Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adware/PUANirCmd over and over and over....


  • Please log in to reply
22 replies to this topic

#1 Snowydog

Snowydog

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 16 June 2010 - 10:14 PM

First, I am far far away from a geek.but thanks to this wonderful fabulous easy to use (kissy kissy thank you) site I was able to get my computer going again after being hit with AVSuite.......
Following removal instructions I loaded rkill and then malware I was able to get my computer functioning with teh exception of Firefox would not load, saying it could not communicate with the proxy server.
I had Firefox set to use AOL as my homepage

I changed Firefox proxy server and it now will load, showing google search as a homepage
But
Sophos keeps going bonkers showing this File 0001 adware/PUA NirCmd
Reading further on this site I see the Sophos can do that will rkill....so I deleted the rkill from my desktop (only place I could find it)
I now get a lengthy error message, usually on start up

C:\systemvolumeinformation\_restore{32D86Z6D-B26C-4902-B7B9-935189B8FDD9}RP741\A0370613.com\File 0001 belongs to adware/PUANIRCmd

Am I still infected? How do I clear this up? I haven't tried going back to see if Firefox will load with AOL as home page, I just changed the server......(not sure how..will have to check again)

System is an older Dell Dimension 8300 (stop laughing) and runs with Windows XP

Any ideas would be helpful

Cheers
Snowy

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:56 AM

Posted 16 June 2010 - 10:51 PM

All you need here is to Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Snowydog

Snowydog
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 17 June 2010 - 09:13 AM

I can't thank you enough for your help.....

One more question, as I turned puter on this morning everything was way slow to load so i think something is still lurking
Should I Do another download of rkill and then do the malware scan.....? Or just go with Sophos and all will be well

Have I said Thank you enough? You guys are great!
Smiles
Snowy

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:56 AM

Posted 17 June 2010 - 10:48 AM

Hi, snowwy,let's do these and see....

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Snowydog

Snowydog
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 17 June 2010 - 09:51 PM

Okay I did all that. Had to be in normal mode as Safe Mode froze when i tried to do AntiSpyware.

I had already loaded a MBAM so unloaded that version and reloaded as your instructed. I followed your directions, Antispyware found 25 registry things and 117 adwares. I cleared those up and then did a system restore from that point.
Puter still a bit slow but I ran it ok. Went out for a bit, came home turned on puter and sophos alerted me to 14 adware hits. UGH so all is not going well. Something is letting the adware through.

I had Lavasoft adware already, but uninstalled it as the Antispyware did a much better job ( thank you)
I also did not "listen to" a pop up that wanted my to click here because Sophos was not working.

Right now I have the MBAM, Antispyware, the AFt, Spybot and Sophos on the computer. I also saw the rkill is under MSDOS.which is new. It had its own icon and I deleted it.

The computer is running and I can get into the web in a round about way........so I guess as long as I have email access and this site I am all set.unless you know of any other tricks.
Thank you so much for your help and patience with this, and your down to earth not high tech instructions.

with deepest respect
Snowy

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:56 AM

Posted 17 June 2010 - 10:13 PM

Hi as I don't know what was found and removed I can't go any futher. I can say remove SpyBot and adaware, tho you may have. Also Rkill is updated everyday almost so you need to re d'load that to use.

The NirCmd may have been part of atool ComboFix. Did you use that?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Snowydog

Snowydog
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 18 June 2010 - 07:40 AM

OOh I did iT! Damng I am learning stuff thank you.
Okay here is the log.........Computer was on but not connected to mozilla firefox. This a.m. Sophos had 20 error messages about Adware Nir....

I did not use Combofix just followed the AVsuite virus guide on this site.

I am goping to need to make a donation somewhere for all of your help...you're not allowed to get $$ are you? This is incredible, you are teaching me, helping save my computer and giving me a sense of accomplishment
Teaching an old dog new tricks once again

Thanks
Snowy








SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/17/2010 at 03:13 PM

Application Version : 4.39.1002

Core Rules Database Version : 5081
Trace Rules Database Version: 2893

Scan type : Complete Scan
Total Scan Time : 01:30:20

Memory items scanned : 261
Memory threats detected : 0
Registry items scanned : 5090
Registry threats detected : 0
File items scanned : 64638
File threats detected : 171

Adware.Flash Tracking Cookie
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\BANNERFARM.ACE.ADVERTISING.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\CONVOAD.TECHNORATIMEDIA.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\IA.MEDIA-IMDB.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\MEDIA.KENS5.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\MEDIA.KVAL.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\MEDIA.KVUE.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\MEDIA.MOBLYNG.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\MEDIA.MTVNSERVICES.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\MEDIA.RESULTHOST.ORG
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\MEDIA.SCANSCOUT.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\MEDIA.TATTOMEDIA.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\MEDIA1.BREAK.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\MSNBCMEDIA.MSN.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\OBJECTS.TREMORMEDIA.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\PARKSANDRESORTS.WDPROMEDIA.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\INTERCLICK.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\MOTIFCDN2.DOUBLECLICK.NET
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\UDN.SPECIFICCLICK.NET
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\CONTENT.YIELDMANAGER.EDGESUITE.NET
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\SPEED.POINTROLL.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\2MDN.NET
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\M1.2MDN.NET
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\SECURE-US.IMRWORLDWIDE.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\CONTENT.ODDCAST.COM
C:\Documents and Settings\Amy\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UZEPD4VV\ODDCAST.COM

Adware.Tracking Cookie
2mdn.net [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
a.media.abcfamily.go.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
a.media.community.abcfamily.go.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
cdn4.specificclick.net [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
cdn5.specificclick.net [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
content.oddcast.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
convoad.technoratimedia.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
core.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
ia.media-imdb.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
imagec05.247realmedia.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
interclick.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
m1.2mdn.net [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
macromedia.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.abc6.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.doctoroz.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.kens5.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.kval.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.kvue.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.moblyng.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.mtvnservices.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.nbcphiladelphia.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.resulthost.org [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.scanscout.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.swarovski.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.tattomedia.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.thewb.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media.vmixcore.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
media1.break.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
motifcdn2.doubleclick.net [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
msnbcmedia.msn.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
objects.tremormedia.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
oddcast.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
parksandresorts.wdpromedia.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
pointroll.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
s0.2mdn.net [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
spe.atdmt.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
speed.pointroll.com [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
udn.specificclick.net [ C:\Documents and Settings\Amy\Application Data\Macromedia\Flash Player\#SharedObjects\UZEPD4VV ]
.at.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
ar.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.ar.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.media.legacy.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.associatedcontent.112.2o7.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.bizrate.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
link.mercent.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.media.legacy.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.thomasvillefurniture.122.2o7.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.media.legacy.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.media.legacy.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.media.legacy.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:56 AM

Posted 18 June 2010 - 11:50 AM

How is it running now??

OK, well that command has a few other uses too. so..
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



Thanks for the offer... I do not accept donations nor does BC.. But I will recommend 2 routes if you'd like to contribute to something..
Either make a donation to some people here that would appreciate it. They help or developed some of the tools we use here to clean computers.

Look them up in the MEMBERS tab at the top right.
a_d_13
jpshortstuff
random/random
Old Timer
teacup61
JSntgRvr
m0le
Blender
Thunder

OR
If you would like to donate,I'd appreciate if you donated here. Goodwill Rescue Mission, Complete meal $1.98

I donate here often and serve Thanksgiving dinner every other year. They are non profit, honest and very dedicated. Thousands of people pass thru here in need of food ,clothing, furniture etc...
They run one in Newark,NJ and lower Manhattan,NYC.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Snowydog

Snowydog
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 18 June 2010 - 02:09 PM

Okay I think we are getting closer.
MBAM showed nothing. The log showed nothing......but before I read your reply I ran Antispyware. it found 45 objects.
I ran it again and it found more

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2010 at 03:00 PM

Application Version : 4.39.1002

Core Rules Database Version : 5081
Trace Rules Database Version: 2893

Scan type : Quick Scan
Total Scan Time : 00:15:11

Memory items scanned : 410
Memory threats detected : 0
Registry items scanned : 948
Registry threats detected : 0
File items scanned : 24294
File threats detected : 14

Adware.Tracking Cookie
.at.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
ar.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.ar.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\ih3huurt.default\cookies.sqlite ]


So...I am thinking cookies??? Not registry, right? I do have registry booster loaded on the computer. But have not run it.

I get hit only when I am not logged online....... so something is lurking will cookies do this?
I apologize for the length of this and if it is pestering you please know I am eternally grateful.

Snowy

#10 Snowydog

Snowydog
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 18 June 2010 - 02:37 PM

I just cleared individual cookies that had those "names". Am going to see if there are any more hits after I turn puter off and back on.
When i cleared cookies the puter, in mozilla , froze but I was able to exit to desk top

Crossing fingers
I will definitely make a donation to one of the members Thank you


4:05 pm Computer turned off for short tiem then back on

Oh my Gosh! Fist pump in air etc etc except for being a bit slow to start no error messages YAHOOOOOOOOOOO
WooHooo and any other HOOOOOOOOs I can do

We did it!!!

Edited by Snowydog, 18 June 2010 - 03:04 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:56 AM

Posted 18 June 2010 - 06:30 PM

This is great! You will more than likely always pick up some tracking cookies along the way. You should update and scan weekly.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Snowydog

Snowydog
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 18 June 2010 - 09:43 PM

yep (multitude of swear words, pretty much all that i know)
came home after being out for about 5 hours. 8 adware hits.

Am thinking something is compromised..... but not sure which site. maybe its Firefox itself?

I'll just keep using Antispyware and clearing cookies.... at least computer is working...

:thumbsup:

Ps Love your slogan
Mine is My Insanity keeps me sane

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:56 AM

Posted 18 June 2010 - 10:45 PM

Let's do an online scan with ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Snowydog

Snowydog
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 19 June 2010 - 08:51 PM

I was able to run the scan without having to disabled Sophos
There were no threats found.

so am guessing something is hitting the cookies aspect.
Would a registry change cause this or just something that is "open"
All the warning have that Nir Com type in the message

Thank you for your diligence

Snowy

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:56 AM

Posted 19 June 2010 - 09:04 PM

take read of this at Sophos
http://www.sophos.com/support/disinfection/puas.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users