Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran malwarebytes and several PUP.tidynetwork files appear, Should I remove these


  • Please log in to reply
25 replies to this topic

#1 Snow731

Snow731

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 15 March 2013 - 11:45 PM

My computer has been acting weird. One time I tried opening google chrome from the desktop shortcut and it shows that there was no file linked to it. And when I tried opening start programs it shows that its empty. And when I try to restart from the start menu option theres no option to restart just log off.  So I have to manually shut the computer down and restart and it works fine. 

 

The only thing I've recently downloaded is open office and deleted this annoying extension that appeared on google chrome that may have been dl along with it. 

 

So I ran malwarebytes and it found several items that are labeled PUP.tidyNetwork which I think was that annoying extension thing and some PUP.software.updater. It wasn't originally selected to be removed so I want to make sure its ok to remove these items. 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 16 March 2013 - 10:29 AM

Hello, a PUP is a Potentially Unwanted Program....so it probably can go.

 

The other items sound like mlware and with this type DO NOT run a Temp File or Registry cleaner.

 

Lets see if the items come back.

 

Please download the following program to your desktop:

http://download.bleepingcomputer.com/grinler/unhide.exe"]Unhide.exe[/url]

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.

 

 

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.

Do not reboot the computer, you will need to run the application again.


>>>>>

 

Now Re run MBAM and post that log.

 

 

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Snow731

Snow731
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 March 2013 - 01:19 AM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.16.03
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOMEPC [administrator]
 
3/17/2013 10:16:26 PM
mbam-log-2013-03-17 (22-16-26).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258632
Time elapsed: 2 hour(s), 13 minute(s), 30 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 18 March 2013 - 10:21 AM

Sorry bad link... UnHiide


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Snow731

Snow731
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 March 2013 - 11:23 AM

what do you mean ?



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 18 March 2013 - 12:11 PM

From the earlier post... the unhide link did not post well.

Please download the following program to your desktop:

http://download.bleepingcomputer.com/grinler/unhide.exe"]Unhide.exe[/url]

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Snow731

Snow731
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 20 March 2013 - 12:35 PM

forgive me for being cautious, but how do I know you are a reliable source to help me with my computer problems? your profile says you are 9 years old. 



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 20 March 2013 - 02:26 PM

LOL,, I am 9 years here at BC.. I posted the year I joined.. I am A Global Moderator !! Have 53,000 + posts

Here's my content

http://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=user_activity&mid=2608


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:50 AM

Posted 20 March 2013 - 02:33 PM

:hysterical: Could not control my laugh


Edited by narenxp, 20 March 2013 - 02:34 PM.


#10 Snow731

Snow731
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 20 March 2013 - 04:51 PM

ok, sorry I was just checking since anyone can post. 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 20 March 2013 - 08:14 PM

Not a problem... better safe than sorry and you are new here.

If you would run the Minitoolbox and this we should be able to see if your good to go.

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Snow731

Snow731
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 20 March 2013 - 11:19 PM

MiniToolBox by Farbar  Version:05-03-2013
Ran by Owner (administrator) on 20-03-2013 at 23:19:12
Running from "C:\Documents and Settings\Owner\Desktop\Computer Check"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : homepc
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Hybrid
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
 
        Physical Address. . . . . . . . . : 00-13-20-16-0E-DC
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.3
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
        Lease Obtained. . . . . . . . . . : Wednesday, March 20, 2013 3:18:28 PM
 
        Lease Expires . . . . . . . . . . : Thursday, March 21, 2013 3:18:28 PM
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  74.125.227.69, 74.125.227.70, 74.125.227.71, 74.125.227.72
 74.125.227.73, 74.125.227.78, 74.125.227.64, 74.125.227.65, 74.125.227.66
 74.125.227.67, 74.125.227.68
 
 
 
Pinging google.com [74.125.227.103] with 32 bytes of data:
 
 
 
Reply from 74.125.227.103: bytes=32 time=23ms TTL=53
 
Reply from 74.125.227.103: bytes=32 time=24ms TTL=53
 
 
 
Ping statistics for 74.125.227.103:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 23ms, Maximum = 24ms, Average = 23ms
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45
 
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
 
 
 
Reply from 98.138.253.109: bytes=32 time=269ms TTL=49
 
Reply from 98.138.253.109: bytes=32 time=323ms TTL=49
 
 
 
Ping statistics for 98.138.253.109:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 269ms, Maximum = 323ms, Average = 296ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 16 0e dc ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.3  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0      192.168.1.3     192.168.1.3  20
      192.168.1.3  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255      192.168.1.3     192.168.1.3  20
        224.0.0.0        240.0.0.0      192.168.1.3     192.168.1.3  20
  255.255.255.255  255.255.255.255      192.168.1.3     192.168.1.3  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/18/2013 00:59:42 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=25.0.1364.172;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\14c9db5d-7347-44d6-979d-ae603c5207e8.dmp
 
Error: (03/18/2013 00:49:40 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=25.0.1364.172;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\9900f2ae-7f0b-4917-b14d-bb7d64b4ffec.dmp
 
Error: (03/17/2013 04:11:13 PM) (Source: Application Error) (User: )
Description: Fault bucket 06031848.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (03/17/2013 04:11:07 PM) (Source: Application Error) (User: )
Description: Faulting application winword.exe, version 9.0.0.3822, faulting module winword.exe, version 9.0.0.3822, fault address 0x00166dc4.
Processing media-specific event for [winword.exe!ws!]
 
Error: (03/13/2013 00:57:21 PM) (Source: Application Hang) (User: )
Description: Fault bucket -847011118.
 
Error: (03/13/2013 00:57:19 PM) (Source: Application Hang) (User: )
Description: Fault bucket -847011118.
 
Error: (03/13/2013 00:54:43 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 25.0.1364.152, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/13/2013 00:54:42 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 25.0.1364.152, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/08/2013 08:19:16 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19400, fault address 0x0017c166.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (03/08/2013 08:18:49 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19400, fault address 0x0017c166.
Processing media-specific event for [iexplore.exe!ws!]
 
 
System errors:
=============
Error: (03/20/2013 03:19:26 AM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service failed to start due to the following error: 
%%1053
 
Error: (03/20/2013 03:19:26 AM) (Source: Service Control Manager) (User: )
Description: Timeout (120000 milliseconds) waiting for the NETGEARGenieDaemon service to connect.
 
Error: (03/19/2013 10:29:57 PM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service failed to start due to the following error: 
%%1053
 
Error: (03/19/2013 10:29:57 PM) (Source: Service Control Manager) (User: )
Description: Timeout (120000 milliseconds) waiting for the NETGEARGenieDaemon service to connect.
 
Error: (03/18/2013 01:08:13 AM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service failed to start due to the following error: 
%%1053
 
Error: (03/18/2013 01:08:13 AM) (Source: Service Control Manager) (User: )
Description: Timeout (120000 milliseconds) waiting for the NETGEARGenieDaemon service to connect.
 
Error: (03/18/2013 01:07:37 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
 
Signatures Attempted: %24
 
Error Code: 0x80070003
 
Error description: The system cannot find the path specified. 
 
Signature version: 0.0.0.0;0.0.0.0
 
Engine version: %600
 
Error: (03/16/2013 07:49:16 AM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service failed to start due to the following error: 
%%1053
 
Error: (03/16/2013 07:49:16 AM) (Source: Service Control Manager) (User: )
Description: Timeout (120000 milliseconds) waiting for the NETGEARGenieDaemon service to connect.
 
Error: (03/15/2013 11:49:42 PM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (03/18/2013 00:59:42 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=25.0.1364.172;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\14c9db5d-7347-44d6-979d-ae603c5207e8.dmp
 
Error: (03/18/2013 00:49:40 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=25.0.1364.172;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\9900f2ae-7f0b-4917-b14d-bb7d64b4ffec.dmp
 
Error: (03/17/2013 04:11:13 PM) (Source: Application Error)(User: )
Description: 06031848
 
Error: (03/17/2013 04:11:07 PM) (Source: Application Error)(User: )
Description: winword.exe9.0.0.3822winword.exe9.0.0.382200166dc4
 
Error: (03/13/2013 00:57:21 PM) (Source: Application Hang)(User: )
Description: -847011118
 
Error: (03/13/2013 00:57:19 PM) (Source: Application Hang)(User: )
Description: -847011118
 
Error: (03/13/2013 00:54:43 PM) (Source: Application Hang)(User: )
Description: chrome.exe25.0.1364.152hungapp0.0.0.000000000
 
Error: (03/13/2013 00:54:42 PM) (Source: Application Hang)(User: )
Description: chrome.exe25.0.1364.152hungapp0.0.0.000000000
 
Error: (03/08/2013 08:19:16 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.194000017c166
 
Error: (03/08/2013 08:18:49 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.194000017c166
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.2.2.28500)
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Ask Toolbar (Version: 1.15.15.0)
Ask Toolbar Updater (Version: 1.2.4.36191)
Canon Camera Access Library (Version: 8.5.0.2)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.9.0.9)
Canon MOV Decoder (Version: 1.8.0.7)
Canon MOV Encoder (Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4)
Canon Utilities CameraWindow DC 8 (Version: 8.4.0.3)
Canon Utilities CameraWindow Launcher (Version: 7.5.0.2)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7)
Canon Utilities MyCamera (Version: 7.4.0.2)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9)
CCleaner (Version: 3.26)
Citrix Authentication Manager (Version: 3.0.0.47031)
Citrix Receiver (HDX Flash Redirection) (Version: 13.3.0.55)
Citrix Receiver (Version: 13.3.0.55)
Citrix Receiver Inside (Version: 3.3.0.17208)
Citrix Receiver Updater (Version: 3.3.0.17207)
Citrix Receiver(Aero) (Version: 13.3.0.55)
Citrix Receiver(DV) (Version: 13.3.0.55)
Citrix Receiver(USB) (Version: 13.3.0.55)
Coupon Printer for Windows (Version: 5.0.0.2)
File Type Assistant
Free File Viewer 2012 (Version: 2012.10.9.0)
Freeze.com NetAssistant (Version: 3.8.3)
Google Chrome (Version: 25.0.1364.172)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
GoToMeeting 5.4.0.1082 (Version: 5.4.0.1082)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Java 7 Update 10 (Version: 7.0.100)
Java Auto Updater (Version: 2.1.9.0)
Juniper Networks Host Checker (Version: 7.1.10.21187)
Juniper Networks Secure Application Manager (Version: 7.1.10.21187)
Juniper Networks, Inc. Setup Client (Version: 7.1.10.21853)
Juniper Networks, Inc. Setup Client Activex Control (Version: 2.1.1.1)
magicJack (Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Memeo Instant Backup (Version: 4.60.0.7923)
Memorex 6136 U Scanner Driver
MGI PhotoSuite III SE (Remove Only)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Excel 97
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2000 SR-1 (Version: 9.00.3821)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
NetAssistant (Version: 3.8.3)
NETGEAR Genie (Version: 2.2.26.50 )
Online Plug-in (Version: 13.3.0.55)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PDF Settings CS6 (Version: 11.0)
Revo Uninstaller 1.94 (Version: 1.94)
Seagate Dashboard (Version: 1.1.0.1421)
Search Protect by conduit (Version: 1.4.1.12)
Skype™ 5.10 (Version: 5.10.116)
Smilebox (Version: 1.1.1.1)
SoundMAX (Version: 5.12.01.5246)
Spybot - Search & Destroy (Version: 1.6.2)
TextBridge Pro 8.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 2.0.5 (Version: 2.0.5)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
 
========================= Memory info: ===================================
 
Percentage of memory in use: 55%
Total physical RAM: 2045.98 MB
Available physical RAM: 917.82 MB
Total Pagefile: 3942.69 MB
Available Pagefile: 2978.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.29 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:74.5 GB) (Free:32.99 GB) NTFS
3 Drive e: () (Removable) (Total:3.81 GB) (Free:2.96 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\HOMEPC
 
Administrator            Guest                    HelpAssistant            
Owner                    SUPPORT_388945a0         
 
 
**** End of log ****


#13 Snow731

Snow731
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 20 March 2013 - 11:33 PM

# AdwCleaner v2.115 - Logfile created 03/20/2013 at 23:21:14
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - HOMEPC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner (1).exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : CltMngSvc
 
***** [Files / Folders] *****
 
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\END
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BasicSeek
Folder Deleted : C:\Documents and Settings\Owner\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Owner\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\BasicSeek
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Freeze.com
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\BasicSeek
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vid-Saver
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\Software\SearchProtect
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN41776443568957204&UM=UM_ID&UP=SP20C5F443-DC4B-4685-8428-1A5359B05F4A --> hxxp://www.google.com
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [6194 octets] - [07/01/2013 00:43:28]
AdwCleaner[S2].txt - [9420 octets] - [20/03/2013 23:21:14]
 
########## EOF - C:\AdwCleaner[S2].txt - [9480 octets] ##########


#14 Snow731

Snow731
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 20 March 2013 - 11:48 PM

I should mention that when the computer restarted it asked which operating system I wanted to run. Yesterday it was taking awhile to open Google Chrome so I would click start program to check if it was doing the empty thing but it kept freezing and then I'd get an error message, several times. So I was able to restart the computer and when it did it showed the "which operating system I wanted to run" and then automatically ran Spybot before loading the main desktop



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 21 March 2013 - 01:46 PM

You only have one OS installed correct and it was not an upgrade???

 

Some issues could be from the Registry changes removing malware and some may have been spybot.. Reboot again to settle the registry. :et's look a bit further too.

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.

 

 

 


Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users