best way to take out pup.optional.installbrain.a?

[leftydrummrr]

This has shown up twice on a Malwarebytes scan. Keeps coming back after I delete. What should I do, Am i missing something? Thanks

[Juliet]

Which version of Malwarebytes do you have?

Recently there was a software update that now is 2.0., check your version.

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

[leftydrummrr]

I believe I have the latest version of MalwareBytes. I update each time I use it. Here are the scans.

 

# AdwCleaner v3.023 - Report created 12/04/2014 at 09:58:03

# Updated 01/04/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : mark gisi - YOUR-DCA4C55FD8

# Running from : C:\Documents and Settings\mark gisi\My Documents\Downloads\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\All Users\Application Data\apn

Folder Found C:\Documents and Settings\mark gisi\Local Settings\Application Data\FileTypeAssistant

Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant

Folder Found C:\Program Files\File Type Assistant

Folder Found C:\WINDOWS\system32\AI_RecycleBin

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\Software\InstallIQ

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\File Type Assistant\TSAssist.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages] - hxxp://us-mg205.mail.yahoo.com/neo/launch?.rand=2146636319&action=showLetter&umid=2_0_0_1_158104_AOvTimIAANteUepq4QHRNTP5vxM&box=Inbox

-\\ Google Chrome v34.0.1847.116

[ File : C:\Documents and Settings\mark gisi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2601 octets] - [12/04/2014 09:58:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2661 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Microsoft Windows XP x86

Ran by mark gisi on Sat 04/12/2014 at 10:05:06.76

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"

Successfully deleted: [Folder] "C:\Documents and Settings\mark gisi\Local Settings\Application Data\filetypeassistant"

Successfully deleted: [Folder] "C:\Program Files\coupons"

Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 04/12/2014 at 10:10:08.32

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank you Juliet.

[Juliet]

Uninstall File Type Assistant.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• This time in the list of objects, Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

How's your computer now?

[leftydrummrr]

Here is the file. The computer is faster now.

 

# AdwCleaner v3.023 - Report created 12/04/2014 at 14:10:40

# Updated 01/04/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : mark gisi - YOUR-DCA4C55FD8

# Running from : C:\Documents and Settings\mark gisi\My Documents\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\File Type Assistant

Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant

Folder Deleted : C:\Documents and Settings\mark gisi\Local Settings\Application Data\FileTypeAssistant

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\File Type Assistant\TSAssist.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages]

-\\ Google Chrome v34.0.1847.116

[ File : C:\Documents and Settings\mark gisi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2741 octets] - [12/04/2014 09:58:03]

AdwCleaner[R1].txt - [2024 octets] - [12/04/2014 14:07:32]

AdwCleaner[s0].txt - [1833 octets] - [12/04/2014 14:10:40]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1893 octets] ##########

Did I get it all?

[Juliet]

Did I get it all?

I hope

 

This has shown up twice on a Malwarebytes scan. Keeps coming back after I delete. What should I do, Am i missing something?

You were able to delete the original problem. Is the computer experiencing anything else?

[leftydrummrr]

No further problems. Thank you. Anything else I should do?

[Juliet]

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

~~~~~~~~~~~~~~~~~

 

Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

[leftydrummrr]

Here is the report.

 

C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\ftacfg.exe.vir Win32/FileTypeAssistant.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\TSASetup.exe.vir Win32/FileTypeAssistant.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\tsassist.exe.vir Win32/FileTypeAssistant.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\temp\~tmp.exe.vir Win32/FileTypeAssistant.A potentially unwanted application

C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP549\A0082992.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application

C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP549\A0082995.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application

C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP549\A0082996.exe Win32/FileTypeAssistant.A potentially unwanted application

C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP549\A0082998.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application

C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP577\A0086503.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP577\A0086545.exe Win32/FileTypeAssistant.A potentially unwanted application

C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP577\A0086547.exe Win32/FileTypeAssistant.A potentially unwanted application

C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP577\A0086548.exe Win32/FileTypeAssistant.A potentially unwanted application

C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP577\A0086552.exe Win32/FileTypeAssistant.A potentially unwanted application

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\RADMIN FILE\radmin22.zip Win32/RemoteAdmin.RAdmin.22 potentially unsafe application

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\RADMIN FILE\radmin22\RADMIN22.EXE Win32/RemoteAdmin.RAdmin.22 potentially unsafe application

Still more infections?

[Juliet]

What was found is held in quarantine, system restore which cannot hurt you unless you click on one of those restore points, and a couple in a back up you made.

not-a-virus:RemoteAdmin.Win32.RAdmin.22 - Riskware, potentially unsafe application

~~~~~~~~~~

 

To remove AdwCleaner quarantine folder, double click on adwcleaner.exe to run the tool.

Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

 

Click Start Menu > Run > type (or copy and paste)

 

%SystemRoot%\System32\restore\rstrui.exe

 

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

 

Next goto Start Menu > Run > type

 

cleanmgr

 

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

 

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

 

 

~~~~~~~~~~~~

 

Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select - Show hidden files and folders.
• Uncheck- Hide protected operating system files (recommended) option.
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
• Click OK. (Remember to Hide files and folders once done)

Using Windows Explorer (right-click your "Start" button and select "Explore"), please navigate to and delete the following files/folders in bold

 

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\RADMIN FILE\radmin22.zip

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\RADMIN FILE\radmin22\RADMIN22.EXE

 

reboot the computer.

 

Running good now?

 

Please take time to read over the below article

Important information regarding Windows XP

http://forums.whatthetech.com/index.php?showtopic=127901

[leftydrummrr]

Finished all above. Computer runs well. Anything else?

[Juliet]

I think we're done with what we found. If something was still lurking in the background you would know it.

 

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

• Green should be good to go
• Yellow for caution
• Red to stop
• Please read the following safe computing articles..

   

  Secure My Computer: A Layered Approach

   

   

  Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

[leftydrummrr]

Thank you for your excellent help.

[Juliet]