Jump to content

heatherly

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, Both scans completed successfully. Here are the logs: # AdwCleaner v2.301 - Logfile created 06/05/2013 at 11:13:52 # Updated 16/05/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : owner - OWNER-853ACF962 # Boot Mode : Normal # Running from : C:\Documents and Settings\owner\Local Settings\Application Data\Opera\Opera\temporary_downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\All Users\Application Data\search protection File Deleted : C:\END Folder Deleted : C:\DOCUME~1\Grandpa\LOCALS~1\Temp\boost_interprocess Folder Deleted : C:\Documents and Settings\All Users\Application Data\adawaretb Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars Folder Deleted : C:\Documents and Settings\Darla\Application Data\adawaretb Folder Deleted : C:\Documents and Settings\Darla\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Darla\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\Darla\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Darla\Local Settings\Application Data\IMVU_Inc Folder Deleted : C:\Documents and Settings\Grandpa\Application Data\adawaretb Folder Deleted : C:\Documents and Settings\Grandpa\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\Grandpa\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Grandpa\Local Settings\Application Data\IMVU_Inc Folder Deleted : C:\Documents and Settings\owner\Application Data\adawaretb Folder Deleted : C:\Documents and Settings\owner\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\owner\Local Settings\Application Data\IMVU_Inc Folder Deleted : C:\Program Files\adawaretb Folder Deleted : C:\Program Files\Advanced System Protector Folder Deleted : C:\Program Files\BabylonToolbar Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\IMVU_Inc ***** [Registry] ***** Key Deleted : HKCU\Software\adawaretb Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IMVU_Inc Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B49673-5506-483E-B92B-CA0265BD9CA8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B49673-5506-483E-B92B-CA0265BD9CA8} Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\adawaretb Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE} Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC} Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\IMVU_Inc Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{231CC657-7EB4-48A2-BCF9-743E5E13E077} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EBADCCA-4E7B-4429-A409-BADA93043840} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMVU_Inc Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B49673-5506-483E-B92B-CA0265BD9CA8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMVU_Inc Toolbar Key Deleted : HKU\S-1-5-21-725345543-1844237615-1801674531-1005\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90B49673-5506-483E-B92B-CA0265BD9CA8}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{90B49673-5506-483E-B92B-CA0265BD9CA8}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Opera v12.15.1748.0 File : C:\Documents and Settings\owner\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. File : C:\Documents and Settings\Grandpa\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. File : C:\Documents and Settings\Darla\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[s1].txt - [5473 octets] - [05/06/2013 11:13:52] ########## EOF - C:\AdwCleaner[s1].txt - [5533 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Microsoft Windows XP x86 Ran by owner on Wed 06/05/2013 at 11:20:13.89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe" ~~~ Folders Failed to delete: [Folder] "C:\Documents and Settings\All Users\application data\search protection" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\systweak" Successfully deleted: [Folder] "C:\Documents and Settings\owner\Application Data\systweak" Successfully deleted: [Folder] "C:\Documents and Settings\owner\Local Settings\Application Data\adawarebp" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 06/05/2013 at 11:22:40.71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  2. Hi, Thanks for your help, Gringo. Safe mode with command prompt worked, I performed a system restore, and ran Malwarebytes. Here's the Malwarebytes log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.05.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 owner :: OWNER-853ACF962 [administrator] 6/5/2013 1:36:07 AM mbam-log-2013-06-05 (01-36-07).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 443274 Time elapsed: 1 hour(s), 25 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. Hi, My dad borked my guest room computer today. It's the FBI Moneypak malware. A pop-up covers the whole screen whenever it loads a user account and there's no way around it. I tried booting in safe mode with networking and then safe mode both, and the same thing happens. (Though booting in safe mode without networking, the pop-up says "please connect to the internet" instead of its whole song and dance about the FBI demanding your money.) It's a Windows XP Professional computer with service pack 3. Can anyone help me? Thanks, Heather
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.