Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

connection virus?


  • Please log in to reply
13 replies to this topic

#1 andreapi

andreapi

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 25 September 2010 - 08:29 AM

hello,
my computer is a pc on windows xp I use windows firewall and avira premium anti virus.
my web connection is acting strangely, some browsers are very slow, or refuse to connect to some websites, or do not run .flv files (opera, firefox) or simply wont work at all (safari).

In advance all my gratitude for your help!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 25 September 2010 - 08:10 PM

Hello, let's get a bit of a look here.

Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to normal mode.
Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 andreapi

andreapi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 26 September 2010 - 04:07 AM

First of all thank you, I live in France and I find it extraordinary someone so far away would spend time and try to help, it is a very warming feeling in a cold world...

anyway I started to follow your instructions but didn't get very far, when I run rkill ( or the renamed versions), I get an error window saying Windows cannot open the file, does not recognise it and needs to know what program was used to create it. I send you the log.



This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as andr‚ on 26/09/2010 at 10:45:09.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\andré\Bureau\eXplorer.exe


Rkill completed on 26/09/2010 at 10:45:10.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 26 September 2010 - 02:06 PM

Well you are very welcome, I don't mind at all. Well if a bottle of Dom Perignon 1996 is laying around err :thumbsup:

What program do I want to open file (FILE ASSOC FIX)
Go here to Doug KNox's Windows® XP File Association Fixes
Run 9th down on left... EXE File Association Fix ... the EXE not EML one.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 andreapi

andreapi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 26 September 2010 - 04:51 PM

sorry, we might have to wait for old Dom Perignon,
I followed your instructions but I get the same result. When rkill is dowloaded its icon is the one that looks like a washing machine( a blue and white square with three black dots on the top right...), when I run it, I get the black window and half a second after it disappears and the error window pups up : "Windows cannot open the file..."
the strange thing is that the file it cannot open is rkill.log, it doesn't say anything about not running the program itself.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as andr‚ on 26/09/2010 at 23:49:09.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\andré\Bureau\eXplorer.exe


Rkill completed on 26/09/2010 at 23:49:11.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 26 September 2010 - 07:36 PM

I should have mentioned ... will MBAM or SAS run without RKill, in Safe or Normal?


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 andreapi

andreapi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 27 September 2010 - 04:50 PM

MBAM and SAS ran allright, I post the logs down below, apparently my machine was indeed infected with ugly adware and two viruses, but my browsers troubleshooting remains the same, for example firefox won't run some websites and firebug console is showing a bunch of css code errors, could it be that the browers files are somehow infected or tempered with? As for rkill and the rename versions, they still don't work.


_______________________________________________________________________________________________________________________________________________________________________
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4703

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/09/2010 17:24:23
mbam-log-2010-09-27 (17-24-23).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 170786
Temps écoulé: 5 minute(s), 37 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\andré\Bureau\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\andré\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


___________________________________________________________________________________________________________________________________________________________________

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/27/2010 at 04:27 PM

Application Version : 4.43.1000

Core Rules Database Version : 5583
Trace Rules Database Version: 3395

Scan type : Complete Scan
Total Scan Time : 00:49:54

Memory items scanned : 288
Memory threats detected : 0
Registry items scanned : 9013
Registry threats detected : 0
File items scanned : 44985
File threats detected : 211

Adware.Tracking Cookie
broadcast.piximedia.fr [ C:\Documents and Settings\andré\Application Data\Macromedia\Flash Player\#SharedObjects\SE7VHKTR ]
.atdmt.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.weborama.fr [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.adviva.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.bluestreak.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
tracking.publicidees.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
tracking.publicidees.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.adtech.de [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.eaeacom.112.2o7.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
tracking.publicidees.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\heol\Application Data\Mozilla\Firefox\Profiles\sijlq3cp.default\cookies.sqlite ]
C:\Documents and Settings\heol\Cookies\heol@atdmt[1].txt
C:\Documents and Settings\heol\Cookies\heol@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\heol\Cookies\heol@msnportal.112.2o7[1].txt
C:\Documents and Settings\heol\Cookies\heol@weborama[1].txt
broadcast.piximedia.fr [ C:\Documents and Settings\lisa\Application Data\Macromedia\Flash Player\#SharedObjects\P74XK9TZ ]
cdn5.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Macromedia\Flash Player\#SharedObjects\P74XK9TZ ]
media.scanscout.com [ C:\Documents and Settings\lisa\Application Data\Macromedia\Flash Player\#SharedObjects\P74XK9TZ ]
.doubleclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.adtech.de [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.bluestreak.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.estat.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.ehg-artnetworldwide.hitbox.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.fr.at.atwola.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.stats.canalblog.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.ehg-artnetworldwide.hitbox.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
s1.shinystat.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.eb.adbureau.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
media.adrevolver.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
ad.zanox.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.click-fr.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.click-fr.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.adserver.aol.fr [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.adviva.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.libstat.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertstream.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertstream.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertstream.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertstream.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertstream.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
1fr.cqcounter.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.stats.canalblog.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.artemedia.agence-presse.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.bubblestat.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
artemedia.agence-presse.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.adcentriconline.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
track.effiliation.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
tracking.publicidees.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.stats.canalblog.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
www.decofinder.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
www.decofinder.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
tracking.publicidees.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.himedia.individuad.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.horyzon-media.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.horyzon-media.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.horyzon-media.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.horyzon-media.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertstream.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertstream.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.advertstream.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
track.effiliation.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.stats.canalblog.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.artfinding.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.artfinding.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
fr.sitestat.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
fr.sitestat.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
fr.sitestat.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
tracking.lsfinteractive.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.clickintext.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
tracking.publicidees.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
tracking.publicidees.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
media.sensis.com.au [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
media.sensis.com.au [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.pubads.g.doubleclick.net [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
fr.sitestat.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
fr.sitestat.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.weborama.fr [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
ads.horyzon-media.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\lisa\Application Data\Mozilla\Firefox\Profiles\c40p1fi6.default\cookies.sqlite ]
C:\Documents and Settings\lisa\Cookies\lisa@atdmt[2].txt
C:\Documents and Settings\lisa\Cookies\lisa@doubleclick[1].txt
C:\Documents and Settings\lisa\Cookies\lisa@msnportal.112.2o7[1].txt

Trojan.Agent/Gen-HackPatch
C:\PROGRAM FILES\ADOBE\ADOBE FLASH CS4\ADOBE.FLASH.CS4.V10.0.PROFESSIONAL-PATCH.EXE

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\PRVAGNTOVRLY.DLL

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 27 September 2010 - 08:18 PM

Hello again. This is a lot better, I want to do an online scan and maybe one more.. I am surprised that some of these got passed Avira as I use that also.

WE may have to post your css errors in another topic(In the Browsers ) forum if they don't go away.
ESET
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 andreapi

andreapi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 28 September 2010 - 10:35 AM

hello,
here is the next batch... I guess my computer was badly infected...



# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
#
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-28 11:56:34
# local_time=2010-09-28 01:56:34 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 25745527 25745527 0 0
# compatibility_mode=1792 16777191 100 0 48331452 48331452 0 0
# compatibility_mode=8192 67108863 100 0 449 449 0 0
# scanned=400033
# found=3
# cleaned=3
# scan_time=12662
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{636EFD0E-3554-44E0-965F-B226EC875326}\RP11\A0000867.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
J:\Azureus Downloads\Adobe Acrobat 9 Professional.rar NSIS/TrojanDownloader.Agent.NBS.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

and last night avira found 2 more:

Avira AntiVir Premium
Report file date: mardi 28 septembre 2010 04:00

Scanning for 2881727 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee :

Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : NUMEROUNO

Version information:
BUILD.DAT : 10.0.0.603 36207 Bytes 19/04/2010 15:03:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 19/04/2010 09:51:47
AVSCAN.DLL : 10.0.3.0 46440 Bytes 19/04/2010 09:51:47
LUKE.DLL : 10.0.2.3 104296 Bytes 24/03/2010 13:02:37
LUKERES.DLL : 10.0.0.1 12648 Bytes 24/03/2010 13:02:37
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 14:10:51
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:53:34
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 18:01:58
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:03:52
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 10:58:26
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 13:20:37
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 15:26:41
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 07:08:36
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 12:46:14
VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 12:46:14
VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 12:46:14
VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 12:46:14
VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 12:46:14
VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 11:21:28
VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 16:06:23
VBASE015.VDF : 7.10.11.231 129024 Bytes 21/09/2010 10:14:22
VBASE016.VDF : 7.10.12.4 126464 Bytes 23/09/2010 12:17:58
VBASE017.VDF : 7.10.12.38 146944 Bytes 27/09/2010 14:45:17
VBASE018.VDF : 7.10.12.39 2048 Bytes 27/09/2010 14:45:18
VBASE019.VDF : 7.10.12.40 2048 Bytes 27/09/2010 14:45:18
VBASE020.VDF : 7.10.12.41 2048 Bytes 27/09/2010 14:45:18
VBASE021.VDF : 7.10.12.42 2048 Bytes 27/09/2010 14:45:18
VBASE022.VDF : 7.10.12.43 2048 Bytes 27/09/2010 14:45:18
VBASE023.VDF : 7.10.12.44 2048 Bytes 27/09/2010 14:45:18
VBASE024.VDF : 7.10.12.45 2048 Bytes 27/09/2010 14:45:18
VBASE025.VDF : 7.10.12.46 2048 Bytes 27/09/2010 14:45:18
VBASE026.VDF : 7.10.12.47 2048 Bytes 27/09/2010 14:45:18
VBASE027.VDF : 7.10.12.48 2048 Bytes 27/09/2010 14:45:18
VBASE028.VDF : 7.10.12.49 2048 Bytes 27/09/2010 14:45:19
VBASE029.VDF : 7.10.12.50 2048 Bytes 27/09/2010 14:45:19
VBASE030.VDF : 7.10.12.51 2048 Bytes 27/09/2010 14:45:19
VBASE031.VDF : 7.10.12.54 39936 Bytes 27/09/2010 17:26:15
Engineversion : 8.2.4.66
AEVDF.DLL : 8.1.2.1 106868 Bytes 29/07/2010 18:51:05
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 17/09/2010 14:31:35
AESCN.DLL : 8.1.6.1 127347 Bytes 12/05/2010 17:49:05
AESBX.DLL : 8.1.3.1 254324 Bytes 23/04/2010 14:52:00
AERDL.DLL : 8.1.9.2 635252 Bytes 21/09/2010 16:14:26
AEPACK.DLL : 8.2.3.7 471413 Bytes 17/09/2010 14:31:29
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 21/07/2010 16:19:29
AEHEUR.DLL : 8.1.2.27 2933110 Bytes 24/09/2010 16:15:29
AEHELP.DLL : 8.1.13.4 242038 Bytes 24/09/2010 16:15:22
AEGEN.DLL : 8.1.3.22 401780 Bytes 17/09/2010 14:31:16
AEEMU.DLL : 8.1.2.0 393588 Bytes 23/04/2010 14:51:47
AECORE.DLL : 8.1.17.0 196982 Bytes 24/09/2010 16:15:21
AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 14:51:44
AVWINLL.DLL : 10.0.0.0 19304 Bytes 24/03/2010 13:02:36
AVPREF.DLL : 10.0.0.0 44904 Bytes 24/03/2010 13:02:36
AVREP.DLL : 10.0.0.8 62209 Bytes 24/03/2010 13:02:37
AVREG.DLL : 10.0.3.0 53096 Bytes 19/04/2010 09:51:47
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 19/04/2010 09:51:47
AVARKT.DLL : 10.0.0.14 227176 Bytes 19/04/2010 09:51:46
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 24/03/2010 13:02:36
SQLITE3.DLL : 3.6.19.0 355688 Bytes 24/03/2010 13:02:37
AVSMTP.DLL : 10.0.0.17 63848 Bytes 24/03/2010 13:02:36
NETNT.DLL : 10.0.0.0 11624 Bytes 24/03/2010 13:02:37
RCIMAGE.DLL : 10.0.0.32 2631528 Bytes 19/04/2010 09:51:46
RCTEXT.DLL : 10.0.53.0 97128 Bytes 19/04/2010 09:51:46

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: c:\program files\avira\antivir desktop\alldiscs.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, J:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: mardi 28 septembre 2010 04:00

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'vssvc.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'Azureus.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'CloneCDTray.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PrintCtrl.exe' - '1' Module(s) have been scanned
Scan process 'MPInst.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AskService.exe' - '1' Module(s) have been scanned
Scan process 'ApplicationUpdater.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'schedul2.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1807' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\System Volume Information\_restore{636EFD0E-3554-44E0-965F-B226EC875326}\RP10\A0000796.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was successfully wiped!
[NOTE] The file was deleted!
C:\System Volume Information\_restore{636EFD0E-3554-44E0-965F-B226EC875326}\RP10\A0000797.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was successfully wiped!
[NOTE] The file was deleted!
Begin scan in 'D:\' <documents>
Begin scan in 'J:\'


End of the scan: mardi 28 septembre 2010 08:23
Used time: 4:23:03 Hour(s)

The scan has been done completely.

117576 Scanned directories
2873406 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
2 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2873404 Files not concerned
15317 Archives were scanned
0 Warnings
2 Notes
153099 Objects were scanned with rootkit scan
0 Hidden objects were found

Edited by boopme, 28 September 2010 - 07:41 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 28 September 2010 - 07:57 PM

Ok, yes you were infected.. But we are much better now. Now do this and I think we can mop up after.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done disconnect from the internet.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE.

After that run the scan....click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected,
Reconnect to the internet.
Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 andreapi

andreapi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 29 September 2010 - 11:46 AM

hello, it's looking better...


kikioMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4715

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/09/2010 15:24:15
mbam-log-2010-09-29 (15-24-15).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 171757
Temps écoulé: 5 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 29 September 2010 - 12:57 PM

In a few hours if all is still good then Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 andreapi

andreapi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 01 October 2010 - 12:52 PM

hello,
I wanted to thank you again, I guess the "french infection" is subdued, I still get the errors on firefox and I cannot install safari should I post directly for help in the browsers forum or do I have to be refered by you?
also I keep back ups with acronis is there a way to clean those up or should I delete them?

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 01 October 2010 - 01:27 PM

Hello again,yes once again the French Infection was stopped :thumbsup:
I think that as you had to Antivirus before I would delete them and start a new set.

From the backup center, you can schedule your image backup to run on a daily, weekly or monthly schedule. You can also set it to run every so-many hours, or to run when an event (such as system startup) occurs. You can choose whether to invoke a virus scan before each backup and set specific files and folders to be excluded.
see Comprehensive Backup


Yes I would start a new topic on the other issue not my area of knowledge.

Happy computing
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users