Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware [Solved]


  • This topic is locked This topic is locked

#46
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
how are things looking now?
  • 0

Advertisements


#47
Denise0811

Denise0811

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Sorry I did not see your reply. It kept opening on page 3 and I just noticed there is a page 4! Anyway, the program is still in the programs section of the control panel. I am going to try spybot again and see if it shows up.
  • 0

#48
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
HitmanPro



  • Please download HitmanPro.








  • Launch the program by double clicking on the Posted Image icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).


  • Click on the next button. You must agree with the terms of EULA.


  • Check the box beside "No, I only want to perform a one-time scan to check this computer".


  • Click on the next button.


  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.


  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!


  • Click on the next button.


  • Click on the "Export scan results to XML file".


  • Save that file to your desktop and zip and attach it in your next reply.

  • 0

#49
Denise0811

Denise0811

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
It does not show up in spybot any longer. We still lose internet intermittently. I am not sure if that is because of the Sweetpack or something with our internet provider.
  • 0

#50
Denise0811

Denise0811

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
The download is called Reimage. I ran the scan but, I don't think this is correct. There is not a dropdown box etc.
  • 0

#51
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Denise0811

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

When you are complete please send me both reports

Gringo
  • 0

#52
Denise0811

Denise0811

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Mom on Tue 05/07/2013 at 21:44:54.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\Users\Mom\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\local\downloadterms"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\locallow\surfcanyon"
Successfully deleted: [Folder] "C:\Program Files (x86)\consumer input"
Successfully deleted: [Folder] "C:\Program Files (x86)\fast free converter"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\daxip@kjvdvbop.org"
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\49ffxtbr@utilitychest_49.com
Successfully deleted the following from C:\Users\Mom\AppData\Roaming\mozilla\firefox\profiles\q8ja71h4.default\prefs.js

user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");



~~~ Chrome

Dumping contents of C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Extensions
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Preferences
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Web Data
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige\background.js
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige\ContentScript.js
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige\manifest.json
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Successfully deleted: [Folder] C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/07/2013 at 21:50:35.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#53
Denise0811

Denise0811

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-07 21:53:28
-----------------------------
21:53:28.934 OS Version: Windows x64 6.1.7601 Service Pack 1
21:53:28.934 Number of processors: 4 586 0x2505
21:53:28.936 ComputerName: MOM-PC UserName: Mom
21:53:31.308 Initialize success
21:55:53.714 AVAST engine defs: 13050702
21:55:57.336 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:55:57.339 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
21:55:57.433 Disk 0 MBR read successfully
21:55:57.436 Disk 0 MBR scan
21:55:57.443 Disk 0 Windows VISTA default MBR code
21:55:57.447 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:55:57.457 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10118 MB offset 81920
21:55:57.472 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 943710 MB offset 20803584
21:55:57.491 Disk 0 scanning C:\Windows\system32\drivers
21:56:09.948 Service scanning
21:56:30.994 Modules scanning
21:56:31.006 Disk 0 trace - called modules:
21:56:31.039 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:56:31.366 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b9b060]
21:56:31.374 3 CLASSPNP.SYS[fffff88001b0543f] -> nt!IofCallDriver -> [0xfffffa80048f2040]
21:56:31.381 5 ACPI.sys[fffff88000d807a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048fb060]
21:56:33.198 AVAST engine scan C:\Windows
21:56:35.995 AVAST engine scan C:\Windows\system32
22:00:01.296 AVAST engine scan C:\Windows\system32\drivers
22:00:20.826 AVAST engine scan C:\Users\Mom
22:10:10.012 AVAST engine scan C:\ProgramData
22:12:58.308 Scan finished successfully
22:14:50.211 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"
22:14:50.225 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"
  • 0

#54
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
does it still showup?

gringo0
  • 0

#55
Denise0811

Denise0811

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
YES Success!!! It is gone!! Thank you so much for all your time!
  • 0

Advertisements


#56
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
YOU ARE MORE THAN WELCOME


GRINGO
  • 0

#57
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP