Malware [Solved]
Started by
Denise0811
, Apr 21 2013 08:04 PM
#46
Posted 05 May 2013 - 06:26 PM
#47
Posted 07 May 2013 - 07:49 PM
Sorry I did not see your reply. It kept opening on page 3 and I just noticed there is a page 4! Anyway, the program is still in the programs section of the control panel. I am going to try spybot again and see if it shows up.
#48
Posted 07 May 2013 - 08:04 PM
HitmanPro
- Please download HitmanPro.
- Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
- Click on the next button. You must agree with the terms of EULA.
- Check the box beside "No, I only want to perform a one-time scan to check this computer".
- Click on the next button.
- The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
- When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
- Click on the next button.
- Click on the "Export scan results to XML file".
- Save that file to your desktop and zip and attach it in your next reply.
#49
Posted 07 May 2013 - 08:22 PM
It does not show up in spybot any longer. We still lose internet intermittently. I am not sure if that is because of the Sweetpack or something with our internet provider.
#50
Posted 07 May 2013 - 08:36 PM
The download is called Reimage. I ran the scan but, I don't think this is correct. There is not a dropdown box etc.
#51
Posted 07 May 2013 - 08:41 PM
Hello Denise0811
-Junkware-Removal-Tool-
Please download Junkware Removal Tool to your desktop.
Please download aswMBR to your desktop.
When you are complete please send me both reports
Gringo
-Junkware-Removal-Tool-
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Please download aswMBR to your desktop.
- Double click the aswMBR.exe icon to run it
- it will ask to download extra definitions - ALLOW IT
- Click the Scan button to start the scan
- On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
When you are complete please send me both reports
Gringo
#52
Posted 07 May 2013 - 08:51 PM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Mom on Tue 05/07/2013 at 21:44:54.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\Users\Mom\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\local\downloadterms"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\locallow\surfcanyon"
Successfully deleted: [Folder] "C:\Program Files (x86)\consumer input"
Successfully deleted: [Folder] "C:\Program Files (x86)\fast free converter"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]"
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\49ffxtbr@utilitychest_49.com
Successfully deleted the following from C:\Users\Mom\AppData\Roaming\mozilla\firefox\profiles\q8ja71h4.default\prefs.js
user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");
~~~ Chrome
Dumping contents of C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Extensions
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Preferences
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Web Data
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige\background.js
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige\ContentScript.js
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige\manifest.json
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Successfully deleted: [Folder] C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/07/2013 at 21:50:35.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Mom on Tue 05/07/2013 at 21:44:54.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\Users\Mom\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\local\downloadterms"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\Mom\appdata\locallow\surfcanyon"
Successfully deleted: [Folder] "C:\Program Files (x86)\consumer input"
Successfully deleted: [Folder] "C:\Program Files (x86)\fast free converter"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]"
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\49ffxtbr@utilitychest_49.com
Successfully deleted the following from C:\Users\Mom\AppData\Roaming\mozilla\firefox\profiles\q8ja71h4.default\prefs.js
user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");
~~~ Chrome
Dumping contents of C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Extensions
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Preferences
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Web Data
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige\background.js
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige\ContentScript.js
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\aageddgeggddgedaggdagcdidegcdige\manifest.json
C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Successfully deleted: [Folder] C:\Users\Mom\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/07/2013 at 21:50:35.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#53
Posted 07 May 2013 - 09:15 PM
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-07 21:53:28
-----------------------------
21:53:28.934 OS Version: Windows x64 6.1.7601 Service Pack 1
21:53:28.934 Number of processors: 4 586 0x2505
21:53:28.936 ComputerName: MOM-PC UserName: Mom
21:53:31.308 Initialize success
21:55:53.714 AVAST engine defs: 13050702
21:55:57.336 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:55:57.339 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
21:55:57.433 Disk 0 MBR read successfully
21:55:57.436 Disk 0 MBR scan
21:55:57.443 Disk 0 Windows VISTA default MBR code
21:55:57.447 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:55:57.457 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10118 MB offset 81920
21:55:57.472 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 943710 MB offset 20803584
21:55:57.491 Disk 0 scanning C:\Windows\system32\drivers
21:56:09.948 Service scanning
21:56:30.994 Modules scanning
21:56:31.006 Disk 0 trace - called modules:
21:56:31.039 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:56:31.366 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b9b060]
21:56:31.374 3 CLASSPNP.SYS[fffff88001b0543f] -> nt!IofCallDriver -> [0xfffffa80048f2040]
21:56:31.381 5 ACPI.sys[fffff88000d807a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048fb060]
21:56:33.198 AVAST engine scan C:\Windows
21:56:35.995 AVAST engine scan C:\Windows\system32
22:00:01.296 AVAST engine scan C:\Windows\system32\drivers
22:00:20.826 AVAST engine scan C:\Users\Mom
22:10:10.012 AVAST engine scan C:\ProgramData
22:12:58.308 Scan finished successfully
22:14:50.211 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"
22:14:50.225 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"
Run date: 2013-05-07 21:53:28
-----------------------------
21:53:28.934 OS Version: Windows x64 6.1.7601 Service Pack 1
21:53:28.934 Number of processors: 4 586 0x2505
21:53:28.936 ComputerName: MOM-PC UserName: Mom
21:53:31.308 Initialize success
21:55:53.714 AVAST engine defs: 13050702
21:55:57.336 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:55:57.339 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
21:55:57.433 Disk 0 MBR read successfully
21:55:57.436 Disk 0 MBR scan
21:55:57.443 Disk 0 Windows VISTA default MBR code
21:55:57.447 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:55:57.457 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10118 MB offset 81920
21:55:57.472 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 943710 MB offset 20803584
21:55:57.491 Disk 0 scanning C:\Windows\system32\drivers
21:56:09.948 Service scanning
21:56:30.994 Modules scanning
21:56:31.006 Disk 0 trace - called modules:
21:56:31.039 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:56:31.366 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b9b060]
21:56:31.374 3 CLASSPNP.SYS[fffff88001b0543f] -> nt!IofCallDriver -> [0xfffffa80048f2040]
21:56:31.381 5 ACPI.sys[fffff88000d807a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048fb060]
21:56:33.198 AVAST engine scan C:\Windows
21:56:35.995 AVAST engine scan C:\Windows\system32
22:00:01.296 AVAST engine scan C:\Windows\system32\drivers
22:00:20.826 AVAST engine scan C:\Users\Mom
22:10:10.012 AVAST engine scan C:\ProgramData
22:12:58.308 Scan finished successfully
22:14:50.211 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"
22:14:50.225 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"
#54
Posted 07 May 2013 - 09:20 PM
does it still showup?
gringo0
gringo0
#55
Posted 08 May 2013 - 07:06 PM
YES Success!!! It is gone!! Thank you so much for all your time!
#56
Posted 08 May 2013 - 07:29 PM
YOU ARE MORE THAN WELCOME
GRINGO
GRINGO
#57
Posted 12 May 2013 - 10:51 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users