Good Evening:
Hopefully someone can assist me in Exorcising this treacherous, nagging message and instrusive program/application. The message began when my son was using my computer today.
The message states: You have a security problem, then asks if I want to scan the computer; and continuously pops up every few seconds. . I do not know what my son was doing when this issue presented itself [I will ask him when he returns home], or if he was utilizing an application.
I have searched your forum beforehand for previous posting concerning this issue, but did not find any. I am running Vista Home Premium, 6.0.6001 SP1 Build 6001.
I have turned off System Restore to the "C" drive, updated virus definitions [using Symantec Endpoint Protection], version 11.0.780.1109, and am currently running a "full" scan of the drive.
I accessed Internet Options/Security tab/Restricted Sites, and added the following sites:
66.232.96.0, http://*.live-antivirus-scan.com, http://*.noc4hosts.com, http://*.soch-help.com, and ns.noc4hosts.com to the Restricted Sites.
Also viewed the Client Management Log - Security Log, performed a "Backtrace" and found the following information:
Hop 14 - IP Address 66.232.126.192 Time [ms] 140
2. Clicked "Whois" and received the following results:
OrgName: NOC4Hosts Inc. OrgID: NOC4H
Address: 400 N. Tampa Street #1025 Tampa FL 33602 US
Referral Server: rwhois://rwhois.noc4hosts.com:4321
NetRange: 66.232.96.0 - 66.232.127.255
CIDR: 66.232.96.0/19
NetName: NOC4HOSTS1
NetHandle: NET-66-232-96-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS.NOC4HOSTS.COM
NameServer: NS2.NOC4HOSTS.COM
Comment:
RegDate: 2005-10-21
Updated: 2006-06-27
RAbuseHandle: NAA7-ARIN
RAbuseName: Noc4Hosts Abuse Admin
RAbusePhone: +1-877-801-1443
RAbuseEmail: abuse@noc4hosts.com
RTechHandle: IPADM158-ARIN
RTechName: IP Admin
RTechPhone: +1-877-801-1443
RTechEmail: noc@noc4hosts.com
OrgAbuseHandle: NAA7-ARIN
OrgAbuseName: Noc4Hosts Abuse Admin
OrgAbusePhone: +1-877-801-1443
OrgAbuseEmail: abuse@noc4hosts.com
OrgTechHandle: IPADM158-ARIN
OrgTechName: IP Admin
OrgTechPhone: +1-877-801-1443
OrgTechEmail: noc@noc4hosts.com
# ARIN WHOIS database, last updated 2008-11-04 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
I am still thinking of what I can do to stop this Intrusive and Annoying issue. Any assistance and/or suggestions are Welcomed. Thank You So Very Much! If more information is required, please do not hesitate to contact me.
Zephyr 53
Additional Information Found:
SID: 23005] HTTP Fake Scan Webpage detected.
Traffic has been blocked from this application: C:\Program Files\Internet Explorer\iexplore.exe
[SID: 23005] HTTP Fake Scan Webpage detected.
Traffic has been blocked from this application: C:\Users\OBLIVI~1\AppData\Local\Temp\~tmpb.exe
Active Response that started at 11/05/2008 18:40:48 is disengaged. The traffic from IP address 92.62.101.67 was blocked for 600 second(s).
Active Response that started at 11/05/2008 18:37:08 is disengaged. The traffic from IP address 66.232.126.192 was blocked for 600 second(s).
More like what is listed above.
Full Version: HTTP Fake Scan Webpage
Hi Zephyr,
Let's start here. Please make sure system restore is on.
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes.
Let's start here. Please make sure system restore is on.
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
- Make sure you are connected to the Internet.
- Double-click on mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- If an update is found, the program will automatically update itself.
- Press the OK button to close that box and continue.
- If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes.
Good Morning, Rigel:
Thank You, Thank You, Oh Thank You!!!!
Malwarebytes Anti-Malware did the trick. followed your isntructions to the letter! Oh Thank You So Much!!!!!! Below is the report from MBAM:
Malwarebytes' Anti-Malware 1.30
Database version: 1368
Windows 6.0.6001 Service Pack 1
11/6/2008 7:00:19 AM
mbam-log-2008-11-06 (07-00-19).txt
Scan type: Quick Scan
Objects scanned: 58835
Time elapsed: 4 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Oblivious55\AppData\Local\Temp\~tmpa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Oblivious55\AppData\Local\Temp\xxx5444.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Oblivious55\AppData\Local\Temp\~tmpb.exe (Trojan.FakeAlert) -> Delete on reboot.
Thank You, Thank You, Oh Thank You!!!!
Malwarebytes Anti-Malware did the trick. followed your isntructions to the letter! Oh Thank You So Much!!!!!! Below is the report from MBAM:Malwarebytes' Anti-Malware 1.30
Database version: 1368
Windows 6.0.6001 Service Pack 1
11/6/2008 7:00:19 AM
mbam-log-2008-11-06 (07-00-19).txt
Scan type: Quick Scan
Objects scanned: 58835
Time elapsed: 4 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Oblivious55\AppData\Local\Temp\~tmpa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Oblivious55\AppData\Local\Temp\xxx5444.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Oblivious55\AppData\Local\Temp\~tmpb.exe (Trojan.FakeAlert) -> Delete on reboot.
Welcome back...
Let's continue with the following steps...
Please update and rerun Malwarebytes. Be sure to reboot immediately following the scan. After the reboot, grab the log and post it here. Next:
Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
Double-click ATF-Cleaner.exe to run the program.
Scan with SUPERAntiSpyware as follows:
Let's continue with the following steps...
Please update and rerun Malwarebytes. Be sure to reboot immediately following the scan. After the reboot, grab the log and post it here. Next:
Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
- Double-click SUPERAntiSypware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
- Under the "Configuration and Preferences", click the Preferences... button.
- Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
- Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Click the "Close" button to leave the control center screen and exit the program.
- Do not run a scan just yet.
Double-click ATF-Cleaner.exe to run the program.
- Under Main "Select Files to Delete" choose: Select All.
- Click the Empty Selected button.
- If you use Firefox browser click Firefox at the top and choose: Select All
- Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt. - If you use Opera browser click Opera at the top and choose: Select All
- Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt. - Click Exit on the Main menu to close the program.
Scan with SUPERAntiSpyware as follows:
- Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes" and reboot normally.
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Click Close to exit the program.
Hi Rigel:
Again, Thank You So Very Much for your expertise in decontaminating my system of the nasty Zlok and others. Below are the results of the second scan after updating MBAM.
Malwarebytes' Anti-Malware 1.30
Database version: 1370
Windows 6.0.6001 Service Pack 1
11/6/2008 5:56:19 PM
mbam-log-2008-11-06 (17-56-19).txt
Scan type: Quick Scan
Objects scanned: 49290
Time elapsed: 5 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Now on to continue your second set of instructions after reboot.
Again, Thank You So Very Much for your expertise in decontaminating my system of the nasty Zlok and others. Below are the results of the second scan after updating MBAM.
Malwarebytes' Anti-Malware 1.30
Database version: 1370
Windows 6.0.6001 Service Pack 1
11/6/2008 5:56:19 PM
mbam-log-2008-11-06 (17-56-19).txt
Scan type: Quick Scan
Objects scanned: 49290
Time elapsed: 5 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Now on to continue your second set of instructions after reboot.
The 0's look great. Let's see was SuperAntiSpyware shows
Good Morning, Rigel:
The last steps of your instructions took all night, but finally the results are posted below:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/07/2008 at 06:48 AM
Application Version : 4.21.1004
Core Rules Database Version : 3625
Trace Rules Database Version: 1609
Scan type : Complete Scan
Total Scan Time : 12:12:26
Memory items scanned : 857
Memory threats detected : 0
Registry items scanned : 8694
Registry threats detected : 0
File items scanned : 1184307
File threats detected : 358
Trojan,.Dropper/XXX-Gen
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
If you have a response, I will check in upon returning home from work. Again, Thank You for all your assistance and patience. YOU ARE AWESOME and so is Bleepingcomputer.com. I bow gracefully to all of you.
The last steps of your instructions took all night, but finally the results are posted below:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/07/2008 at 06:48 AM
Application Version : 4.21.1004
Core Rules Database Version : 3625
Trace Rules Database Version: 1609
Scan type : Complete Scan
Total Scan Time : 12:12:26
Memory items scanned : 857
Memory threats detected : 0
Registry items scanned : 8694
Registry threats detected : 0
File items scanned : 1184307
File threats detected : 358
Trojan,.Dropper/XXX-Gen
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\APPDATA\LOCAL\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\APPLICATION DATA\TEMP\XXX7176.EXE
C:\DOCUMENTS AND SETTINGS\OBLIVIOUS55\LOCAL SETTINGS\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
C:\USERS\OBLIVIOUS55\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\TEMP\XXX7176.EXE
If you have a response, I will check in upon returning home from work. Again, Thank You for all your assistance and patience. YOU ARE AWESOME and so is Bleepingcomputer.com. I bow gracefully to all of you.
Thank you very much for the kind words!
We need to rerun SuperAntispyware to see what shows back up. Please post the results. Then another scan, this one on-line.
Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
We need to rerun SuperAntispyware to see what shows back up. Please post the results. Then another scan, this one on-line.
Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
Good Morning Rigel:
The latest scan finally completed after 10 hours of running. Please see results below. Now on to your latest instructions using F-Secure.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/08/2008 at 04:00 AM
Application Version : 4.21.1004
Core Rules Database Version : 3625
Trace Rules Database Version: 1609
Scan type : Complete Scan
Total Scan Time : 10:32:39
Memory items scanned : 880
Memory threats detected : 0
Registry items scanned : 8693
Registry threats detected : 0
File items scanned : 1033618
File threats detected : 81
Adware.Tracking Cookie
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\oblivious55@ad.yieldmanager[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\oblivious55@doubleclick[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\oblivious55@media6degrees[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@atdmt[2].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@realmedia[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificclick[2].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@www.googleadservices[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@atdmt[2].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@realmedia[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@specificclick[2].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@www.googleadservices[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@atdmt[2].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@realmedia[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@specificclick[2].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@www.googleadservices[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@atdmt[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@realmedia[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificclick[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@www.googleadservices[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@atdmt[2].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@realmedia[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@specificclick[2].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@www.googleadservices[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@atdmt[2].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@realmedia[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@specificclick[2].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@www.googleadservices[1].txt
The latest scan finally completed after 10 hours of running. Please see results below. Now on to your latest instructions using F-Secure.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/08/2008 at 04:00 AM
Application Version : 4.21.1004
Core Rules Database Version : 3625
Trace Rules Database Version: 1609
Scan type : Complete Scan
Total Scan Time : 10:32:39
Memory items scanned : 880
Memory threats detected : 0
Registry items scanned : 8693
Registry threats detected : 0
File items scanned : 1033618
File threats detected : 81
Adware.Tracking Cookie
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\oblivious55@ad.yieldmanager[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\oblivious55@doubleclick[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\oblivious55@media6degrees[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@atdmt[2].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@realmedia[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificclick[2].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@www.googleadservices[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@atdmt[2].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@realmedia[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@specificclick[2].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@www.googleadservices[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@atdmt[2].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@realmedia[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@specificclick[2].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Oblivious55\Cookies\Low\oblivious55@www.googleadservices[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@atdmt[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@realmedia[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificclick[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@www.googleadservices[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@atdmt[2].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@realmedia[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@specificclick[2].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Users\Oblivious55\Application Data\Microsoft\Windows\Cookies\Low\oblivious55@www.googleadservices[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@ads.pointroll[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@atdmt[2].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@eaeacom.112.2o7[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@maxis.112.2o7[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@questionmarket[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@realmedia[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@specificclick[2].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@specificmedia[2].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@warnerbros.112.2o7[1].txt
C:\Users\Oblivious55\Cookies\Low\oblivious55@www.googleadservices[1].txt
Sounds great. Let's see 0's
Hi Rigel:
Since our last correspondence, I have continuously attempted to run F-Secure, but to no avail. Each time I run the program it runs for 8+ hours then suddenly Internet Explorer closes with no fore-warning. Tonight I started from the beginning following your instructions but have not yet attempted to run F-Secure.
After updating and running MBAM and the results were clean with all zeros and no malicious items detected. SUPERAntiSpyware was updated, closed, restarted in Safe Mode, and ran ATF-Cleaner receiving a pristine report. Upon running SUPERAntiSpyware again for "Harmful Software" the following results were presented:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/10/2008 at 07:17 PM
Application Version : 4.21.1004
Core Rules Database Version : 3629
Trace Rules Database Version: 1613
Scan type : Complete Scan
Total Scan Time : 01:21:17
Memory items scanned : 281
Memory threats detected : 0
Registry items scanned : 8790
Registry threats detected : 0
File items scanned : 170954
File threats detected : 39
Adware.Tracking Cookie
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ad.yieldmanager[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@adrevolver[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ads.pointroll[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@advertising[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@apmebf[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@atdmt[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@bravenet[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@bs.serving-sys[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@casalemedia[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@dynamic.media.adrevolver[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ehg-kodak.hitbox[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ehg-spherion.hitbox[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@fastclick[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@hitbox[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@hotlog[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@insightexpressai[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@kontera[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@media.adrevolver[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@optimize.indieclick[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@questionmarket[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@realmedia[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@revsci[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@serving-sys[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@sexysims2[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificclick[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificmedia[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@www.burstnet[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@zedo[1].txt
.doubleclick.net [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.advertising.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.advertising.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.advertising.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.advertising.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.advertising.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.atdmt.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
media.adrevolver.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
System Restore is engaged. What do I do from here? Thanks for all you have done and for being so patient.
Since our last correspondence, I have continuously attempted to run F-Secure, but to no avail. Each time I run the program it runs for 8+ hours then suddenly Internet Explorer closes with no fore-warning. Tonight I started from the beginning following your instructions but have not yet attempted to run F-Secure.
After updating and running MBAM and the results were clean with all zeros and no malicious items detected. SUPERAntiSpyware was updated, closed, restarted in Safe Mode, and ran ATF-Cleaner receiving a pristine report. Upon running SUPERAntiSpyware again for "Harmful Software" the following results were presented:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/10/2008 at 07:17 PM
Application Version : 4.21.1004
Core Rules Database Version : 3629
Trace Rules Database Version: 1613
Scan type : Complete Scan
Total Scan Time : 01:21:17
Memory items scanned : 281
Memory threats detected : 0
Registry items scanned : 8790
Registry threats detected : 0
File items scanned : 170954
File threats detected : 39
Adware.Tracking Cookie
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ad.yieldmanager[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@adopt.specificclick[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@adrevolver[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ads.pointroll[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@advertising[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@apmebf[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@atdmt[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@bravenet[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@bs.serving-sys[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@casalemedia[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@doubleclick[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@dynamic.media.adrevolver[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ehg-kodak.hitbox[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@ehg-spherion.hitbox[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@fastclick[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@hitbox[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@hotlog[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@imrworldwide[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@insightexpressai[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@kontera[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@media.adrevolver[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@optimize.indieclick[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@questionmarket[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@realmedia[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@revsci[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@serving-sys[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@sexysims2[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificclick[2].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@specificmedia[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@www.burstnet[1].txt
C:\Users\Oblivious55\AppData\Roaming\Microsoft\Windows\Cookies\Low\oblivious55@zedo[1].txt
.doubleclick.net [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.advertising.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.advertising.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.advertising.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.advertising.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.advertising.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
.atdmt.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
media.adrevolver.com [ C:\Users\Oblivious55\AppData\Roaming\MozillaControl\profiles\MozillaControl\xqxvv4y4.slt\cookies.txt ]
System Restore is engaged. What do I do from here? Thanks for all you have done and for being so patient.
Hi Zephyr5,
Is that message gone? How is your computer running now?
Let's try Kaspersky Online scan
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.Click OK Now under select a target to scan: This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Save the file to your desktop. Copy and paste that information in your next post.
QUOTE
The message states: You have a security problem, then asks if I want to scan the computer; and continuously pops up every few seconds. . I do not know what my son was doing when this issue presented itself [I will ask him when he returns home], or if he was utilizing an application.
Is that message gone? How is your computer running now?
Let's try Kaspersky Online scan
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
- Select My Computer
- Now click on the Save as Text button:
Hi Rigel:
I re-tried running F-Secure, this time the scan was successful: Below are the results.
Scanning Report
Monday, November 10, 2008 19:58:15 - 21:29:23
Computer name: ZITHQWAGXYLOZEP
Scanning type: Scan target for malware, rootkits
Target: C:\
--------------------------------------------------------------------------------
Result: 1 malware found
TrackingCookie.Webtrends (spyware)
System
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 60578
System: 4887
Not scanned: 26
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\IB2
C:\WINDOWS\TEMP\IB3
C:\WINDOWS\TEMP\IB4
C:\WINDOWS\TEMP\IB5
C:\WINDOWS\TEMP\IB6
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\279DB2244A5831D2087E811285D5F142_B177CBA6-B44D-4F84-9967-4D3BB8A3DDB3
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85347FCFEC04FE2C9721406264B319BC_B177CBA6-B44D-4F84-9967-4D3BB8A3DDB3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\279DB2244A5831D2087E811285D5F142_B177CBA6-B44D-4F84-9967-4D3BB8A3DDB3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85347FCFEC04FE2C9721406264B319BC_B177CBA6-B44D-4F84-9967-4D3BB8A3DDB3
C:\BOOT\BCD
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Hydra: 2.8.8110, 2008-11-11
F-Secure Pegasus: 1.20.0, 2008-10-09
F-Secure AVP: 7.0.171, 2008-11-10
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
I see you responded to my earlier message. Should I continue and follow your latest instructions? You Are Wonderful!!!! Thanks for your patience and expertise.
Zephyr
I re-tried running F-Secure, this time the scan was successful: Below are the results.
Scanning Report
Monday, November 10, 2008 19:58:15 - 21:29:23
Computer name: ZITHQWAGXYLOZEP
Scanning type: Scan target for malware, rootkits
Target: C:\
--------------------------------------------------------------------------------
Result: 1 malware found
TrackingCookie.Webtrends (spyware)
System
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 60578
System: 4887
Not scanned: 26
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\IB2
C:\WINDOWS\TEMP\IB3
C:\WINDOWS\TEMP\IB4
C:\WINDOWS\TEMP\IB5
C:\WINDOWS\TEMP\IB6
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\279DB2244A5831D2087E811285D5F142_B177CBA6-B44D-4F84-9967-4D3BB8A3DDB3
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85347FCFEC04FE2C9721406264B319BC_B177CBA6-B44D-4F84-9967-4D3BB8A3DDB3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\279DB2244A5831D2087E811285D5F142_B177CBA6-B44D-4F84-9967-4D3BB8A3DDB3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85347FCFEC04FE2C9721406264B319BC_B177CBA6-B44D-4F84-9967-4D3BB8A3DDB3
C:\BOOT\BCD
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Hydra: 2.8.8110, 2008-11-11
F-Secure Pegasus: 1.20.0, 2008-10-09
F-Secure AVP: 7.0.171, 2008-11-10
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
I see you responded to my earlier message. Should I continue and follow your latest instructions? You Are Wonderful!!!! Thanks for your patience and expertise.
Zephyr
How are things running?
Hi
Kaspersky is currently running. I want to say I have referred my "computer" friends to Bleepingcomputer.com, letting them know how you have gone above and beyond the call of duty to assist me in cleaning up my computer; and that you are friendly, understanding, patient, and very people-oriented. I am so extremely happy and satisfied to have found Bleepingcomputer.com. I can not Thank You enough for all you have done.
Should I post the results when the scan is complete?
Kaspersky is currently running. I want to say I have referred my "computer" friends to Bleepingcomputer.com, letting them know how you have gone above and beyond the call of duty to assist me in cleaning up my computer; and that you are friendly, understanding, patient, and very people-oriented. I am so extremely happy and satisfied to have found Bleepingcomputer.com. I can not Thank You enough for all you have done.
Should I post the results when the scan is complete?
You made me smile 
Thank you Zephyr.
Yes go ahead and post the Kaspersky results. We will go from there.
Thank you Zephyr. Yes go ahead and post the Kaspersky results. We will go from there.
Good Morning, Rigel:
Below are the results of the Kaspersky scan results.
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe <html><a href='http://www.viruslist.com/en/find?search_mode=virus&words=not-a-virus:Downloader.Win32.ImLoader.c'>not-a-virus:Downloader.Win32.ImLoader.c</a></html> 1
C:\Program Files\Magentic\bin\magentic_install.exe <html><a href='http://www.viruslist.com/en/find?search_mode=virus&words=not-a-virus:Downloader.Win32.ImLoader.f'>not-a-virus:Downloader.Win32.ImLoader.f</a></html> 1
IncrediMail is an e-mail application I have been using for years. Magnetic is an IncrediMail screensaver program.
Once the scan was complete, there was no option in Kaspersky to clean the two items.
Oops, the above report was for Critical Areas, a scan is now running for My Computer. Sorry
Zephyr
Below are the results of the Kaspersky scan results.
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe <html><a href='http://www.viruslist.com/en/find?search_mode=virus&words=not-a-virus:Downloader.Win32.ImLoader.c'>not-a-virus:Downloader.Win32.ImLoader.c</a></html> 1
C:\Program Files\Magentic\bin\magentic_install.exe <html><a href='http://www.viruslist.com/en/find?search_mode=virus&words=not-a-virus:Downloader.Win32.ImLoader.f'>not-a-virus:Downloader.Win32.ImLoader.f</a></html> 1
IncrediMail is an e-mail application I have been using for years. Magnetic is an IncrediMail screensaver program.
Once the scan was complete, there was no option in Kaspersky to clean the two items.
Oops, the above report was for Critical Areas, a scan is now running for My Computer. Sorry
Zephyr
Those two items may be false positives.
You can upload the two files to http://www.virustotal.com/
Virustotal is designed to check indiviual files.
Thanks Zephyr,
rigel
You can upload the two files to http://www.virustotal.com/
Virustotal is designed to check indiviual files.
Thanks Zephyr,
rigel
Hi Rigel:
Sorry for the delay in posting the results from Kaspersky, I was away from home. The results are listed below:
M:\New Folder (2)\New Folder\Require Virus Scan\Password Reminder setup.exe not-a-virus:PSWTool.Win32.Pwdspyhk.a
K:\Utilities 8-10-07\Product Key Recoverers\Magic Jelly Bean KeyFinder\kf151.zip not-a-virus:PSWTool.Win32.RAS.a
K:\Utilities 8-10-07\Product Key Recoverers\Magic Jelly Bean KeyFinder\kf151.zip not-a-virus:PSWTool.Win32.RAS.g
K:\Utilities 2008\Wireless Key View\wirelesskeyview.zip not-a-virus:PSWTool.Win32.Messen.n
K:\Utilities 2008\Wireless Key View\wirelesskeyview\WirelessKeyView.exe not-a-virus:PSWTool.Win32.Messen.n
K:\TruthbookQOD2006.zip Trojan-Dropper.Win32.Delf.bci
K:\Incredimail\Upgrades\11-21-2007\incredimail_install.exe not-a-virus:Downloader.Win32.ImLoader.e
K:\Hold Items 2-13-08\WirelessKeyView.exe not-a-virus:PSWTool.Win32.Messen.n
C:\Users\Oblivious55\Downloads\magentic_install.exe not-a-virus:Downloader.Win32.ImLoader.f
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200003\5932FF7A.VBN Trojan-Downloader.Win32.Zlob.abum
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17BC0002\5FBFB871.VBN Trojan-Downloader.HTML.IFrame.o
1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200002\5932FF49.VBN Trojan-Downloader.Win32.Zlob.abum
1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200001\5932FEE1.VBN Trojan-Downloader.Win32.Zlob.abum
1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17BC0002\5FBFB871.VBN Trojan-Downloader.HTML.IFrame.o
1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200003\5932FF7A.VBN Trojan-Downloader.Win32.Zlob.abum
1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200002\5932FF49.VBN Trojan-Downloader.Win32.Zlob.abum
1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200001\5932FEE1.VBN Trojan-Downloader.Win32.Zlob.abum
1
C:\Program Files\Magentic\bin\magentic_install.exe not-a-virus:Downloader.Win32.ImLoader.f
1
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe not-a-virus:Downloader.Win32.ImLoader.c
1
I apologize for the format, but Kaspersky for some reason would not save the scan results as a *.txt or *.htm/html file.
Sorry for the delay in posting the results from Kaspersky, I was away from home. The results are listed below:
M:\New Folder (2)\New Folder\Require Virus Scan\Password Reminder setup.exe not-a-virus:PSWTool.Win32.Pwdspyhk.a
K:\Utilities 8-10-07\Product Key Recoverers\Magic Jelly Bean KeyFinder\kf151.zip not-a-virus:PSWTool.Win32.RAS.a
K:\Utilities 8-10-07\Product Key Recoverers\Magic Jelly Bean KeyFinder\kf151.zip not-a-virus:PSWTool.Win32.RAS.g
K:\Utilities 2008\Wireless Key View\wirelesskeyview.zip not-a-virus:PSWTool.Win32.Messen.n
K:\Utilities 2008\Wireless Key View\wirelesskeyview\WirelessKeyView.exe not-a-virus:PSWTool.Win32.Messen.n
K:\TruthbookQOD2006.zip Trojan-Dropper.Win32.Delf.bci
K:\Incredimail\Upgrades\11-21-2007\incredimail_install.exe not-a-virus:Downloader.Win32.ImLoader.e
K:\Hold Items 2-13-08\WirelessKeyView.exe not-a-virus:PSWTool.Win32.Messen.n
C:\Users\Oblivious55\Downloads\magentic_install.exe not-a-virus:Downloader.Win32.ImLoader.f
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200003\5932FF7A.VBN Trojan-Downloader.Win32.Zlob.abum
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17BC0002\5FBFB871.VBN Trojan-Downloader.HTML.IFrame.o
1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200002\5932FF49.VBN Trojan-Downloader.Win32.Zlob.abum
1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200001\5932FEE1.VBN Trojan-Downloader.Win32.Zlob.abum
1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17BC0002\5FBFB871.VBN Trojan-Downloader.HTML.IFrame.o
1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200003\5932FF7A.VBN Trojan-Downloader.Win32.Zlob.abum
1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200002\5932FF49.VBN Trojan-Downloader.Win32.Zlob.abum
1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10200001\5932FEE1.VBN Trojan-Downloader.Win32.Zlob.abum
1
C:\Program Files\Magentic\bin\magentic_install.exe not-a-virus:Downloader.Win32.ImLoader.f
1
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe not-a-virus:Downloader.Win32.ImLoader.c
1
I apologize for the format, but Kaspersky for some reason would not save the scan results as a *.txt or *.htm/html file.
Welcome back Zephyr!
What are drives K and M?
What are drives K and M?
Good Morning Rigel:
I apologize for drives K and M which are external hard drives. I neglected to uncheck the drives before running the scan.
I apologize for drives K and M which are external hard drives. I neglected to uncheck the drives before running the scan.
I would just like to say thank you very much for this post guys.
I have been looking for a long time for this solution, will help me fix my partners laptop.
Once a again thank you very much.
I have been looking for a long time for this solution, will help me fix my partners laptop.
Once a again thank you very much.
Just had the same thing happen.... dled the malware program you mentioned.
Heres the report:
Malwarebytes' Anti-Malware 1.31
Database version: 1472
Windows 5.1.2600 Service Pack 2
12/7/2008 7:33:43 PM
mbam-log-2008-12-07 (19-33-43).txt
Scan type: Quick Scan
Objects scanned: 60613
Time elapsed: 11 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SSSInstaller (Adware.Comet) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\yyy6719.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> Delete on reboot.
Be back after reboot.
Heres the report:
Malwarebytes' Anti-Malware 1.31
Database version: 1472
Windows 5.1.2600 Service Pack 2
12/7/2008 7:33:43 PM
mbam-log-2008-12-07 (19-33-43).txt
Scan type: Quick Scan
Objects scanned: 60613
Time elapsed: 11 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SSSInstaller (Adware.Comet) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\yyy6719.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> Delete on reboot.
Be back after reboot.
Back... all seems good again.
Thanks.
Malwarebytes' Anti-Malware 1.31
Database version: 1472
Windows 5.1.2600 Service Pack 2
12/7/2008 8:00:44 PM
mbam-log-2008-12-07 (20-00-44).txt
Scan type: Quick Scan
Objects scanned: 60036
Time elapsed: 11 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Thanks.
Malwarebytes' Anti-Malware 1.31
Database version: 1472
Windows 5.1.2600 Service Pack 2
12/7/2008 8:00:44 PM
mbam-log-2008-12-07 (20-00-44).txt
Scan type: Quick Scan
Objects scanned: 60036
Time elapsed: 11 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.