Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie6 Opening Other Ie6 Windows


  • Please log in to reply
12 replies to this topic

#1 AustinSS

AustinSS

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 02 September 2008 - 06:30 PM

I'm new here and we have a problem with family computer.

Windows XP
IE6

I have been chasing several problems but this last one has me stuck. I believe when my son went to a school website and caught something. Since then when we first open IE it seems normal. When we go one of the favorites instead of it loading into the current IE windows it tries to open another IE window. The CPU pegs. I can open the process window and sometimes see several IEXPORER process running. When I can end the process the system returns to normal.

Here is a typical line from McAfee log:

9/2/2008 6:23:43 PM Blocked by Access Protection rule RODRIGUEZFAMILY\Jose E. Rodriguez C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe \REGISTRY\USER\S-1-5-21-583907252-884357618-725345543-1004\Software\Microsoft\Internet Explorer\Main\First Home Page Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings Action blocked : Create

Here is a typical line from Spybot (1.6.0) log

9/2/2008 6:24:38 PM Denied (based on user blacklist) value "First Home Page" (new data: "") deleted in Browser page!

Sypbot was asking I should allow registry change for the above item and I denied the change.

Thank you for your assistance.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:38 AM

Posted 03 September 2008 - 07:09 AM

Hi AustinSS

Welcome to BleepingComputer

I have been using Spybot for a long long time, but quit using teatimer a few years ago for just this kind of reason. It looks like McAfee and teatimer are getting into a conflict with duplicate protection.

This often makes malware removal even harder and can cause corruption in windows or IE that normal removal won't fix.



http://www.bleepingcomputer.com/forums/ind...mp;#entry932243

please use the directions from this post to install MBAM, run a scan with it and post the log please

I would like to see what kind of malware we are dealing with here if any?
Chewy

No. Try not. Do... or do not. There is no try.

#3 AustinSS

AustinSS
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 03 September 2008 - 12:42 PM

Thank you for the reply I will post the logs in the section either tonight or tomorrow night.

Thanks again!

#4 AustinSS

AustinSS
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 04 September 2008 - 08:56 PM

I have posted the logs here:

http://www.bleepingcomputer.com/forums/topic167483.html

The problem persists

Thank you again.

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:38 AM

Posted 04 September 2008 - 09:04 PM

that was the wrong place to post that log

it belogs in this thread


Da Chew here are logs from my post:

http://www.bleepingcomputer.com/forums/t/167088/ie6-opening-other-ie6-windows/

I went ahead and removed the infected items. The problem is still present.

Thanks for your help.



Malwarebytes' Anti-Malware 1.26
Database version: 1116
Windows 5.1.2600 Service Pack 2

9/4/2008 8:35:49 PM
mbam-log-2008-09-04 (20-35-49).txt

Scan type: Quick Scan
Objects scanned: 38377
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFinding (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WServing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyuserinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mscheck (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\tdcbdcasys32_080610.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdbbccasys32_080524.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mywehit.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inf\svchostc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inf\svchosts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\andt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drmgs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\SETUP.EXE (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Indt2.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\asc3550p.sys (Rootkit.Agent) -> Quarantined and deleted successfully


Chewy

No. Try not. Do... or do not. There is no try.

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:38 AM

Posted 04 September 2008 - 09:22 PM

Don't expect one pass with any one program to remove a bad infection like yours

As a matter of fact that infection shows rootkits and a few possible backdoor trojans

I would change any confidental information that was on the computer as it's no longer safe and consider a clean install
Chewy

No. Try not. Do... or do not. There is no try.

#7 AustinSS

AustinSS
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 05 September 2008 - 10:48 AM

DaChew,

Thanks for the assistance. Should I copy our personnel data to an external hard drive and reformat the internal hard drive and reload my system?

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:38 AM

Posted 05 September 2008 - 10:57 AM

That's your decision, if windows needed it anyway, of course I would strongly suggest it.

However after taking the proper security measures like change passwords, safeguarding any online banking or credit, I would run another updated scan with MBAM

http://www.bleepingcomputer.com/forums/ind...mp;#entry930510

and then run atf cleaner and SAS from safe mode
Chewy

No. Try not. Do... or do not. There is no try.

#9 AustinSS

AustinSS
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 06 September 2008 - 02:26 PM

Chewy,

Here are 3 scans.

The first MBAM scan was from my user area. The second MBAM scan was from the Adminstrator area while in Safe Mode. MBAM scanned more files while in Safe Mode. Probably from the second hard drive on the computer. At one time this drive was the C: drive with a system on it. I had to use the Administrator area in order for ATF to clean up all the User temp files. Otherwise it would hang. Last is the SAS scan.

No change in behavior.

Thanks again for your help.

First MBAM scan:

Malwarebytes' Anti-Malware 1.26
Database version: 1120
Windows 5.1.2600 Service Pack 2

9/6/2008 11:43:34 AM
mbam-log-2008-09-06 (11-43-34).txt

Scan type: Quick Scan
Objects scanned: 38402
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Second MBAM scan

Malwarebytes' Anti-Malware 1.26
Database version: 1120
Windows 5.1.2600 Service Pack 2

9/6/2008 12:37:33 PM
mbam-log-2008-09-06 (12-37-33).txt

Scan type: Quick Scan
Objects scanned: 66358
Time elapsed: 7 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SAS Scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/06/2008 at 01:51 PM

Application Version : 4.21.1004

Core Rules Database Version : 3555
Trace Rules Database Version: 1543

Scan type : Complete Scan
Total Scan Time : 01:09:45

Memory items scanned : 175
Memory threats detected : 0
Registry items scanned : 5268
Registry threats detected : 0
File items scanned : 42271
File threats detected : 119

Adware.180solutions/ZangoSearch
C:\Program Files\Zango Programs

Adware.Tracking Cookie
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@ad.yieldmanager[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@ads.pointroll[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@ads.bridgetrack[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@apmebf[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@a.websponsors[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@doubleclick[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@media.licenseacquisition[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@adinterax[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@insightexpress[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@interclick[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@i.screensavers[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@indexstats[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@cs.sexcounter[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@ads.awesomehouseparty[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@ads.ecrush[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@ehg-legonewyorkinc.hitbox[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@kanoodle[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@cts.metricsdirect[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@citi.bridgetrack[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@hill-country-visitor[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@adbrite[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@adserver.cheatplanet[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@linksynergy[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@ads.cartoonnetwork[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@counter.hitslink[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@anad.tacoda[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@mediaplex[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@anat.tacoda[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@ad.zanox[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@cz6.clickzs[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@cz8.clickzs[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@cz7.clickzs[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@cz3.clickzs[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@casalemedia[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@adopt.euroclick[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@as-us.falkag[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@advert.runescape[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@bs.serving-sys[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@emarketmakers[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@fastclick[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@medianewsgroup[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@ads.realtechnetwork[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@focalex[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@ads2.drivelinemedia[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@lynxtrack[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@dealtime[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@adserver2.teracent[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@2o7[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@login.tracking101[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@bannerspace[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@image.masterstats[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@nbads[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@adrevolver[3].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@atdmt[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@azjmp[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@insightexpresserdd[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@adrevolver[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@adlegend[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@adopt.specificclick[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@ads.toonamijetstream[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@adserver[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@advertising[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@amlocalhost.trymedia[1].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@clicksor[2].txt
G:\Alex Backup\Alex Rodriguez.RODRIGUEZFAMILY\Cookies\alex rodriguez@hentaicounter[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@www.consumergain[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@ehg-dig.hitbox[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@e-2dj6wfliwlcjcap.stats.esomniture[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@overture[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@ads.as4x.tmcs[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@adrevolver[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@edge.ru4[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@qnsr[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@realmedia[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@fastclick[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@adrevolver[3].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@hitbox[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@trafficvenuedirect[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@ads.as4x.tmcs.ticketmaster[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@statse.webtrendslive[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@counter.hitslink[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@media.hotels[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@valueclick[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@pt.crossmediaservices[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@atdmt[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@kanoodle[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@advertising[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@clickshift[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@ehg-fitness.hitbox[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@ehg-bizjournals.hitbox[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@media.licenseacquisition[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@icc.intellisrv[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@ehg-warnerbrothers.hitbox[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@ad.yieldmanager[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@buydiscount[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@anad.tacoda[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@sales.liveperson[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@tacoda[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@revsci[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@cts.metricsdirect[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@twci.coremetrics[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@server.iad.liveperson[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@nextag[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@2o7[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@e-2dj6wgmiajajkdp.stats.esomniture[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@findaflorist[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@burstnet[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@linksynergy[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@livenation.122.2o7[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@data.coremetrics[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@trafficmp[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@atwola[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@apmebf[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@adserver[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@tribalfusion[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@doubleclick[2].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@insightexpressai[1].txt
G:\Pat Backup\Pat Rodriguez.RODRIGUEZFAMILY\Cookies\pat rodriguez@stat.onestat[2].txt

#10 AustinSS

AustinSS
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 06 September 2008 - 03:21 PM

Chewy,

Do you think I should install XP Service Pack 3 and IE7?

Thanks.

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:38 AM

Posted 06 September 2008 - 03:34 PM

Until I was absolutely sure any malware is gone, I would not even attempt SP3

I was thinking your next move if we can't find any malware would be to either repair IE6(your need an install CD) or install IE7
Chewy

No. Try not. Do... or do not. There is no try.

#12 AustinSS

AustinSS
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 07 September 2008 - 10:47 AM

I upgraded to IE7 and all is well. I have repeated the scans and they found nothing. Unless you think there is something else I should do I'm happy.

Thank you very much for you help.

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:38 AM

Posted 07 September 2008 - 11:06 AM

Looks like you fixed it, the malware if still present would attack IE7 also, I am assuming you had collateral damage from the malware and it's removal.

:thumbsup:

But just the same keep an eye on it and rescan with different programs after using the computer for a while


Firefox with the noscript addon is much more secure than even IE7

IE6 is about as dangerous as it gets, that's why I run spybot and immunize

You are welcome on behalf of the Bleeping community

Safe surfing and hex

Edited by DaChew, 07 September 2008 - 11:07 AM.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users