Jump to content



Recommended Posts

When I ran a complete scan of MBAM, it found 6 locations of PUP.Optional.Iminent.A. I was able to remove them with MBAM. Then ran Super Antispy and it did not show up. Ran MBAM again and it did not show up again.


After reading some information on the Internet, it appears advice has been given to also run AdwCleaner, Junkware Removal Tool, MBAM again and then HitmanPro.


If MBAM tells me it removed it when I first found it, and when I did a second complete scan with MBAM it still didn't show up, is it still necessary to run these other scans? I just need to be sure it is gone.


Thank you for your help!

Link to post
Share on other sites

Welcome to the forum, try this:

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Ran AdwCleaner, Results below. Found only one File - "Web Assistant Updater".

Ran MBAM Quick Scan, results below. Appears to be clean.


Computer was running OK prior to this request, I was just concerned about MBAM finding PUP.Optional.Iminent.A. Although MBAM appeared to have removed it I was still concerned it was hiding somewhere after some reading about it. Computer running fine now, although I was surprised to find all my "pinned" tabs were removed from Google Chrome when I went back online, however, was able to locate them and repin them.


Since AdwCleaner found this "Web Assistant Updater", removed it and MBAM came back clean - am I now free of this "Iminent.A" thing? Did it come from the "Web Assistant Updater?" I wasn't even aware I had the "Web Assistant Updater."


Please advise if I'm safe now and thank you so much for your help!




# AdwCleaner v3.006 - Report created 07/10/2013 at 12:18:40

# Updated 01/10/2013 by Xplode
# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)
# Username : 
# Running from : C:\Users\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : Web Assistant Updater
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Users\AppData\Local\Conduit
Folder Deleted : C:\Users\AppData\Local\OpenCandy
Folder Deleted : C:\Users\AppData\Local\PackageAware
Folder Deleted : C:\Users\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\AppData\LocalLow\PriceGong
File Deleted : C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\a9vgu9ge.default\Extensions\webbooster@iminent.com.xpi
File Deleted : C:\END
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CD10120B-C165-4F8D-8C74-639629E238FF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16502
-\\ Mozilla Firefox v
[ File : C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\a9vgu9ge.default\prefs.js ]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none}  #psa-teoma-result .ptbs .WRCN,  #teoma-results .ptbs .WRCN {display:inline !important; background: url(\\\\\"IMAGE\\\\\") r[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\\\\\\\:\\\\\\\\/\\\\\\\\/(.+\\\\\\\\.)?ask\\\\\\\\.com\\\\\\\\/.*");
-\\ Google Chrome v30.0.1599.69
[ File : C:\Users\AppData\Local\Google\Chrome\User Data\Default\preferences ]
AdwCleaner[R0].txt - [4583 octets] - [07/10/2013 11:46:08]
AdwCleaner[s0].txt - [4624 octets] - [07/10/2013 12:18:40]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4684 octets] ##########
Malwarebytes Anti-Malware
Database version: v2013.10.07.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
10/7/2013 1:40:37 PM
mbam-log-2013-10-07 (13-40-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 250308
Time elapsed: 8 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Link to post
Share on other sites


a little clean up to do:

Please download OTC to your desktop.


Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.


Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.