Jump to content


Photo
- - - - -

Internet Compromised


  • This topic is locked This topic is locked
33 replies to this topic

#21 gd678588

gd678588

    New Member

  • Members
  • Pip
  • 16 posts

Posted 28 July 2013 - 09:23 AM

Restart complete



#22 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 July 2013 - 09:45 AM

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#23 gd678588

gd678588

    New Member

  • Members
  • Pip
  • 16 posts

Posted 28 July 2013 - 09:55 AM

Here is the log-file.  I don't see anything on here that I need to keep.  Thanks for helping today, by the way.  For some reason the replies earlier in the week went to spam mail.  So sorry for not getting back with you sooner.

 

# AdwCleaner v2.306 - Logfile created 07/28/2013 at 09:49:52
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steven - GDPC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Steven\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\searchplugins\Conduit.xml
File Found : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\.autoreg
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Steven\Application Data\DefaultTab
Folder Found : C:\Documents and Settings\Steven\Application Data\iWin
Folder Found : C:\Documents and Settings\Steven\Application Data\PriceGong
Folder Found : C:\Documents and Settings\Steven\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Steven\Application Data\WebCake
Folder Found : C:\Documents and Settings\Steven\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\01192419711007700772702288657707
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3303001
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v1.5.0.12 (en-US)

File : C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\prefs.js

Found : user_pref("CT3303001.FF19Solved", "true");
Found : user_pref("CT3303001.UserID", "UN32236964502889311");
Found : user_pref("CT3303001.addressUrlXPETakeover", "true");
Found : user_pref("CT3303001.autoDisableScopes", -1);
Found : user_pref("CT3303001.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3303001.defaultSearchXPETakeover", "true");
Found : user_pref("CT3303001.fullUserID", "UN32236964502889311.IN.2013071582228");
Found : user_pref("CT3303001.installDate", "15/07/2013 8:22:30");
Found : user_pref("CT3303001.installSessionId", "{9FB605BD-B48B-4808-839E-6CAA19B30FB5}");
Found : user_pref("CT3303001.installSp", "TRUE");
Found : user_pref("CT3303001.installerVersion", "1.4.3.3");
Found : user_pref("CT3303001.keyword", "true");


Found : user_pref("CT3303001.originalSearchEngine", "Yahoo");
Found : user_pref("CT3303001.originalSearchEngineName", "Yahoo");
Found : user_pref("CT3303001.searchRevert", "false");
Found : user_pref("CT3303001.searchUserMode", "2");
Found : user_pref("CT3303001.smartbar.homepage", "true");
Found : user_pref("CT3303001.startPageXPETakeover", "true");
Found : user_pref("CT3303001.versionFromInstaller", "10.16.4.19");

Found : user_pref("browser.search.defaultthis.engineName", "Vafmusic8 Customized Web Search");


Found : user_pref("smartbar.addressBarOwnerCTID", "CT3303001");


Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3303001");
Found : user_pref("smartbar.homePageOwnerCTID", "CT3303001");
Found : user_pref("smartbar.machineId", "7DUYKKVHHGF2PTPUSTB1LS/DRJRVZ5GRE8DOYVCR2PF+SERH8BQYNROZB8RILHBIPQ3[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7818 octets] - [28/07/2013 09:49:52]

########## EOF - C:\AdwCleaner[R1].txt - [7878 octets] ##########



#24 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 July 2013 - 10:08 AM

Lots of adware found....lets clear it out.....
  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Then......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#25 gd678588

gd678588

    New Member

  • Members
  • Pip
  • 16 posts

Posted 28 July 2013 - 11:05 AM

The AdwCleaner[Sn}.txt and malwarebytes logs are posted below.  Is there anything else we need to do to my computer?

 

The Microsoft Security Essentials is removed from my computer now.  Should I reinstall this?  I'm a little concerned since I got this problem under their protection.  Is Malwarebytes also a security product or is it to use in conjunction with a security product?

 

# AdwCleaner v2.306 - Logfile created 07/28/2013 at 10:12:43
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steven - GDPC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Steven\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Steven\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Steven\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Steven\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Steven\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Steven\Application Data\WebCake
Folder Deleted : C:\Documents and Settings\Steven\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\01192419711007700772702288657707
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303001
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v1.5.0.12 (en-US)

File : C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\prefs.js

C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\user.js ... Deleted !

Deleted : user_pref("CT3303001.FF19Solved", "true");
Deleted : user_pref("CT3303001.UserID", "UN32236964502889311");
Deleted : user_pref("CT3303001.addressUrlXPETakeover", "true");
Deleted : user_pref("CT3303001.autoDisableScopes", -1);
Deleted : user_pref("CT3303001.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3303001.defaultSearchXPETakeover", "true");
Deleted : user_pref("CT3303001.fullUserID", "UN32236964502889311.IN.2013071582228");
Deleted : user_pref("CT3303001.installDate", "15/07/2013 8:22:30");
Deleted : user_pref("CT3303001.installSessionId", "{9FB605BD-B48B-4808-839E-6CAA19B30FB5}");
Deleted : user_pref("CT3303001.installSp", "TRUE");
Deleted : user_pref("CT3303001.installerVersion", "1.4.3.3");
Deleted : user_pref("CT3303001.keyword", "true");


Deleted : user_pref("CT3303001.originalSearchEngine", "Yahoo");
Deleted : user_pref("CT3303001.originalSearchEngineName", "Yahoo");
Deleted : user_pref("CT3303001.searchRevert", "false");
Deleted : user_pref("CT3303001.searchUserMode", "2");
Deleted : user_pref("CT3303001.smartbar.homepage", "true");
Deleted : user_pref("CT3303001.startPageXPETakeover", "true");
Deleted : user_pref("CT3303001.versionFromInstaller", "10.16.4.19");

Deleted : user_pref("browser.search.defaultthis.engineName", "Vafmusic8 Customized Web Search");


Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3303001");


Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3303001");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3303001");
Deleted : user_pref("smartbar.machineId", "7DUYKKVHHGF2PTPUSTB1LS/DRJRVZ5GRE8DOYVCR2PF+SERH8BQYNROZB8RILHBIPQ3[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7947 octets] - [28/07/2013 09:49:52]
AdwCleaner[S1].txt - [8163 octets] - [28/07/2013 10:12:43]

########## EOF - C:\AdwCleaner[S1].txt - [8223 octets] ##########

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.28.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Steven :: GDPC [administrator]

Protection: Enabled

7/28/2013 10:23:02 AM
mbam-log-2013-07-28 (10-23-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288885
Time elapsed: 17 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Steven\Local Settings\Temp\DIQM\malwarebytes-anti-malware_037\setup__120.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.

(end)



#26 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 July 2013 - 11:10 AM

The Microsoft Security Essentials is removed from my computer now. Should I reinstall this? I'm a little concerned since I got this problem under their protection. Is Malwarebytes also a security product or is it to use in conjunction with a security product?

 


I suggest you purchase the Pro version of Malwarebytes and use it along with AVAST.
If you don't want to purchase MB Pro, I would reinstall MSE and use that.

----------------------------------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#27 gd678588

gd678588

    New Member

  • Members
  • Pip
  • 16 posts

Posted 28 July 2013 - 11:21 AM

Here is the chekup.txt

 

 Results of screen317's Security Check version 0.99.71 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 CA Yahoo! Anti-Spy (remove only)
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java™ 6 Update 22 
 Java 2 Runtime Environment, SE v1.4.2_03
 Java version out of Date!
 Adobe Flash Player  11.7.700.224 
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox (1.5.0 Firefox out of Date! 
 Google Chrome 28.0.1500.71 
 Google Chrome 28.0.1500.72 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#28 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 July 2013 - 11:31 AM

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


-------------------------------------------

Please uninstall any Java listed in your add/remove programs

Java™ 6 Update 22
Java 2 Runtime Environment, SE v1.4.2_03


Java version out of Date! <-------Download and install the latest version (Version 25) from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

--------------------------------------------

Adobe Reader 8 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

----------------------

Mozilla Firefox (1.5.0 Firefox out of Date! <---please check for an update if available

---------------------------

Google Chrome 28.0.1500.71 <-----OLD
Google Chrome 28.0.1500.72 <-----OK

You have old versions of Google Chrome on the system.
Please download and run OldChromeRemover.
@Windows Vista/Windows 7-8 users must use “Run As Administrator.”

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#29 gd678588

gd678588

    New Member

  • Members
  • Pip
  • 16 posts

Posted 28 July 2013 - 12:28 PM

I was able to uninstall and reinstall Java.  Now I'm working on Adobe.  When I click Adobe from my "All Programs" list, it opens but another window opens advising Beyond Adobe Reader.  It then says "Beyond Adobe Reader could not establish an Internet connection.  Please try again."  It displays a button to "Click here to open Beyond Adobe Reader now."

 

Before I go any further, is this the same as Adobe Reader?  I was wondering if I should uninstall all the adobe stuff on my computer and reinstall.



#30 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 July 2013 - 01:22 PM

I was wondering if I should uninstall all the adobe stuff on my computer and reinstall.

 

Yes, I would do that...MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#31 gd678588

gd678588

    New Member

  • Members
  • Pip
  • 16 posts

Posted 28 July 2013 - 02:13 PM

thanks for all your help!  I tried clicking your preventative maintenance link but it says the webpage cannot be found.  I would like to see what you suggest, as you have been very helpful!



#32 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 July 2013 - 02:22 PM

Yes I see that, let me find out what happened to the forum. MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#33 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 July 2013 - 02:31 PM

Here's a cached version of it:

 

http://webcache.goog...n&ct=clnk&gl=us

 

MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#34 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 29 July 2013 - 07:38 AM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users