Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Digital Protection


  • Please log in to reply
9 replies to this topic

#1 kjgreenie

kjgreenie

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 13 April 2010 - 02:32 PM

Hi I have this unpleasant infection! I have followed the Uninstall Guide and it worked right up to the point when I clicked 'OK' on Malwarebytes at the end of a successful scan. Before I could click on 'Show Results' Malwarebytes shut down. Any help or advice on what next please? :thumbsup:

BC AdBot (Login to Remove)

 


#2 webdr

webdr

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 13 April 2010 - 02:48 PM

Did you run it in safe mode?

#3 kjgreenie

kjgreenie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 13 April 2010 - 02:58 PM

I'm not sure how to do that and when you say it did you mean the malwarebytes

#4 webdr

webdr

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 13 April 2010 - 03:06 PM

No, i mean did you run your OS in safe mode? You can do that by pressing F8 while booting up. When a black screen comes up you can choose safe mode. Then you can run try to run MBAM again.

#5 kjgreenie

kjgreenie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 13 April 2010 - 03:16 PM

I will try this but I'm guessing I am getting to the limit of what I'm capable of and soon to be out of my depth!





Thankyou

Edited by kjgreenie, 13 April 2010 - 03:47 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:41 PM

Posted 13 April 2010 - 09:20 PM

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. Why? MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails or you cannot boot up normally. If that is the case, after completing a safe mode scan, reboot normally, update the database definitions through the program's interface (preferable method) and try rescanning again.

Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Logs are saved to the following locations:
-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
-- In Vista: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 kjgreenie

kjgreenie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 14 April 2010 - 06:48 AM

The infected computer is a work lap top (I'm working from home) which clearly does not have adequate security. I have a notebook with my own security settings and following this incident scanned it too and found nothing.

From the log below you will see it was a pretty sick computer and digital protection not its only problem

I was worried about safe mode not working fully so I just did a quick scan in safe mode (actually had to do safemode with networking due to password being a network one) and deleted the files it identified. Then I did a quick scan in normal mode to check the MBAM was now able to function without closing itself down which it was. Then I did a full scan in normal. Hence the three attached logs. I then did a full scan the log for which I have not attached as it was all clear.

Never expected to find out so much about how it all works!

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3985

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

13/04/2010 21:45:52
mbam-log-2010-04-13 (21-45-52).txt

Scan type: Quick scan
Objects scanned: 2892
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuauclt1ac.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\mosgreenki\Local Settings\Temp\xtqe6kssjr.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Local Settings\Temp\wuauclt1ac.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3985

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

13/04/2010 22:00:39
mbam-log-2010-04-13 (22-00-39).txt

Scan type: Quick scan
Objects scanned: 11935
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\mceql.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\mosgreenki\Local Settings\Temp\i723lh.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Local Settings\Temp\cwensorxam.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3985

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

13/04/2010 23:19:13
mbam-log-2010-04-13 (23-19-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 271255
Time elapsed: 1 hour(s), 17 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmarpphorxtiv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\digital protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\mosgreenki\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\mosgreenki\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMArpphorxtiv (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\mceql.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\PRAGMArpphorxtiv\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PRAGMAqgdkgjkxoa.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PRAGMAdtqpvaqspu.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PRAGMAnrniydljxu.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PRAGMAxxstuhdtje.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll (Rogue.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\mosgreenki\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:41 PM

Posted 14 April 2010 - 07:08 AM

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
-- If you cannot boot into safe mode or complete a scan, then perform your scan in normal mode.

-- If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 kjgreenie

kjgreenie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 14 April 2010 - 10:28 AM

have followed all instructions thankyou. Problem is the laptop has had several previous owners through work. have now deleted all these files having checked it out. Please find below log as requested

cheers

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/14/2010 at 03:41 PM

Application Version : 4.35.1000

Core Rules Database Version : 4804
Trace Rules Database Version: 2616

Scan type : Complete Scan
Total Scan Time : 01:19:40

Memory items scanned : 274
Memory threats detected : 0
Registry items scanned : 6044
Registry threats detected : 0
File items scanned : 82314
File threats detected : 85

Adware.Tracking Cookie
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@atdmt[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@apmebf[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@clickpayz5.91452.blueseek[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@ads.associatedcontent[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@clickpayz10.91452.blueseek[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@associatedcontent.112.2o7[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@ad.zanox[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@clickpayz3.91452.blueseek[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@content.yieldmanager[3].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@ads.bcserving[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@adserve.podaddies[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@clickpayz6.91447.blueseek[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@advertise[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@doubleclick[2].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@fastclick[2].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@clickpayz2.91452.blueseek[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@clickpayz7.91452.blueseek[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@advertising[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@content.yieldmanager[2].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@zedo[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@clickpayz10.91447.blueseek[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@ad.yieldmanager[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@smartadserver[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@clickpayz6.91452.blueseek[1].txt
C:\Documents and Settings\mosgreenki\Cookies\mosgreenki@ads.ad4game[2].txt
C:\Documents and Settings\administrator.HCAMS\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\administrator.HCAMS\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\dd\Cookies\dd@2o7[1].txt
C:\Documents and Settings\dd\Cookies\dd@atdmt[1].txt
C:\Documents and Settings\dd\Cookies\dd@msnportal.112.2o7[1].txt
C:\Documents and Settings\MoSHadleyJe\Cookies\moshadleyje@atdmt[2].txt
C:\Documents and Settings\MoSHadleyJe\Cookies\moshadleyje@doubleclick[1].txt
C:\Documents and Settings\MoSHadleyJe\Cookies\moshadleyje@msnportal.112.2o7[1].txt
C:\Documents and Settings\mosmoorehlu\Cookies\mosmoorehlu@atdmt[2].txt
C:\Documents and Settings\mosmoorehlu\Cookies\mosmoorehlu@doubleclick[1].txt
C:\Documents and Settings\mosmoorehlu\Cookies\mosmoorehlu@ehg-capitalgroup.hitbox[2].txt
C:\Documents and Settings\mosmoorehlu\Cookies\mosmoorehlu@hitbox[1].txt
C:\Documents and Settings\mosmoorehlu\Cookies\mosmoorehlu@mediaweb.musicradio[1].txt
C:\Documents and Settings\mosmoorehlu\Cookies\mosmoorehlu@msnportal.112.2o7[1].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@2o7[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@ad.yieldmanager[1].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@adrevenue[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@adrevolver[1].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@adrevolver[3].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@atdmt[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@bs.serving-sys[1].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@burstnet[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@casalemedia[1].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@doubleclick[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@ehg-ifilm.hitbox[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@ehg-penguingroupusa.hitbox[1].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@fastclick[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@hitbox[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@kidipede.advertserve[1].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@media.adrevolver[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@qldscienceteachers.tripod[1].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@realmedia[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@richmedia.yahoo[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@serving-sys[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@specificclick[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@statcounter[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@tacoda[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@trafficmp[2].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@tribalfusion[1].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@tripod[1].txt
C:\Documents and Settings\mosrobinsbe\Cookies\mosrobinsbe@www.burstnet[1].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@ads.createreach[2].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@ads.pointroll[1].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@anad.tacoda[1].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@apmebf[1].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@atdmt[2].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@casalemedia[2].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@doubleclick[1].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@doubleclick[2].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@fastclick[2].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@kontera[2].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@msnportal.112.2o7[1].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@pro-market[2].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@pro-market[3].txt
C:\Documents and Settings\mosrobinsbe.HCAMS\Cookies\mosrobinsbe@tacoda[1].txt
C:\Documents and Settings\wespencerya\Cookies\wespencerya@apmebf[1].txt
C:\Documents and Settings\wespencerya\Cookies\wespencerya@fastclick[2].txt

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:41 PM

Posted 14 April 2010 - 11:30 AM

Not much showing up but tracking cookies.

Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.
  • Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.
  • Read the "Advantages - Requirements and Limitations" then press the Posted Image... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the Posted Image... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the Posted Image... button afterwards:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users