Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

4 rundll32.exe running, McAfee blocking malicious sites


  • Please log in to reply
13 replies to this topic

#1 thklein

thklein

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 29 June 2014 - 08:24 AM

My McAfee Virus Software is showing messages that it is blocking access to malicious sites when the computer is idle.  Task manager shows 4 instances of rundll32.exe running.  2 of them indicate they are in the appropriate folder and appear legitimate.  The other two show no information under the command line or description columns.  Those columns are just blank.  I am running WIndows 7.  Any help would be appreciated.



BC AdBot (Login to Remove)

 


#2 old rocker

old rocker

  • Members
  • 451 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Tennessee
  • Local time:06:43 AM

Posted 29 June 2014 - 09:17 AM

Use Process Explorer to aid you in determining good and bad. The latest version is V16.02 Available here

 

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx



#3 buddy215

buddy215

  • BC Advisor
  • 12,996 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:43 AM

Posted 29 June 2014 - 10:51 AM

Run a full scan using MBAM using the instructions here: How to use Malwarebytes Anti-Malware to scan and remove malware from your computer

Once the scan is completed and you have rebooted, post the log showing what MBAM found and removed.

 

  • Run the ESET Online Scanner.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#4 thklein

thklein
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 29 June 2014 - 12:31 PM

Here is the Malware Bytes log.  I will do the other steps now.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/29/2014
Scan Time: 12:09:40 PM
Logfile: Malware bytes log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.29.07
Rootkit Database: v2014.06.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Klein
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291395
Time Elapsed: 16 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#5 buddy215

buddy215

  • BC Advisor
  • 12,996 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:43 AM

Posted 29 June 2014 - 01:31 PM

I noticed that the rootkit scan was unchecked. Put a checkmark to allow the scan for rootkits and rescan with MBAM.

 

From the web:  Malwarebytes Anti-Rootkit and Malwarebytes Chameleon are now integrated with Anti-Malware. They’re turned off by default, but can be quickly enabled from Settings menu. To do this click on Detection and Protection, check “Scan for rootkits“, then click “Advanced Settings” and check “Enable self-protection module“).


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 thklein

thklein
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 29 June 2014 - 07:18 PM

Here is the ESET log.  I will run the Malware Bytes again now:

 

C:\Program Files (x86)\NCH Software\Disketch\disketch.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Disketch\disketchsetup_v3.04.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Klein\AppData\Local\Temp\is357113909\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\Users\Klein\AppData\Local\Temp\nsi5448.tmp\babylon.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application deleted - quarantined
C:\Users\Klein\AppData\Roaming\Zip Opener Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\Users\Klein\Downloads\disketchsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Klein\Downloads\Setup_ODM(2).exe a variant of Win32/Packed.VMDetector.G potentially unwanted application deleted - quarantined
C:\Users\Klein\Downloads\WinZip170(1).exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Users\Klein\Downloads\WinZip170.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined


#7 thklein

thklein
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 29 June 2014 - 07:28 PM

Process Explorer gives no additional data about the two rundll32.exe processses, but when I scroll over them I get a message saying "Path: Error Opening Process"  Second Malware Bytes scan running now.



#8 thklein

thklein
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 29 June 2014 - 08:25 PM

New Malware Bytes log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/29/2014
Scan Time: 7:20:31 PM
Logfile: malware bytes 2.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.29.09
Rootkit Database: v2014.06.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Klein
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292760
Time Elapsed: 19 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 buddy215

buddy215

  • BC Advisor
  • 12,996 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:43 AM

Posted 29 June 2014 - 08:43 PM

So far only some crapware aka adware aka PUP (potentially unwanted program)

 

There is probably more. The two programs below are very good at finding and removing adware...PUPs

 

  • download AdwCleaner by Xplode onto your desktop.
    Close all open programs and internet browsers.
    Double click on adwcleaner.exe to run the tool.
    Click on Delete.
    Confirm each time with Ok.
    You will be prompted to restart your computer. A text file will open after the restart.
    Please post the contents of that logfile with your next reply.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Use CCleaner to cleanup temporary files, logs, ad cookies, etc. Use the default settings. Pay attention while installing

and UNcheck any offers of toolbars. No need to use the Registry Cleaning tool...may cause a problem.

CCleaner - PC Optimization and Cleaning - Free Download

 

Check your browser(s) add-ons/ extensions/ plugins and disable or remove those you do not recognize or did not install.


Edited by buddy215, 29 June 2014 - 08:47 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 thklein

thklein
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 29 June 2014 - 09:45 PM

ADW Cleaner Log:

 

# AdwCleaner v3.214 - Report created 29/06/2014 at 21:00:37
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Klein - KLEIN-HP
# Running from : C:\Users\Klein\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Users\Klein\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Klein\AppData\Local\PackageAware
Folder Deleted : C:\Users\Klein\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Klein\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Klein\AppData\Roaming\DSite
Folder Deleted : C:\Users\Klein\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Klein\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Klein\AppData\Roaming\Mozilla\Firefox\Profiles\itvd3jo9.default\bProtector_extensions.rdf
File Deleted : C:\Users\Klein\AppData\Roaming\Mozilla\Firefox\Profiles\itvd3jo9.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Klein\AppData\Roaming\Mozilla\Firefox\Profiles\itvd3jo9.default\searchplugins\Search_Results.xml
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKCU\Software\5e558c8ce73bec48
Key Deleted : HKLM\SOFTWARE\5e558c8ce73bec48
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Klein\AppData\Roaming\Mozilla\Firefox\Profiles\itvd3jo9.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Secure Search");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.yahoo.com/search?fr=mcafee&p=");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Secure Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=98119307-69E5-48E5-B0D8-7E644F346495&n=77fce698&p2=^UX^xdm166^YY^us&si=MA_Maps_US_K13");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.hp.lastGuardTime", -1959550022);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.installDate", "2013062808");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerId", "^UX^xdm166^YY^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerSubId", "MA_Maps_US_K13");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.installation.toolbarId", "98119307-69E5-48E5-B0D8-7E644F346495");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.lastActivePing", "1372427628799");
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._39Members_.weather.location", "62701");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "mapsgalaxy@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "mapsgalaxy@mindspark.com");
Line Deleted : user_pref("socialfixer.772408997/cached_content/donate_pagelet", "{\"expires_on\":1352348243643,\"content\":\"<div style=\\\"background-color:#ffffcc;border:1px solid #cccc99;padding:5px;-moz-border-r[...]
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Klein\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
 
*************************
 
AdwCleaner[R0].txt - [9781 octets] - [29/06/2014 20:56:44]
AdwCleaner[S0].txt - [9447 octets] - [29/06/2014 21:00:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9507 octets] ##########


#11 thklein

thklein
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 29 June 2014 - 10:14 PM

JRT Log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Klein on Sun 06/29/2014 at 21:48:13.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-810651579-831842609-3131279982-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{761A126D-C93A-4C28-9970-C99337A9EC6F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{78FE4729-A524-4797-A917-DF1E1183E5C8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{78FE4729-A524-4797-A917-DF1E1183E5C8}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\syswow64\shoA1DA.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Klein\AppData\Roaming\zip opener packages"
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{0D3C04FD-15EE-48AA-B94A-8AC6F4A1B930}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{1410C524-CCB2-47A4-A46C-C032AF17646D}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{1A8363F0-2024-49EA-AEE0-FC91896DB631}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{1C6FBDF8-AC2D-4C28-9994-FF6C628135F1}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{2F7CE13C-C5A3-4FF8-A4B4-927867372CD8}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{3BE83E35-0868-42AF-A04B-394BA2D4CAAB}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{4F09F146-E9C2-4051-BD80-49810D8300D8}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{6CB4ADCD-726C-4971-B80E-A05605BF9F94}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{826A9BF1-9CCE-4B0D-BCD5-6438783184BE}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{8EAF0F5C-FF44-4CDE-B13A-B0586F06BDAF}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{A049ADEF-1E17-4A53-A48D-BE353FE93F24}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{E37CF581-9E28-4D66-8933-A894060C8D39}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{E4903252-BEFB-4A6B-9494-44868A327EF0}
Successfully deleted: [Empty Folder] C:\Users\Klein\appdata\local\{FB2E9C0A-F853-4C18-916B-E84584B7B334}
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Klein\AppData\Roaming\mozilla\firefox\profiles\itvd3jo9.default\extensions\staged
Emptied folder: C:\Users\Klein\AppData\Roaming\mozilla\firefox\profiles\itvd3jo9.default\minidumps [120 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/29/2014 at 22:03:16.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#12 buddy215

buddy215

  • BC Advisor
  • 12,996 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:43 AM

Posted 29 June 2014 - 10:17 PM

You didn't confirm doing the below so I'm just reminding you to do that if you haven't already.

Next post....tell me if you are still getting messages from McAfee.

 

Use CCleaner to cleanup temporary files, logs, ad cookies, etc. Use the default settings. Pay attention while installing

and UNcheck any offers of toolbars. No need to use the Registry Cleaning tool...may cause a problem.

CCleaner - PC Optimization and Cleaning - Free Download

 

Check your browser(s) add-ons/ extensions/ plugins and disable or remove those you do not recognize or did not install.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 thklein

thklein
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 29 June 2014 - 10:40 PM

Just finished running CCleaner.  Should have said I was about to do that in my last post.  I will keep an eye out and let you know if I keep getting the McAfee messages.  Thanks.



#14 buddy215

buddy215

  • BC Advisor
  • 12,996 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:43 AM

Posted 30 June 2014 - 06:35 AM

Good plan....you're welcome.

 

Users these days are being bombarded with adware. Just about all popular free programs/ browser add-ons and sometimes updates come

bundled with adware. Some you can avoid during install....some you can't.

 

There is one site that hosts many of the most popular programs that do not have adware bundled with the downloads.

Ninite - Install or Update Multiple Apps at Once

 

EDIT: are the two 'mystery' processes gone?


Edited by buddy215, 30 June 2014 - 07:02 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users