Solve : File footprints?

1.	Solve : File footprints?
Answer» Here's a copy of the JRT.txt file. I am working on backing up my pc before I install and run Malwarebytes' Anti-Rootkit. Again, PLEASE let me know if you think any of this information might be indicative of someone putting something on my pc to monitor my activities. Thanks! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal TOOL (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Libby on Sat 04/12/2014 at 13:49:19.07 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully REPAIRED: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-626533540-2267483260-4042443749-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D97887C1-33F2-4518-B157-EBD20FFDA49C} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D97887C1-33F2-4518-B157-EBD20FFDA49C} ~~~ Files Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll" Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll" ~~~ Folders Successfully deleted: [FOLDER] "C:\Program Files (x86)\coupons" ~~~ FireFox Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1c43baf1-00c2-40a8-a09e-f84cfd79546d} Successfully deleted the following from C:\Users\Libby\AppData\Roaming\mozilla\firefox\profiles\0t1jpq6p.default\prefs.js user_pref("id_couponscom.variablecashedNotificatio ns", "%7B%22hxxp%3A//www.dickssportinggoods.com/home/index.jsp%22%3A%22%3CTOOLBAR%3E%5Cr%5Cn%3CSETTINGS%20scope%3D%5C%220%5C% user_pref("id_couponscom.variables.Var1", "hxxp%3A//cdn.coupons.com/couponbar.coupons.com"); user_pref("id_couponscom.variables.Var2", "hxxp%3A//couponbar.coupons.com"); user_pref("id_couponscom.variables.Var3", "hxxp%3A//www.coupons.com/coupon-codes/"); Emptied folder: C:\Users\Libby\AppData\Roaming\mozilla\firefox\profiles\0t1jpq6p.default\minidumps [21 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 04/12/2014 at 13:55:51.85 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quote Again, please let me know if you think any of this information might be indicative of someone putting something on my pc to monitor my activities. There's no evidence of that yet. Were you able to run the MBAM rootkit scanner?

Answer»

Here's a copy of the JRT.txt file. I am working on backing up my pc before I install and run Malwarebytes' Anti-Rootkit. Again, PLEASE let me know if you think any of this information might be indicative of someone putting something on my pc to monitor my activities. Thanks!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal TOOL (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Libby on Sat 04/12/2014 at 13:49:19.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully REPAIRED: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-626533540-2267483260-4042443749-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D97887C1-33F2-4518-B157-EBD20FFDA49C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D97887C1-33F2-4518-B157-EBD20FFDA49C}

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"

~~~ Folders

Successfully deleted: [FOLDER] "C:\Program Files (x86)\coupons"

~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1c43baf1-00c2-40a8-a09e-f84cfd79546d}
Successfully deleted the following from C:\Users\Libby\AppData\Roaming\mozilla\firefox\profiles\0t1jpq6p.default\prefs.js

user_pref("id_couponscom.variablecashedNotificatio ns", "%7B%22hxxp%3A//www.dickssportinggoods.com/home/index.jsp%22%3A%22%3CTOOLBAR%3E%5Cr%5Cn%3CSETTINGS%20scope%3D%5C%220%5C%
user_pref("id_couponscom.variables.Var1", "hxxp%3A//cdn.coupons.com/couponbar.coupons.com");
user_pref("id_couponscom.variables.Var2", "hxxp%3A//couponbar.coupons.com");
user_pref("id_couponscom.variables.Var3", "hxxp%3A//www.coupons.com/coupon-codes/");
Emptied folder: C:\Users\Libby\AppData\Roaming\mozilla\firefox\profiles\0t1jpq6p.default\minidumps [21 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/12/2014 at 13:55:51.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Quote

Again, please let me know if you think any of this information might be indicative of someone putting something on my pc to monitor my activities.

There's no evidence of that yet. Were you able to run the MBAM rootkit scanner?

Solve : File footprints?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment