My Documents\optimizer pro
Folder Found C:\Program Files\Common Files\Umbrella
Folder Found C:\Program Files\Iminent
Folder Found C:\Program Files\IminentToolbar
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\Viewpoint
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Found : HKCU\Software\systweak
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\esrv.iminentESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.iminentESrvc.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\iminent.iminentappCore
Key Found : HKLM\SOFTWARE\Classes\iminent.iminentappCore.1
Key Found : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd
Key Found : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd.1
Key Found : HKLM\SOFTWARE\Classes\iminent.iminentHlpr
Key Found : HKLM\SOFTWARE\Classes\iminent.iminentHlpr.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Umbrella
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v27.0 (en-US)
[ File : C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\k1ntbvvo.default-1391812259765\prefs.js ]
-\\ Google Chrome v32.0.1700.107
[ File : C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6805 octets] - [07/02/2014 20:35:13]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6865 octets] ##########
# AdwCleaner v3.018 - Report created 07/02/2014 at 20:38:35
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Norman - HOME
# Running from : C:\Documents and Settings\Norman\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : SProtection
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Systweak
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\IminentToolbar
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Umbrella
Folder Deleted : C:\DOCUME~1\Norman\LOCALS~1\Temp\Iminent
Folder Deleted : C:\Documents and Settings\Norman\Application Data\IminentToolbar
Folder Deleted : C:\Documents and Settings\Norman\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Norman\My Documents\optimizer pro
File Deleted : C:\windows\system32\roboot.exe
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
File Deleted : C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\k1ntbvvo.default-1391812259765\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.iminentESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.iminentESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentappCore
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentHlpr
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Umbrella
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v27.0 (en-US)
[ File : C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\k1ntbvvo.default-1391812259765\prefs.js ]
-\\ Google Chrome v32.0.1700.107
[ File : C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6945 octets] - [07/02/2014 20:35:13]
AdwCleaner[S0].txt - [7007 octets] - [07/02/2014 20:38:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7067 octets] ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.08.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Norman :: HOME [administrator]
2/7/2014 8:58:30 PM
MBAM-log-2014-02-07 (21-18-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234242
Time elapsed: 19 minute(s), 50 second(s)
Memory Processes Detected: 1
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Adpeak) -> 1696 -> No action taken.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 26
HKCR\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\CLSID\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.AirInstaller) -> No action taken.
HKCR\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} (PUP.Optional.FreshyToolbar) -> No action taken.
HKCR\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} (PUP.Optional.FreshyToolbar) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C93C258D-EAF7-41F6-8DE1-C5D066E2AAD0} (PUP.Optional.FreshyToolbar) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWordTool (PUP.Optional.MyWordTool.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Level Quality Watcher (PUP.Optional.Adpeak) -> No action taken.
HKCU\SOFTWARE\IminentToolbar (PUP.Optional.Iminent.A) -> No action taken.
HKCU\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> No action taken.
HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin (PUP.Optional.TidyNetwork.A) -> No action taken.
HKCU\Software\MozillaPlugins\@tnt2npapi.com/Plugin (PUP.Optional.TidyNetwork.A) -> No action taken.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> No action taken.
HKLM\SOFTWARE\IminentToolbar (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinkHandler (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> No action taken.
HKCR\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A} (PUP.Optional.TidyNetwork.A) -> No action taken.
HKCR\CLSID\{DDE92238-1E66-45D9-A225-9F090E0FD227} (PUP.Optional.TidyNetwork.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DDE92238-1E66-45D9-A225-9F090E0FD227} (PUP.Optional.TidyNetwork.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDE92238-1E66-45D9-A225-9F090E0FD227} (PUP.Optional.TidyNetwork.A) -> No action taken.
Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Data: Iminent Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Data: -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{DDE92238-1E66-45D9-A225-9F090E0FD227} (PUP.Optional.TidyNetwork.A) -> Data: 8"éÝf�ÙE¢%Ÿ ��Ò' -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{DDE92238-1E66-45D9-A225-9F090E0FD227} (PUP.Optional.TidyNetwork.A) -> Data: -> No action taken.
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Iminent.A) -> Bad: (http://start.iminent.com/?appId=D4299943-B778-4BA9-AFCA-BF8D77C9CF8F) Good: (http://www.Google.com) -> No action taken.
Folders Detected: 13
C:\Documents and Settings\Norman\Application Data\MyWordTool (PUP.Optional.MyWordTool.A) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\mt_ffx\IminentToolbar (PUP.Optional.Iminent.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\mt_ffx\IminentToolbar\iminent (PUP.Optional.Iminent.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\mt_ffx\IminentToolbar\iminent\1.8.28.3 (PUP.Optional.Iminent.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Common (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn (PUP.Optional.MyWordTool.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0 (PUP.Optional.MyWordTool.A) -> No action taken.
Files Detected: 94
C:\Documents and Settings\Norman\Application Data\MyWordTool\temp.dat (PUP.Optional.MyWordTool.A) -> No action taken.
C:\Documents and Settings\Norman\My Documents\Downloads\Adobe%20Flash%20Player%2011.exe (PUP.Optional.Bundler) -> No action taken.
C:\Documents and Settings\Norman\My Documents\Downloads\delugetorrentclient-setup.exe (PUP.Optional.FullSpectrumAdmin) -> No action taken.
C:\Documents and Settings\Norman\My Documents\Downloads\Setup.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nsb137.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nsc134.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nseF2.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nsg13A.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nsg13D.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nshED.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nsj93.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nsoEA.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nsp140.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nst131.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nstF1.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nsvE7.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\nsyF3.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\RegClean7.exe (PUP.Optional.RegCleanerPro) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\n567\Iminent_1712-b2fcad5e.exe (PUP.Optional.Iminent.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temp\n567\RegClean_1612-230a802f.exe (PUP.Optional.RegCleanerPro) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\TNT2User.exe (PUP.Optional.FreshyToolbar) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\8SN1OPZE\MinibarFirefox[1].exe (PUP.Optional.Iminent.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\8SN1OPZE\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\BJ0UNJOV\IMinentToolbar[1].exe (PUP.Optional.Iminent) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\BJ0UNJOV\metro[1].exe (PUP.Optional.Iminent.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\HNH5Q8V3\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\X3O20ENY\IminentMinibarIE[1].exe (PUP.Optional.Iminent.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\X3O20ENY\SPIdentifierImpl[1].exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\Mozilla Firefox\browser\searchplugins\StartWeb.xml (PUP.Optional.Iminent.A) -> No action taken.
C:\Documents and Settings\Norman\Application Data\MyWordTool\.build (PUP.Optional.MyWordTool.A) -> No action taken.
C:\Documents and Settings\Norman\Application Data\MyWordTool\.user (PUP.Optional.MyWordTool.A) -> No action taken.
C:\Documents and Settings\Norman\Application Data\MyWordTool\uninst.exe (PUP.Optional.MyWordTool.A) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Adpeak) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Adpeak) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\Autorun.inf (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\crx.tar (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\GameApps.ini (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\GameConsole.exe (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\GameEngine.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\hmac.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\iestage2.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\LastSession.log (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\log.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\MinecraftShims64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\npTNT2.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\npTNT2Ghost.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\passport.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\passport64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\progress.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\regsvr.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\sqlite.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\tnt2chrome.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\TntMagicDel.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\UnInjLib.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\UnInjLib64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\UninstallDlg.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\untar.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\xpi.tar (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\2.0.0.1676\zipunzip.1.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Common\GameConsole.exe (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Common\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\icon.ico (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\inst.ini (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\LastSession.log (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\os10755.xml (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\PARTNER.1.TNT (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\partner.dat (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\passport.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\passport64.dll (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\runt.ini (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\tnt_32x32.png (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\[email protected] (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\yah10755.xml (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\1e9028fb17b03c9857fe82e37db03e49 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\5f9f36157429bedf799b0e93ace40a74 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\9ee6deec492971441eeb405bbafb4c72 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\b7d73a9a17988e27fe817c3afd99a6e6 (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\f53fa0c1784cb861b48c6f9a2ad9331f (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\TNT2\Profiles\10755\Cache\ff0ade92be2a9b2c4dba0cd480fb941a (PUP.Optional.TidyNetwork.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\build.json (PUP.Optional.MyWordTool.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\manifest.json (PUP.Optional.MyWordTool.A) -> No action taken.
C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\script.js (PUP.Optional.MyWordTool.A) -> No action taken.
(end)
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please run MBAM again. Make sure all infections have a checkmark and click on "Remove Selected".
*************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message
****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
I apologize for the late response. I scheduled Thursday with my friend to work on her computer some more. I will post the MBAM log, JRT log, and security check log on Thursday, Febuary 13 2014.
Thank you for your patience.
-
No problem. I'll wait for the logs.
-
I printed out the instructions and handed them to my friend. She has been very busy lately. I will reply back to this thread as soon as anything changes and with any logs requested.
Thank you for all the advice and assistance. Especially your patience.
-
Thank you for your patience. Here are the logs requested:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Norman on Sun 02/23/2014 at 12:07:19.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3723271197-429115175-1203367206-1007\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411411150}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422412250}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455415550}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466416650}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444414450}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411411150}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411411150}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}
~~~ Files
Successfully deleted: [File] C:\windows\Tasks\amiupdxp.job
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\Norman\Application Data\swvupdater"
Successfully deleted: [Folder] "C:\Documents and Settings\Norman\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\mypc backup"
~~~ FireFox
Successfully deleted: [Folder] C:\Documents and Settings\Norman\Application Data\mozilla\firefox\profiles\k1ntbvvo.default-1391812259765\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
Successfully deleted the following from C:\Documents and Settings\Norman\Application Data\mozilla\firefox\profiles\k1ntbvvo.default-1391812259765\prefs.js
user_pref("browser.search.defaultenginename", "Conduit Search");
user_pref("extensions.crossrider.bic", "144583a05b2ebdec1e5a5869b2e1281a");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/23/2014 at 12:14:47.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Results of screen317's Security Check version 0.99.79
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 2 Runtime Environment Standard Edition v1.3.1
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader XI
Mozilla Firefox (27.0.1)
Google Chrome 32.0.1700.107
Google Chrome 33.0.1750.117
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````[/u]
===================================
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.23.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Norman :: HOME [administrator]
2/23/2014 1:06:26 PM
mbam-log-2014-02-23 (13-06-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237232
Time elapsed: 13 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 9
HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4A36AF02-3E2F-47DD-A102-784D22E8C2B8} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKCR\Interface\{B71BC738-1C95-4784-B6AF-5B0964B895D9} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Documents and Settings\Norman\My Documents\Downloads\Setup.exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\Norman\My Documents\Downloads\Unconfirmed 763285.crdownload (PUP.Optional.InstallBrain) -> Quarantined and deleted successfully.
C:\Temp\InstallFilter32.msi (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
(end)
-
Malwarebytes' Anti-Rootkit
Please download Malwarebytes' Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
- Be sure to print out and follow the instructions provided on that same page for performing a scan.
- Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
- When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
- Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
- Copy and paste the contents of these two log files in your next reply.
-
Thank you for the quick reply. I will email her and text her the importance of running a scan with Malwarebytes' Anti-Rootkit. Is there evidence of a Rootkit stealing personal information? If so, then would it by advisable to recommend she change all account passwords, update retrieval information, and especially remove all credit cards/debit cards associated to any online stores?
I forgot to mention in my last reply, that a VuuPc installer appears on the screen after bootup and during normal operations on the computer. I looked it up and its a third party application for Remote Assistance.
Thank you for the quick response.
-
Is there evidence of a Rootkit stealing personal information?
Not yet but I just want to be sure.
I forgot to mention in my last reply, that a VuuPc installer appears on the screen after bootup and during normal operations on the computer.
Look in Control Panel, Remove Programs and see if it's there. If it is, please uninstall it.
-
I looked in the Add/Remove programs control panel and VuuPc was not listed.
I will run Malwarebytes' Anti-Rootkit the next time she is available. I am hoping its soon, so her computer doesn't end up loosing her school work. She says its backed up on a flash drive :).
Her computer had an NTLDR file missing screen, awhile back. I read an article on how to replace it using the Windows XP installation CD or a recovery console CD. A computer repair shop made a Windows XP Home SP2 CD for recovery purposes. I think it was the wrong version of the NTLDR file. Her computer is running Windows XP Home SP3 and the NTLDR I replaced with was a SP2 version. Is it possible this could cause the computer to be unstable as well?
Thank you again for any advice.
-
Let's check the MBR(master boot record)
Here (http://www.computerhope.com/issues/ch000465.htm) is some info on NTLDR problem.
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
I hope to keep this thread open longer. I am in the process of scheduling a day, as it's my friends' computer, to check out the Master Boot Record using aswMBR by AVAST.
Thank you for patience and understanding.
-
Ok, I'll wait for your reply.