Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is this version of Updater.exe Kosher or non-Kosher?


  • Please log in to reply
16 replies to this topic

#1 DumbBunny

DumbBunny

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 AM

Posted 04 March 2013 - 11:51 PM

Hello, Computer Fans:

 

I have multiple issues that have been building up, but I'll start with this one.

 

 

Perceived problem:

 

1. I noticed an application in a Temp folder called "Updater.exe". These are the "Properties" information values:

 

"Type of file: Application
Description: Software version updater
Location: C:\Documents and Settings\JE\local Settings\Temp
Size: 293 KB [300.584 bytes]
Size on disk: 296 KB [303.104 bytes]
Created: Wednesday, January 09, 2013, 11:27:37 PM
Modified: Sunday, January 27, 2013, 11:28:02 AM
Accessed: Today, March 04. 2013, 5:38:44 PM

Company: Amonetize ltd.
File version: 1.1.3.6
Internal Name: Updater.exe
Language: English [United States]
Original file name: Updater.exe
Product Name: Launcher
Product Version: 1.1.3.6"

 

2. I ran Malwarebytes. It detected:

 

"Registry Keys Detected: 6
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater).
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater).
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater).
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater).
HKCR\Updater.AmiUpd (PUP.Software.Updater).

Folders Detected: 1
C:\Documents and Settings\JE\Application Data\SwvUpdater (PUP.Software.Updater).

Files Detected: 4
C:\Documents and Settings\JE\Application Data\SwvUpdater\Updater.exe (PUP.Software.Updater).
C:\Documents and Settings\JE\Application Data\SwvUpdater\Updater.xml (PUP.Software.Updater).
C:\Documents and Settings\JE\Application Data\SwvUpdater\status.cfg (PUP.Software.Updater).
C:\WINDOWS\Tasks\AmiUpdXp.job (PUP.Software.Updater)."

 

3. The SwvUpdater file immediately above contains:

Updater.exe  [identical "Properties" information as the above item #1]
staus.cfg
Updater.xml
 

4. The only unlikely reference I could find on the Internet to "Swv" is a singing group named Sisters With Voices. I didn't see any programs with that name.

 

5. I looked in "Add or Remove Programs", but there's nothing listed that's named "SwvUpdater", "Launcher", or "Amonetize".

 

6. This webpage seems to refer to the same Updater.exe application by Amonetize ltd. (slightly different version number, though), but only one person has looked at it and found it a threat. No others have weighed in: http://systemexplorer.net/file-database/file/updater-exe/14067525&.

 

7. I can see from the "Properties" information in point #1 that this application is active, even unto today. So, it's doing something. Fingers crossed that it's powers are for good.

 

8. I use Windows XP Pro, Service Pack 3 x 86 NTFS, Lenovo laptop. I use Firefox and Opera, and IE only when forced to.

 

 

Summary:

 

* Clearly, the application is annoying Malwarebytes.

* One evaluator at a site called "System Explorer" finds it a threat, but is only one person.

* I don't know what SwvUpdater/Launcher/whatever it calls itself does, but then I don't know what 75% of my computer applications do. >_<

* The company name of "Amonetize ltd" would seem to have something to do with ads, which makes me nervous.

 

 

Questions:

 

Is this some flavor of malware? If not, I'm sorry for causing a commotion over nothing.

 

Should I delete the SwvUpdater folder from the Applications Data folder? If so, how do I do that since it doesn't appear in the "Add or Delete Programs" list? 

 

I assume that simply right-click deleting the Updater.exe from the Temp file is sufficient there?

 

Thank you for your time.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:47 AM

Posted 09 March 2013 - 10:10 PM

Hello and welcome..

 

Well as you can see updater.exe can be the update exe file for a lot of applications. Thereis a 50/50 chancs it is an infection when it is located outside  the Windows\System32 folder,like yours.

The  SwvUpdater may be a Samsung updater but I am suspecting all yours are malware as you already haveupdater malwares found.

 

Amonetize provides a unique marketplace & technology platform that introduces software’s users to new software products which they may be interested in.how-it-works5.jpgWe provide our own installer software component. Our installer easily integrates with any Windows software product

 

Hence is is a spyware... http://www.amonetize.com/how-it-works/

 

 

 

 

Did MBAM rmove those findings?

Let's look further.

 


MiniToolBox
Please download , save it to your desktop and run it.Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 

 

>>>

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.


>>>>

 

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 DumbBunny

DumbBunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 AM

Posted 13 March 2013 - 08:09 AM

Hello, Boopme.

 

I apologize for not responding sooner. The messages in this thread: http://www.bleepingcomputer.com/forums/t/400074/please-post-in-this-topic-if-you-have-not-received-help-after-three-days/ had "Replied" entered into their original post, but mine didn't, so I figured that it wasn't going to be addressed. I now see where you entered a new message into the thread farther down. :blush:  

 

I shall get busy with your suggestions. Thank you.


Edited by DumbBunny, 13 March 2013 - 08:10 AM.


#4 DumbBunny

DumbBunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 AM

Posted 13 March 2013 - 08:13 AM

PS: To my knowledge, there is no Samsung software on my computer. I didn't have MB do anything as I didn't want to inadvertently delete a vital program and make the computer blow up.


Edited by DumbBunny, 13 March 2013 - 08:22 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:47 AM

Posted 13 March 2013 - 09:01 AM

All's good do the scans and I'll look back.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 DumbBunny

DumbBunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 AM

Posted 13 March 2013 - 04:07 PM

Hello,

 

I ran the three programs as instructed.

 

All the nasties that AdwCleaner removed - YIKES!

 

The only problem I had was with running Eset Online Scanner. About 1:45:00 in, something updated without permission and restarted the computer. It wasn't Microsoft or Adobe, they always just notify me that updates are available. I re-started the scan and it finished without incident. 

 

That Amonetize updater file is gone from C:\Documents and Settings\JE\Application Data\SwvUpdater, but is still in the C:\Documents and Settings\JE\Local Settings\Temp. It was accessed about 40 minutes ago, after the EOS.

 

Fingers crossed!

 

 

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

 

MiniToolBox by Farbar Version:05-03-2013


Ran by JE (administrator) on 13-03-2013 at 09:39:08
Running from "C:\Documents and Settings\JE\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:25561

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Intel® 82566MM Gigabit Network Connection = Local Area Connection 3 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : LENOVO-D19D7B6B

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN

Physical Address. . . . . . . . . : 00-1D-E0-27-4D-0B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : ?

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

?

?

?

Lease Obtained. . . . . . . . . . : Wednesday, March 13, 2013 9:38:00 AM

Lease Expires . . . . . . . . . . : Thursday, March 14, 2013 9:38:00 AM



Ethernet adapter Local Area Connection 3:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® 82566MM Gigabit Network Connection

Physical Address. . . . . . . . . : 00-1E-37-1E-B1-43



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : ?

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.43.5, 173.194.43.3, 173.194.43.2, 173.194.43.8
173.194.43.0, 173.194.43.6, 173.194.43.4, 173.194.43.14, 173.194.43.9
173.194.43.1, 173.194.43.7



Pinging google.com [173.194.43.2] with 32 bytes of data:



Reply from 173.194.43.2: bytes=32 time=12ms TTL=55

Reply from 173.194.43.2: bytes=32 time=9ms TTL=55



Ping statistics for 173.194.43.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 9ms, Maximum = 12ms, Average = 10ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 206.190.36.45, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=622ms TTL=52

Reply from 98.139.183.24: bytes=32 time=323ms TTL=52



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 323ms, Maximum = 622ms, Average = 472ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d e0 27 4d 0b ...... Intel® Wireless WiFi Link 4965AGN - Packet Scheduler Miniport
0x3 ...00 1e 37 1e b1 43 ...... Intel® 82566MM Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
255.255.255.255 255.255.255.255 192.168.1.2 3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/08/2013 11:34:19 AM) (Source: nview_info) (User: )
Description: NVIEW : opera: shared heap exhausted or damaged

Error: (03/08/2013 11:34:19 AM) (Source: nview_info) (User: )
Description: NVIEW : opera: shared heap exhausted or damaged

Error: (03/08/2013 11:34:19 AM) (Source: nview_info) (User: )
Description: NVIEW : opera: shared heap exhausted or damaged

Error: (03/08/2013 11:34:19 AM) (Source: nview_info) (User: )
Description: NVIEW : opera: shared heap exhausted or damaged

Error: (03/08/2013 11:34:19 AM) (Source: nview_info) (User: )
Description: NVIEW : opera: shared heap exhausted or damaged

Error: (03/08/2013 11:34:19 AM) (Source: nview_info) (User: )
Description: NVIEW : opera: shared heap exhausted or damaged

Error: (03/08/2013 11:34:19 AM) (Source: nview_info) (User: )
Description: NVIEW : opera: shared heap exhausted or damaged

Error: (03/08/2013 11:34:19 AM) (Source: nview_info) (User: )
Description: NVIEW : opera: shared heap exhausted or damaged

Error: (03/08/2013 11:34:19 AM) (Source: nview_info) (User: )
Description: NVIEW : opera: shared heap exhausted or damaged

Error: (03/08/2013 11:34:19 AM) (Source: nview_info) (User: )
Description: NVIEW : opera: shared heap exhausted or damaged


System errors:
=============
Error: (03/13/2013 01:34:37 AM) (Source: 0) (User: )
Description:

Error: (03/12/2013 00:01:14 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864).

Error: (03/12/2013 00:00:47 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2539631).

Error: (03/12/2013 00:00:42 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error: (03/12/2013 09:41:00 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Error: (03/12/2013 09:41:00 AM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (03/12/2013 09:41:00 AM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (03/12/2013 09:40:45 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Error: (03/12/2013 09:40:45 AM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (03/12/2013 09:40:45 AM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.2)
Access Help (Version: 2.02)
Add-ons (Version: 1.0.0.0)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe AIR (Version: 1.5.2.8900)
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Download Manager (Version: 1.6.2.63)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Photoshop Elements 5.0 (Version: 5.0)
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader XI (Version: 11.0.00)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Annotations (Version: 1.0.0.0)
Annotations Help (Version: 1.0.0.0)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
Block Diagrams (Version: 1.0.0.0)
Block Diagrams Help (Version: 1.0.0.0)
Borders and Backgrounds (Version: 1.0.0.0)
Borders and Backgrounds Help (Version: 1.0.0.0)
BPD_Scan (Version: 3.00.0000)
BPDSoftware (Version: 82.0.173.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 82.0.173.000)
Building Architecture (Version: 1.0.0.0)
Building Architecture Help (Version: 1.0.0.0)
Building Services (Version: 1.0.0.0)
Building Services Help (Version: 1.0.0.0)
CAD Drawing Converter (Version: 1.0.0.0)
CAD Drawing Converter Help (Version: 1.0.0.0)
CAD Drawing Display (Version: 1.0.0.0)
Callouts and Connectors (Version: 1.0.0.0)
Callouts and Connectors Help (Version: 1.0.0.0)
CCleaner (Version: 3.23)
Clip Art and Symbols (Version: 1.0.0.0)
Clip Art and Symbols Help (Version: 1.0.0.0)
CP_CalendarTemplates1 (Version: 70.0.170.000)
cp_OnlineProjectsConfig (Version: 70.0.170.000)
CP_Package_Basic1 (Version: 70.0.170.000)
CP_Panorama1Config (Version: 70.0.170.000)
cp_PosterPrintConfig (Version: 70.0.170.000)
Creative ZEN V Series (Version: 1.0)
Custom Patterns (Version: 1.0.0.0)
Custom Properties Editor (Version: 1.0.0.0)
CustomerResearchQFolder (Version: 1.00.0000)
Database Wizard (Version: 1.0.0.0)
Developing Visio Solutions Help (Version: 1.0.0.0)
DeviceManagementQFolder (Version: 1.00.0000)
Diskeeper Lite (Version: 7.0.418)
DocProcQFolder (Version: 1.00.0000)
Electrical Engineering (Version: 1.0.0.0)
Electrical Engineering Help (Version: 1.0.0.0)
Equipment Selector (Version: 1.0.0.0)
Equipment Selector Furniture Database (Version: 1.0.0.0)
Equipment Selector Help (Version: 1.0.0.0)
eSupportQFolder (Version: 1.00.0000)
Facilities Management (Version: 1.0.0.0)
Facilities Management Help (Version: 1.0.0.0)
Family Archive Vie
Fax (Version: 82.0.188.000)
Flowcharts (Version: 1.0.0.0)
Flowcharts Help (Version: 1.0.0.0)
Fluid Power (Version: 1.0.0.0)
Fluid Power Help (Version: 1.0.0.0)
Forms and Charts (Version: 1.0.0.0)
Forms and Charts Help (Version: 1.0.0.0)
Foundation technical (Version: 1.0.0.0)
GIMP 2.6.11 (Version: 2.6.11)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.135)
Graphics Filters (Version: 1.0.0.0)
GTK2-Runtime (Version: 2.24.8-2011-12-03-ash)
Help Center (Version: 2.00n)
Help for Visio 2000 (HTML Help) (Version: 1.0.0.0)
Help_Technical (Version: 1.0.0.0)
hpg4850 (Version: 5.0.0.0)
hpg4850 (Version: 7.0.0.0)
hpg4850QFolder (Version: 1.00.0000)
Inkscape 0.48.0 (Version: 0.48.0)
InstantShareDevices (Version: 70.0.170.000)
Intel PROSet Wireless
Intel® Network Connections Drivers (Version: 14.5)
Intel® PROSet/Wireless WiFi Software (Version: 14.00.1000)
InterActual Player
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1294)
InterVideo WinDVD Creator 3 (Version: 3.0.01.231)
IrfanView (remove only) (Version: 4.30)
Itibiti RTC (Version: 0.0.1)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.0.2.4)
Legacy 7.5 (Version: 7.5 )
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23)
LibreOffice 3.5 (Version: 3.5.4.2)
LibreOffice 3.5 Help Pack (English) (Version: 3.5.4.2)
Lizardtech DjVu Control
Lizardtech Express View Browser Plug-in
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Maps (Version: 1.0.0.0)
Maps Help (Version: 1.0.0.0)
MarketResearch (Version: 82.0.174.000)
Mechanical Engineering (Version: 1.0.0.0)
Mechanical Engineering Help (Version: 1.0.0.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2000 SR-1 Disc 2 (Version: 9.00.9327)
Microsoft Office 2000 SR-1 Small Business (Version: 9.00.9327)
Microsoft Office 2000 Web Archive Add-On (Version: 1.0.0.0)
Microsoft Repository (Version: 6.0.0.1)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio Service Pack 3 (Version: 6.0.0.1)
Microsoft XML Parser (Version: 8.70.1104.04)
Mobile Broadband Drivers (Version: 2.01.07.10)
Move Media Player
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
mProSafe (Version: 9.00.0000)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
MSXML 6.0 SDK (Version: 6.00.3883.8)
mWlsSafe (Version: 9.00.0000)
Network (Version: 140.0.215.000)
Network Diagrams (Version: 1.0.0.0)
Network Diagrams Help (Version: 1.0.0.0)
Nikon Message Center (Version: 0.91.000)
NikonCapture (Version: 4.0)
Office Layout (Version: 1.0.0.0)
Office Layout Help (Version: 1.0.0.0)
Opera 12.14 (Version: 12.14.1738)
Opera 9.51 (Version: 9.51)
Organization Charts (Version: 1.0.0.0)
Organization Charts Help (Version: 1.0.0.0)
Page Layout Wizard (Version: 1.0.0.0)
PictureProject (Version: 1.0)
Process Engineering (Version: 1.0.0.0)
Process Engineering Help (Version: 1.0.0.0)
Program Files (Version: 06.00.0000)
Program Files Help (Version: 1.0.0.0)
Program Files Technical (Version: 1.0.0.0)
Project Schedules (Version: 1.0.0.0)
Project Schedules Help (Version: 1.0.0.0)
Property Reporting Wizard (Version: 1.0.0.0)
QuickBooks Premier: Accountant Edition 2006 (Version: )
QuickTime (Version: 7.71.80.42)
RandMap (Version: 70.0.170.000)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
RecordNow Audio (Version: 2.0.4)
RecordNow Copy (Version: 2.0.4)
RecordNow Data (Version: 2.0.4)
Release Notes (Version: 1.0.0.0)
Rescue and Recovery (Version: 4.23.0017.00)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (Version: 3.54.02)
Save as HTML (Version: 1.0.0.0)
Scan (Version: 8.1.0.0)
Secunia PSI (2.0.0.3003)
Shape Explorer (Version: 1.0.0.0)
Shape Explorer Help (Version: 1.0.0.0)
ShareIns (Version: 1.00.0000)
SlideShow (Version: 70.0.170.000)
Software Version Updater (Version: 1.1.3.6)
Solutions (Version: 1.0.0.0)
Sonic DLA (Version: 5.2.0)
Sonic Icons for Lenovo (Version: 1.0.2)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 70.0.170.000)
SoundMAX (Version: 5.10.01.5710)
Spelling (Version: 1.0.0.0)
Status (Version: 82.0.173.000)
swMSM (Version: 12.0.0.1)
System Migration Assistant (Version: 5.20.0039)
System Requirements Lab for Intel (Version: 4.4.24.0)
System Update (Version: 3.15.0017)
ThinkPad EasyEject Utility (Version: 2.39)
ThinkPad Keyboard Customizer Utility (Version: 1.3.53.0)
ThinkPad Power Manager (Version: 1.99a)
ThinkPad UltraNav Driver (Version: 15.0.18.0)
ThinkPad UltraNav Utility (Version: 2.11)
ThinkVantage Active Protection System (Version: 1.74)
ThinkVantage Technologies Welcome Message (Version: 1.18)
Toolbox (Version: 82.0.173.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
User Profile Hive Cleanup Service (Version: 1.6.30)
VBA (Version: 6.01.00.1234)
VC 9.0 Runtime (Version: 1.0.0)
Visio (Version: 1.0.0.0)
Visio 2000 (Version: 6.0.0.1)
Visio Core Files (Version: 06.00.0000)
Visio Technical Core Files (Version: 06.00.0000)
Wallpapers
WebFldrs XP (Version: 9.50.7523)
Windows Defender (Version: 1.1.1593.21)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Management Framework Core
Windows Presentation Foundation (Version: 3.0.6920.0)
XP Themes (Version: 1.00.0000)
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 2014.21 MB
Available physical RAM: 1207.45 MB
Total Pagefile: 3905.64 MB
Available Pagefile: 2942.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.45 MB

========================= Partitions: =====================================

1 Drive c: (Preload) (Fixed) (Total:87.59 GB) (Free:44.79 GB) NTFS

========================= Users: ========================================

User accounts for \\LENOVO-D19D7B6B

Administrator ASPNET Guest
HelpAssistant JE SUPPORT_388945a0


**** End of log ****

 

 

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

 

 

 

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 09:57:10
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : JE - LENOVO-D19D7B6B
# Boot Mode : Normal
# Running from : C:\Documents and Settings\JE\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\JE\Application Data\Mozilla\Firefox\Profiles\qsadtkg1.default\Conduit
Folder Deleted : C:\Documents and Settings\JE\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\JE\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Crawler
Folder Deleted : C:\Program Files\Trymedia

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272810
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN35876030161139282&ctid=CT3272810 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\JE\Application Data\Mozilla\Firefox\Profiles\qsadtkg1.default\prefs.js

Deleted : user_pref("CT2611275.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2611275.EMailNotifierPollDate", "Mon Jul 05 2010 20:41:11 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2611275.FirstTimeFF3", true);
Deleted : user_pref("CT2611275.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2611275.Initialize", true);
Deleted : user_pref("CT2611275.InitializeCommonPrefs", true);
Deleted : user_pref("CT2611275.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2611275.InstalledDate", "Mon Jul 05 2010 20:40:50 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2611275.IsGrouping", false);
Deleted : user_pref("CT2611275.IsMulticommunity", false);
Deleted : user_pref("CT2611275.IsOpenThankYouPage", false);
Deleted : user_pref("CT2611275.IsOpenUninstallPage", true);
Deleted : user_pref("CT2611275.LanguagePackLastCheckTime", "Mon Jul 05 2010 20:40:50 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2611275.Locale", "en");
Deleted : user_pref("CT2611275.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2611275.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2611275.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2611275.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2611275.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2611275.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2611275.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2611275.SettingsLastCheckTime", "Mon Jul 05 2010 20:40:50 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2611275.SettingsLastUpdate", "1277320599");
Deleted : user_pref("CT2611275.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2611275.ThirdPartyComponentsLastCheck", "Sun Jul 04 2010 17:36:47 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2611275.ThirdPartyComponentsLastUpdate", "1277320599");
Deleted : user_pref("CT2611275.Uninstall", true);
Deleted : user_pref("CT2611275.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2611275.alertChannelId", "1004080");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2611275");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jul 05 2010 20:41:10 GMT-0400 (Eas[...]

-\\ Opera v12.14.1738.0

File : C:\Documents and Settings\JE\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6053 octets] - [13/03/2013 09:57:10]

########## EOF - C:\AdwCleaner[S1].txt - [6113 octets] ##########

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

 

 

Eset Online Scanner found no threats.

 

 

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:47 AM

Posted 13 March 2013 - 06:42 PM

Looks good now. How is it runing?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 DumbBunny

DumbBunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 AM

Posted 14 March 2013 - 09:04 PM

No bog-downs as yet.

 

1. What should I do about the Amonetizer Updater.exe file that remains in the Temp folder? According to it's "Properties", it's still being "accessed" somehow to.......somewhere?. If I just delete the file as it sits there, will that eliminate the accessing pathway? Or does "Properties" automatically detect me looking at it as "accessing"? (I wish I understood all this stuff!)

 

2. So, where all those deletes by AdwCleaner related to the Amonetizer spyware or were they a variety malware that I stupidly picked up along the way?

 

3. When this is all over, should I delete the software you advised me to load or should I keep it to run periodically?

 

Thank you, DumbBunny


Edited by DumbBunny, 14 March 2013 - 09:07 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:47 AM

Posted 14 March 2013 - 09:40 PM

Hi

For item 1

  let's run TFC

Please download TFC[/b] (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link

  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

 

 

Item 2

A couple were but most were your fault :)

Be careful when you install apps.. do not install the toolbars or extras they most times have added.

 

Item 3

Most didn't install.

they are good to run periodically,but need to be re downloaded as thats how you get the latest version.

 

 

 

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:


? Avoid gaming sites, pirated software, cracking tools, [url="http://wiki.answers.com/Q/What_is_a_keygen"]keygens[/url], and peer-to-peer[/b] (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

? Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 DumbBunny

DumbBunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 AM

Posted 15 March 2013 - 11:42 PM

Will do on Saturday.

 

* I only play Gem Drop on Yahoo! Games as a diversion when I want mindless repetition when I need to think. I assumed it was safe, but I guess not. Goodbye, Gem Drop.

 

* Pirated software is illegal! I don't even violate copyright law.

 

* I have downloaded programs from what I thought was a safe site, CNet, but maybe not??? I also have downloaded open source software like Scribus, LibreOffice, GIMP, but I guess someone can insert nasty coding into the programs to distribute before one of the other programmers notice it. I also have the usual free programs like Adobe Reader, Quicktime, and RealPlayer. 

 

* I use mostly Opera and FireFox browsers. Firefox has various extensions which I no longer download because I could never find a way to delete them if I didn't want them.

 

I'm sure that there are others who have far riskier behavior, but I am still chagrined that this spy stuff jumped aboard my computer. I vow to be be a more careful computator. [hand is over heart]



#11 DumbBunny

DumbBunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 AM

Posted 17 March 2013 - 12:32 PM

Hello, boopme, Computer Hero:

 

I did what you asked in your last message. It wasn't complicated at all and went very fast. Following it all, I even defragmented my computer - that took only 25 minutes, a new land speed record! My computer nows starts up much more quickly, too. I think I even detect that "new keyboard" scent!

 

I've read your recommended links. Many do not apply, but of those that do, I will heed your warnings.

 

A few follow-up questions:

 

1. Fortunately, this hasn't happened to me, but in the mailing lists I belong to (genealogy & history-related), the incidence of high-jacked e-mail accounts is growing where the victims' computer starts sending out spam messages to everyone in the e-mail account's contact list. The list administrators always tell the victims to change their passwords. Is this sufficient? Isn't whatever malware caused the problem in the first place still lingering on the computer?

 

2. About 1-1/2 years ago, when I was searching for Thomas Jefferson quotes, as soon as I clicked on a site that was supposedly about famous quotes, I was attacked by either "Smart Security" or "Security Defender" (don't remember which). I ran MalwareBytes, which cured it. In the next few months, I noticed that my computer was unable to load Windows updates that contain "Microsoft .Net Framework" somewhere in the title, or update java, or install the program for my no-longer-new printer. I have intermittently taken off days since to try to find online recommendations that will work, but to no avail. I wonder if that infection could have caused some kind of damage to a key bit of something or other? Where should I ask about this - in the Windows XP forum?

 

3. Just recently, my external hard drive fainted and hasn't unfainted. I see where there's an External Hardware forum that helps with this very problem. Should I pursue the updating problem first before trying to resuscitate the external hard drive? 

 

Thank you for all your help. I am truly appreciative, DumbBunny



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:47 AM

Posted 17 March 2013 - 07:50 PM

Great this is what we were after>> that "new keyboard" scent! :hysterical: 
 
Item 1 is not necessarily malware and usually not ..Here's a good read on it Someone's sending from my email address
 
 
Item 2 Its possible that some files were infected and deleted that were needed. In the future if given a choice always quarantine before delete. A qyuarantined file cannot harm the PC and if you see that it is needed we can clean it or replace it.


That said run SFC and see if it fixes them first.
 

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system  CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click  File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.



 
Item 3 should be addressed in the External Hardware forum. You can ask there now.


Edited by boopme, 17 March 2013 - 07:57 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 DumbBunny

DumbBunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 AM

Posted 22 March 2013 - 02:33 AM

boopme, 

 

I'm afraid that I have to bow out of this conversation as I cannot find my computer's CD. It's about 6-7 years old and I've moved twice since I bought it. I looked through some unpacked boxed, but no soap. There may be more boxes in a loft above my husband's work working shop, but I don't know when I'll be able to get to them. 

 

Thanks for your help. 


Edited by DumbBunny, 22 March 2013 - 02:34 AM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:47 AM

Posted 22 March 2013 - 09:58 AM

Thanks for the update.. This topic will stay open should you find it.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 CGSeever

CGSeever

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 02 April 2014 - 06:51 PM

HI boopme... Your original reply seems to have lost the MiniToolBox link.  Is there an update?

Hello and welcome..(.)

Did MBAM rmove those findings?

Let's look further.

 

MiniToolBox
Please download , save it to your desktop and run it.Checkmark the following checkboxes:  ...

 

 

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users