Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

password soft,conduit,rapiddown and iminent infection


  • Please log in to reply
20 replies to this topic

#1 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:02:09 AM

Posted 23 March 2014 - 04:20 PM

Hello I recently let someone use my computer and they downloaded avs player but along with it came a bunch of crapware after they visited the site that it came from, I have a windows 8 Lenovo 64 bit computer and this is the first time i have ever had any infections as i am careful about where i visit and what i download. I ran a scan with mbam , jrt  and hitman pro. hitman pro found an old toolbar which i removed and that was it. mbam found 80 infections from 5 PUPs and removed them. I will post the logs here. 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.23.09
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
Jody :: ZEN [administrator]
 
3/23/2014 2:24:59 PM
mbam-log-2014-03-23 (14-24-59).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 404779
Time elapsed: 1 hour(s), 4 minute(s), 47 second(s)
 
Memory Processes Detected: 3
C:\Program Files (x86)\Common Files\Umbrella\Umbrella221.exe (PUP.Optional.Iminent) -> 6064 -> Delete on reboot.
C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe (PUP.Optional.ViewPassWord.A) -> 4800 -> Delete on reboot.
C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe (PUP.Optional.ViewPassword.A) -> 3440 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 31
HKLM\SYSTEM\CurrentControlSet\Services\SProtection (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
HKCR\iminent.iminentHlpr.1 (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
HKCR\iminent.iminentHlpr (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
HKCR\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\iminent.iminentdskBnd.1 (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\iminent.iminentdskBnd (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\IminentWebBooster.ScriptExtender.1 (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\IminentWebBooster.ScriptExtender (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\IminentWebBooster.BrowserHelperObject.1 (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\IminentWebBooster.BrowserHelperObject (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VIEWPASSWORD (PUP.Optional.ViewPassWord.A) -> Quarantined and deleted successfully.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7be123ef-e0bf-4450-9455-dfee5f483368 (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 6
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Data: Iminent Toolbar -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{84FF7BD6-B47F-46F8-9130-01B2696B36CB} (PUP.Optional.Iminent.A) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} (PUP.Optional.Iminent.A) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Data:  -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\ViewPassword|ImagePath (PUP.Optional.ViewPassWord.A) -> Data: C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) Good: () -> Quarantined and repaired successfully.
 
Folders Detected: 2
C:\Users\Jody\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\View-Password-soft (PUP.Optional.ViewPassword.A) -> Delete on reboot.
 
Files Detected: 37
C:\Program Files (x86)\Common Files\Umbrella\Umbrella221.exe (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IminentToolbar\1.8.28.3\bh\iminent.dll (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IminentToolbar\1.8.28.3\iminentTlbr.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\062VRCXX\IminentMinibarIE[1].exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WH649BK\IMinentToolbar[1].exe (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WH649BK\metro[1].exe (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXCQXV7P\MinibarFirefox[1].exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\IminentUninstall.exe18fbeb (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\nsaF99E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\nsl8EBB.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\nsvC279.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\Umbrella221.exe18fc77 (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\uninstall.exe18fbfa (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\n180\s180.exe (PUP.Optional.Rapiddown) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\n9461\s9461.exe (PUP.Optional.Rapiddown) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\n9461\searchprotect_2111-1a12a8ce.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\n9775\Iminent_1712-b2fcad5e.exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\n9775\s9775.exe (PUP.Optional.Rapiddown) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\nsl2500\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Jody\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Jody\Downloads\AVS_Media_Player.exe (PUP.Optional.AppsInstall) -> Quarantined and deleted successfully.
C:\Windows\Tasks\View Password Update.job (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\View Password_wd.job (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe (PUP.Optional.ViewPassWord.A) -> Delete on reboot.
C:\Program Files (x86)\View-Password-soft\157.dat (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\View-Password-soft\157.xpi (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\View-Password-soft\a.db (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\View-Password-soft\b.db (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\View-Password-soft\Sqlite3.dll (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\View-Password-soft\Uninstall.exe (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\View-Password-soft\View-.exe (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\View-Password-soft\ViewPassword157.bin (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\View-Password-soft\ViewPassword157.ini (PUP.Optional.ViewPassword.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe (PUP.Optional.ViewPassword.A) -> Delete on reboot.
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Jody on Sun 03/23/2014 at 15:49:47.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
 
    Value Name          Type                             Value Data                     
========================================================================================
    Pokki    REG_EXPAND_SZ    C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Jody\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Jody\documents\optimizer pro"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/23/2014 at 15:55:30.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 AM

Posted 23 March 2014 - 04:43 PM


In many cases these issues are the result of unwanted toolbars, add-ons/plug-ins, and browser extensions which come bundled with other free software you download. They can often be the source of various issues and problems to include Adware, pop-up ads browser hijacking which may change your home page and search engine, and user profile corruption. As such many of them are classified as Potentially Unwanted Programs (PUPs).

Some toolbars and Add-ons can be removed from within its program group Uninstall shortcut in Start Menu > All Programs or by using Add/Remove Programs or Programs and Features in Control Panel, so always check there first.

Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo will do a more thorough job of searching for and removing related registry entries, files and folders.

Note: Some programs can be difficult to remove if their services and running processes are not disabled or turned off prior to attempting removal because they are in use. As such, it is easier to uninstall after booting into safe mode so there are less processes which can interfere with uninstalling the program.

Remove anything else (newly installed programs) you do not recognize.

If the program is not listed in Add/Remove or Programs and Features, and there is no uninstaller in the program's folder, the next place to check is your browser extensions and add-ons/plug-ins.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 AM

Posted 23 March 2014 - 04:45 PM

After doing the above...continue as follows:

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


3. Rescan again with Malwarebytes Anti-Malware and post the log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:02:09 AM

Posted 23 March 2014 - 04:50 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/23/2014 04:48:16 PM in x64 mode.
Windows Version: Windows 8 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\jmesoft\Service.exe (PID: 1096) [WD-HEUR]
 * C:\Windows\jmesoft\hotkey.exe (PID: 3340) [WD-HEUR]
 * C:\Windows\jmesoft\JME_LOAD.exe (PID: 3440) [WD-HEUR]
 
3 proccesses terminated!
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\Jody\Desktop\rkill\rkill-03-23-2014-04-48-23.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 03/23/2014 04:49:23 PM
Execution time: 0 hours(s), 1 minute(s), and 6 seconds(s)
 
rkill done working on adwcleaner right now. posting log shortly


#5 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:02:09 AM

Posted 23 March 2014 - 04:55 PM

# AdwCleaner v3.022 - Report created 23/03/2014 at 16:51:49
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Jody - ZEN
# Running from : C:\Users\Jody\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\windows\System32\roboot64.exe
Folder Found C:\Users\Jody\AppData\Local\Pokki
Folder Found C:\Users\Jody\AppData\LocalLow\IminentToolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\Pokki
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\Software\systweak
Key Found : [x64] HKLM\SOFTWARE\Iminent
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16843
 
 
*************************
 
AdwCleaner[R0].txt - [1623 octets] - [23/03/2014 15:59:18]
AdwCleaner[R1].txt - [1535 octets] - [23/03/2014 16:51:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1595 octets] ##########
 
one issue i need pokki as its my built in start menu and unsure which boxes to uncheck will start adwcleaner again after i find out which keys i can keep that are pokki and what ones are not.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 AM

Posted 23 March 2014 - 04:59 PM

Rescan again with Malwarebytes Anti-Malware and post the log....then do this.

 

 

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
 

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:02:09 AM

Posted 23 March 2014 - 05:50 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.23.09
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
Jody :: ZEN [administrator]
 
3/23/2014 5:40:10 PM
mbam-log-2014-03-23 (17-40-10).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231849
Time elapsed: 7 minute(s), 35 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 AM

Posted 23 March 2014 - 06:04 PM

Looking good.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:02:09 AM

Posted 23 March 2014 - 06:27 PM

eset coming up soon. seems to be taking its time checking over 1 file. found 2 threats from earlier.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 AM

Posted 23 March 2014 - 06:34 PM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:02:09 AM

Posted 23 March 2014 - 07:13 PM

C:\Users\Jody\AppData\Local\Temp\{AAFF7EA5-F355-43DA-93A1-FC726675A06F}\setup.exe multiple threats cleaned by deleting - quarantined
C:\Users\Jody\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined


#12 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:02:09 AM

Posted 23 March 2014 - 07:17 PM

false alarm because ccleaner is not a virus or even considered a pup is it?



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 AM

Posted 23 March 2014 - 07:19 PM

How is your computer running now? Are there any more signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 AM

Posted 23 March 2014 - 07:31 PM

CCleaner itself is ok but the full installer version (ccsetup411.exe) is bundled with either the Google or Yahoo Toolbar Toolbar...hence the PUP detection "Win32/Bundled.Toolbar.Google.D"

I use the portable toolbar free version (ccsetup411.zip) found on this page.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Dragonlady24

Dragonlady24
  • Topic Starter

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:02:09 AM

Posted 23 March 2014 - 09:03 PM

thanks for the info. oddly enough i haven't got any toolbars with this one though. no signs of infection to be found. glad all those pups are gone. they were rather annoying. reason why i always read carefully or try to know exactly what im downloading.


Edited by Dragonlady24, 23 March 2014 - 09:04 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users