Jump to content

MAAG

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Just a heads up, sent you a little something... IDK if it had a memo attached or not, but thanks again!
  2. Hey Gringo -- I followed the instructions and finished up cleaning up the system. Feel free to close the thread. Thanks again!
  3. Hey Gringo, I ran the Root Kit tool afterwards and it went right through. No more encrypted system file. After the scan finally completed there was no malicious software found. Looks like we're in the clear with this one. Thank you for your time and help! Take it easy!
  4. Hey gringo_pr, thanks for taking a look at my files. Computer is running a little sluggish. Not horribly so but noticeable. I had a little trouble running AdwCleaner at first. The computer would get hung up and the program would not respond. I turned off all of the other programs and anti-virus but then my Defender kicked in. I started in safe mode and completed the scan and clean. Afterwards, running JRT was no issue. Info listed below: # AdwCleaner v3.017 - Report created 20/01/2014 at 15:41:58 # Updated 12/01/2014 by Xplode # Operating System : Windows Vista Home Basic Service Pack 2 (32 bits) # Username : Maria and Chad - MARIAANDCHAD-PC # Running from : C:\Users\Maria and Chad\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Maria and Chad\AppData\Local\Minibar Folder Deleted : C:\Users\Maria and Chad\AppData\Local\webplayer Folder Deleted : C:\Users\Maria and Chad\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Maria and Chad\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\Maria and Chad\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\Maria and Chad\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Maria and Chad\AppData\LocalLow\Viewpoint Folder Deleted : C:\Users\Maria and Chad\AppData\LocalLow\BitTorrentBar Folder Deleted : C:\Users\Maria and Chad\AppData\Roaming\Mozilla\Firefox\Profiles\6tltlx07.default\Conduit Folder Deleted : C:\Users\Maria and Chad\AppData\Roaming\Mozilla\Firefox\Profiles\6tltlx07.default\ConduitEngine File Deleted : C:\END File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt File Deleted : C:\Users\Maria and Chad\AppData\Roaming\Mozilla\Firefox\Profiles\6tltlx07.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3314199 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47073EE4-2B88-47A4-B384-956CD2E61B7D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{47073EE4-2B88-47A4-B384-956CD2E61B7D} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D372145-2A3A-4408-A6ED-72077E076C6E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}] Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\smartbarbackup Key Deleted : HKCU\Software\smartbarlog Key Deleted : HKCU\Software\TENCENT Key Deleted : HKCU\Software\Webplayer Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\dt soft\daemon tools toolbar Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\Software\TENCENT Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\Software\BitTorrentBar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BitTorrentBar Toolbar Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16526 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Maria and Chad\AppData\Roaming\Mozilla\Firefox\Profiles\6tltlx07.default\prefs.js ] Line Deleted : user_pref("CT3314199.FF19Solved", "true"); Line Deleted : user_pref("CT3314199.UserID", "UN37498251214600877"); Line Deleted : user_pref("CT3314199.browser.search.defaultthis.engineName", "true"); Line Deleted : user_pref("CT3314199.fullUserID", "UN37498251214600877.IN.20130911164334"); Line Deleted : user_pref("CT3314199.installDate", "11/09/2013 16:43:42"); Line Deleted : user_pref("CT3314199.installSessionId", "{3FEB1B08-47DC-40B1-A18F-3ED249F4D827}"); Line Deleted : user_pref("CT3314199.installSp", "TRUE"); Line Deleted : user_pref("CT3314199.installerVersion", "1.6.1.2"); Line Deleted : user_pref("CT3314199.keyword", "true"); Line Deleted : user_pref("CT3314199.originalHomepage", "about:home"); Line Deleted : user_pref("CT3314199.originalSearchAddressUrl", ""); Line Deleted : user_pref("CT3314199.originalSearchEngine", ""); Line Deleted : user_pref("CT3314199.originalSearchEngineName", ""); Line Deleted : user_pref("CT3314199.searchRevert", "false"); Line Deleted : user_pref("CT3314199.searchUserMode", "2"); Line Deleted : user_pref("CT3314199.smartbar.homepage", "true"); Line Deleted : user_pref("CT3314199.versionFromInstaller", "10.20.0.13"); Line Deleted : user_pref("CT3314199.xpeMode", "0"); Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Line Deleted : user_pref("browser.search.defaultenginename", "SweetPacks A2 Customized Web Search"); Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetPacks A2 Customized Web Search"); Line Deleted : user_pref("browser.search.selectedEngine", "SweetPacks A2 Customized Web Search"); Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true); Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3314199"); Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3314199"); Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3314199"); Line Deleted : user_pref("smartbar.machineId", "PH7L6C7SULQKI1EBU2HQD5HHP8YVBXGXW6H3Q9ACMO0QQS2JBI8NCFU7IXM3RVG/WJHU79RJU5H6JE4UO0BBGA"); ************************* AdwCleaner[R0].txt - [12244 octets] - [20/01/2014 13:36:33] AdwCleaner[R1].txt - [11951 octets] - [20/01/2014 13:51:20] AdwCleaner[R2].txt - [12071 octets] - [20/01/2014 15:21:37] AdwCleaner[R3].txt - [12191 octets] - [20/01/2014 15:29:40] AdwCleaner[R4].txt - [12311 octets] - [20/01/2014 15:40:40] AdwCleaner[s0].txt - [816 octets] - [20/01/2014 13:37:30] AdwCleaner[s1].txt - [367 octets] - [20/01/2014 13:52:36] AdwCleaner[s2].txt - [367 octets] - [20/01/2014 15:22:39] AdwCleaner[s3].txt - [367 octets] - [20/01/2014 15:30:25] AdwCleaner[s4].txt - [12515 octets] - [20/01/2014 15:41:58] ########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [12576 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows Vista Home Basic x86 Ran by Maria and Chad on Mon 01/20/2014 at 15:55:36.58 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\aol toolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\aol toolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1C07BD44-46F7-4060-B92A-10F8D2C1F17A} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AF4C2031-677B-4710-B3BD-1AC695378556} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{30A6A167-5F06-4575-B89C-11B469168F64} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EF64538-8B54-4573-B48F-4D34B0238AB2} ~~~ Files Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Maria and Chad\AppData\Roaming\getrighttogo" Successfully deleted: [Folder] "C:\Users\Maria and Chad\appdata\local\cre" Successfully deleted: [Folder] "C:\Program Files\coupons" Successfully deleted: [Folder] "C:\Program Files\myfuncards_5mei" ~~~ FireFox Emptied folder: C:\Users\Maria and Chad\AppData\Roaming\mozilla\firefox\profiles\6tltlx07.default\minidumps [158 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 01/20/2014 at 16:00:15.81 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks!
  5. I have been trying to run the ant rootkit on my desktop and everytime I do so I get a pop up that says the volume is inaccessible or encrypted. I'm not sure if it is anything major but I want to check it out anyway. I have attached the log files from the DDS. Please let me know if there is anything nasty in there I need to address. Thanks! attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.