Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan infection


  • Please log in to reply
20 replies to this topic

#1 confused girl

confused girl

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 21 December 2009 - 06:16 PM

Hi there.

I have been advised by a tech guy at Kaspersky that i have one or more viruses and he sent me instructions on how to fix the problem. His instructions suggested that I use the Kaspersky Virus removal tool (I have done that) and also try Combifix, but after reading the instructions for Combofix, I am unwilling to proceed without help from more knowledgeable people. Please advise how best to proceed.

Thank you.

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 21 December 2009 - 06:22 PM

Hello and welcome to Bleeping Computer. My name is Computer Pro and I will be helping you with your issue.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. Then bullet the immediate notification bubble. Finally, press submit.



Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


If Malwarebytes won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Computer Pro

#3 confused girl

confused girl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 21 December 2009 - 06:42 PM

Thank you, i am running the scan now.

If I have to reboot, should I do it in safe mode?

Edited by confused girl, 21 December 2009 - 06:46 PM.


#4 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 21 December 2009 - 06:44 PM

I will be waiting for the log.
Computer Pro

#5 confused girl

confused girl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 21 December 2009 - 07:53 PM

Computer Pro,

Thank you again for your help. I followed the instructions to remove items and restarted my computer. Here is the log from Malwarebytes:

Malwarebytes' Anti-Malware 1.42
Database version: 3406
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/21/2009 6:39:56 PM
mbam-log-2009-12-21 (18-39-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 287121
Time elapsed: 50 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Confused Girl

#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 21 December 2009 - 10:07 PM

Can you please tell me what makes you think you have a a virus?

And then:

Please run ATF and SAS:

Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note 2: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware, Free Home Edition

Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.



Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
Computer Pro

#7 confused girl

confused girl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 21 December 2009 - 11:54 PM

Computer pro,

I was concerned about a virus because my Kaspersky scan revealed presence of Trojan virus. I responded to all prompts, but reports showed that some virus entries/descriptions were not quarantined, but the "object was not found".

After that I had a steady (it never went away from my tray) red shield alert from windows security center. According to the alert, my kaspersky wasn't turned on. I kept trying to turn it on from there (the "on button") and got a message from the computer,asking whether ok to run the program (I said yes), but it never showed that it was turned on. MEanwhile, the KAspersky symbol was still in my tray and seemed to scan, but the detected "Viruses" that previously showed up in the report never showed up again. ALso, a safari vulnerability that I have had for several weeks (no fix yet available when I clicked on the vulnerabiltiy) stopped appearing also.

All this made me nervous that something was going on. I started working with KAspersky live chat to investigate. He sent me an email, but the "solutions" to the described problems didn't fit my facts, so I picked the "solution" that best seemed to fit my situation, and ran KAspersky's AVZ utility. See my email to him, below:

Christian,

Since none of the situations described in your email fit my situation exactly, I am just trying to make sure that I don't have a virus, but am not experiencing problems other than a windows warning/alert on my system (not a pop-up when I'm on the net) that Kaspersky is not running and I'm unable to turn it on with the prompts, I ran the AVZ utility to see if there is malware on my computer. Per the instructions, I am sending the files to you to determine whether there are problems and whether further action is necessary.
I look forward to hearing from you and hope there are no problems.

The KAspersky tech guy then told me to run getsysteminfo and send him the report. I did. This morning, he advised that my computer is infected, and instructed me to:
(i) delete the temp files;
(ii) run in safe mode;
(iii) download and run kavremover10.zip and remove KAspersky (I did);
(iv) then try the Kaspersky virus remover tool (Download: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ Directions: http://support.kaspersky.com/viruses/avptool ) (I did) AND try to use other 3rd party software to remove the malware like Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix#intro).

When I read the instructions for combofix, I became hesitant (actually scared to death) to proceed without help from bleeping computer, which is why I posted my request for help, to which you responded.

Shall i run ATF and SAS now, or wait to hear back from you while you are reviewing this background info?

confused girl

#8 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 22 December 2009 - 12:18 AM

I think that I have a pretty firm grasp on the situation. Go ahead and run SAS.
Computer Pro

#9 confused girl

confused girl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 22 December 2009 - 12:39 AM

ok, thanks

#10 confused girl

confused girl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 22 December 2009 - 12:54 AM

I downloaded both ATF Cleaner and SAS, but i didn't come across scanner options with the opportunity to check options (Close browser, etc. as per your earlier repsonse. It took me through some wizards and started the scan. the browser is not closed. Is this a problem?

#11 confused girl

confused girl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 22 December 2009 - 01:49 AM

Computer Pro,

Here is the log from SUPER:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/22/2009 at 00:36 AM

Application Version : 4.32.1000

Core Rules Database Version : 4401
Trace Rules Database Version: 2235

Scan type : Complete Scan
Total Scan Time : 00:45:51

Memory items scanned : 795
Memory threats detected : 0
Registry items scanned : 6594
Registry threats detected : 0
File items scanned : 37742
File threats detected : 246

Adware.Tracking Cookie
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@content.yieldmanager[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@findlaw[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@advertising[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@www.hrsaccount[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@questionmarket[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@tribalfusion[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@eas.apm.emediate[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@yadro[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@apmebf[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@at.atwola[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@atdmt[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@collective-media[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@pointroll[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@content.yieldmanager[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@kaspersky.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ads.pointroll[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@mediaplex[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ads.bleepingcomputer[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@doubleclick[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad.yieldmanager[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@kiplinger.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@media.legacy[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ehg-ti.hitbox[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@sitestat.mayoclinic[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.accountonline[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@counter.surfcounters[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@track.bestbuy[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.gamersmedia[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@hearstmagazines.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.clickmanage[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@casalemedia[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@statse.webtrendslive[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.lycos[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@amfam.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@questionmarket[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@tracking.dc-storm[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@cdn4.specificclick[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.cnn[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@dmtracker[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.yieldmanager[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@microsoftwindows.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@telefloracom.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@adserver.adtechus[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@statse.webtrendslive[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.sun[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.yieldmanager[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@data.coremetrics[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@tribalfusion[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@overture[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@overture[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@answerstv.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.cnn[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.gamesbannernet[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ipcmedia.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@realmedia[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@login.tracking101[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@serving-sys[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@clicksor[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@fastclick[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@2o7[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@edge.ru4[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@network.realmedia[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@media6degrees[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@yieldmanager[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ru4[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@stats.adbrite[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@msnportal.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@mediaplex[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ehg-i21.hitbox[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.thehorse[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@kontera[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@cgm.adbureau[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@hitbox[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@insightexpressai[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@pview.findlaw[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@harpo.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.socialtrack[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@microsoftinternetexplorer.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@mediaplex[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.socialtrack[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@roiservice[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@americanheart.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@iacas.adbureau[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@greatgamesexperiment[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.burstbeacon[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.forum-email[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@tracking.sokrati[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@doubleclick[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@viaviralvideo.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@countryinns[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@doubleclick[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@qnsr[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@a1.interclick[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@bestbuy.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@bluestreak[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@intermundomedia[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@midwest-arbitrator-mediator[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@cb.adbureau[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www5.addfreestats[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.googleadservices[6].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.googleadservices[5].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.googleadservices[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.googleadservices[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.googleadservices[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.googleadservices[7].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@media.adfrontiers[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@pointroll[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.pointroll[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@interclick[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@lucidmedia[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@stats.gamestop[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@interclick[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@adinterax[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@beacon.dmsinsights[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@findarticles[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ehg-aig.hitbox[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@adecn[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@hookedmediagroup[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@adtech[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@marketlive.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@leeenterprises.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.hrsaccount[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@adlegend[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@hearstugo.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@kaspersky.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@server.iad.liveperson[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@northwestairlines.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@link.mercent[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@superstats[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@atdmt[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@eyewonder[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@server.iad.liveperson[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@media.adrevolver[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@yellowpages.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@server.iad.liveperson[4].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.insightexpress[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.insightexpress[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@imrworldwide[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@atdmt[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@collective-media[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@counter.hitslink[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@server.iad.liveperson[5].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@marthastewart.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.clonesgame[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@trafficdashboard[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@cratebarrel.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@myroitracking[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@statcounter[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@stat.dealtime[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@smartadserver[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@highbeam.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@marriottinternational.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@mkt10.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@msnbc.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@condenast.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@specificclick[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@specificclick[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.jartrack[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.ad4game[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@tripod[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@lp.findlaw[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@chicagosuntimes.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@adrevolver[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.wsod[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@specificmedia[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@tacoda[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@tacoda[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@adbrite[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@server.cpmstar[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@qualityadnetwork[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.findlaw[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@media2.gamook[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@revsci[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.burstnet[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@chitika[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.gamesfree[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@at.atwola[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@xiti[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ehg-findlaw.hitbox[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@nintendo.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@zedo[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@richmedia.yahoo[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@invitemedia[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@borders.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@nextag[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@microsoftwlcashback.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@accountonline[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@potpourrigroup.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.undertone[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@tripod.lycos[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@at.atwola[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.countryinns[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@bs.serving-sys[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@burstnet[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@zedo[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@zedo[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@perf.overture[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@oasn04.247realmedia[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@advertising[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@247realmedia[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@oasn03.247realmedia[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@advertising[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@lfstmedia[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@traveladvertising[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@shopping.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@media.mtvnservices[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@media.mtvnservices[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@web4.realtracker[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@findlaw[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@msnbc.com.112.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@viacom.adbureau[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@rotator.adjuggler[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@sales.liveperson[5].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@trafficmp[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@burstbeacon[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@sales.liveperson[4].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@sales.liveperson[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@sales.liveperson[6].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@sales.liveperson[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@viacom.adbureau[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@clickshift[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@trafficmp[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@media.photobucket[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@content.yieldmanager[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@content.yieldmanager[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@petmeds.db.advertising[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@apmebf[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@apmebf[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@webads.hookedmediagroup[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@videoegg.adbureau[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@eas.apm.emediate[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.visitor-track[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@pro-market[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@adtracker.americantowns[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@revenue[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.bridgetrack[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@stats.townnews[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@paulfredrick.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@videoegg.adbureau[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@alliancedata.122.2o7[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@sales.liveperson[8].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@sales.liveperson[7].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@atwola[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@atwola[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@tacoda[1].txt

Again, many, many thanks for your help and suggestions.

confused girl

#12 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 22 December 2009 - 11:42 AM

How are things running now?
Computer Pro

#13 confused girl

confused girl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 22 December 2009 - 02:03 PM

I think things are ok, but will reload kaspersky and run a scan to see if the alert shield finally goes away. Do I need to use CCleaner before i reinstall?

Again, many,many thanks for your help.

Edited by confused girl, 22 December 2009 - 02:04 PM.


#14 confused girl

confused girl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 22 December 2009 - 02:48 PM

Computer pro,

I have reloaded kaspersky and am running a scan now. the Windows red shield alert is finally gone. I think things are ok and CAN'T THANK YOU enough.

Confused girl

#15 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 22 December 2009 - 03:22 PM

Please let me know how the scan went.
Computer Pro




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users