Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not able to turn on security center services


  • Please log in to reply
9 replies to this topic

#1 richie7

richie7

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 27 January 2011 - 01:10 PM

Hello all has Anyone got any ideas about this one. Have a problem at the moment with windows7 pro 32bit. I ran what was called a 'plug in' to view a video on a car website (should have Known better)
Windows security center flagged it as a trojen and deleted it but it that point i think it was too late. Now I
keep getting the warning flag with the red cross left bottom screen saying security centre turned off
Go to turn it on and get a message The windows security center service can't be started .
If I go to services and go to the security center i find it disabled restart it but after a few seconds it's back to disabled again
Have run malwarebyts in safe mode and got 8 problems cleared them up but still no go
When it first happened is was getting redirected IM results and it has stoped me doing a system restore
after malwarebyts run i don't get the redirects but still no restore and still not able to start security center
I Think thay i have got rid of the main problem but still left some problems in the reg. or have a rootkit
I did try rkill then dtss rootkit remover that did show results but then blue screens me every time.
If I set the security service to automatic and press start I get an error message :
Windows could not start Security center service on local computer : Error 1079 The account Specified for this Service is Different from the account specified for other services running in the same process . Cheers all richie allen xx
P.S The other Visual thing that it done to my pc was to mess around with the gadgets it turned the clock in to a black square and but i did find a fix for this Just wondered if this rang any bells with anyone
P.P.S I also run McAfee this seems to be ok but dont trust it is full protection ... XXXXXX

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:36 PM

Posted 27 January 2011 - 02:14 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware - Post the logs from your malwarebytes logs.

SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


Edited by cryptodan, 27 January 2011 - 02:16 PM.


#3 richie7

richie7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 28 January 2011 - 02:28 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/28/2011 at 01:45 AM

Application Version : 4.48.1000

Core Rules Database Version : 6290
Trace Rules Database Version: 4102

Scan type : Complete Scan
Total Scan Time : 04:49:42

Memory items scanned : 350
Memory threats detected : 0
Registry items scanned : 10650
Registry threats detected : 0
File items scanned : 624926
File threats detected : 508

Adware.Tracking Cookie
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@adtech[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@adbrite[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@content.yieldmanager[3].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ad.harrenmedianetwork[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@serving-sys[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@account.nokia[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ads.cpxcenter[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@internettrafficbuilder[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@microsoftxbox.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@pointroll[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@advertisefirst[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@msnportal.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@adjuggler[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@liveperson[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ads.raasnet[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@invitemedia[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@eas.apm.emediate[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@vidasco.rotator.hadj7.adjuggler[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@opti.inextmedia[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@user.lucidmedia[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@myroitracking[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@tradedoubler[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@adviva[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@e-2dj6wfkospdzslq.stats.esomniture[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ad.adserverplus[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@liveperson[3].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@fl01.ct2.comclick[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@clickshift[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ads.horyzon-media[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@www3.smartadserver[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ad.tlvmedia[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@advertising[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@content.yieldmanager[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@server.lon.liveperson[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ar.atwola[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@audience2media[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@mediaplex[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ww381.smartadserver[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ads.e-planning[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@uk.at.atwola[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@bs.serving-sys[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@uk.sitestat[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@statse.webtrendslive[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ww251.smartadserver[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@yieldmanager[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@revsci[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@cdn.at.atwola[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@cdn5.specificclick[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@tacoda.at.atwola[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ads.audience2media[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@zanox-affiliate[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@apmebf[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@adxpose[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@zedo[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@track.webgains[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ru4[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@harrenmedianetwork[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@track.adform[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@clicksor[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@adserving.versaneeds[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ads.neudesicmediagroup[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@adserver.adtechus[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@www.burstnet[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@click1.mainadv[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@adform[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@questionmarket[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@paypal.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@media6degrees[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@fidelity.rotator.hadj7.adjuggler[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@at.atwola[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@fastclick[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@microsoftsto.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@tacoda[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ads.intergi[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ads.pointroll[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@e-2dj6wfkiopcjaeo.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ad.adfunky[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@247realmedia[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@indoormedia.co[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@atwola[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@specificclick[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@stats.paypal[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ad.yieldmanager[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@atdmt[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@imrworldwide[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@server.cpmstar[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@77tracking[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ar.atwola[3].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@tribalfusion[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@doubleclick[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@pro-market[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@overture[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@bursttraffic[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@adserving.cpxinteractive[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@stat.onestat[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@ad6media[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\richie-9@rotator.adjuggler[1].txt
C:\Users\richie-9\AppData\Local\Temp\Low\Cookies\richie-9@atdmt[1].txt
C:\Users\richie-9\AppData\Local\Temp\Low\Cookies\richie-9@bs.serving-sys[1].txt
C:\Users\richie-9\AppData\Local\Temp\Low\Cookies\richie-9@msnportal.112.2o7[1].txt
C:\Users\richie-9\AppData\Local\Temp\Low\Cookies\richie-9@serving-sys[2].txt
C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
cdn5.specificclick.net [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
ec.atdmt.com [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
gw.callingbanners.com [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
ia.media-imdb.com [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
media.heavy.com [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
media1.clubpenguin.com [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
msntest.serving-sys.com [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
s0.2mdn.net [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
serving-sys.com [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
spe.atdmt.com [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
stat.easydate.biz [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
track.webgains.com [ C:\Users\richie-9\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4BJYBHB ]
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@006.free-counters.co[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@122.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@247realmedia[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@2o7[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@99stats[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ad.adition[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ad.yieldmanager[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@adbrite[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@adecn[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@adfarm1.adition[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@adform[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.ad4game[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.aol.co[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.audience2media[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.bleepingcomputer[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.contactmusic[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.fulldls[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.gamershell[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.gmodules[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.intergi[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.pubmatic[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.raasnet[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.sdp-web[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ads.us.e-planning[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@adserver.adtechus[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@adtech[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@advertise[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@advertising[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@adviva[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@adxpose[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@apmebf[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@at.atwola[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@atdmt[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@atwola[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@bs.serving-sys[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@burstbeacon[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@burstnet[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@casalemedia[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@cdn5.specificclick[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@chitika[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@clickboothlnk[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@clickfuse[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@clicks.freesearchquick[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@clickshift[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@cms.trafficmp[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@collective-media[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@content.yieldmanager[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@content.yieldmanager[3].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@counter.hitslink[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@dealtime.co[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@dmtracker[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@doubleclick[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wdkoghazglq.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wfk4qiczafq.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wfkocic5skp.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wfkosmajmkp.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wfkospdzslq.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wfmiugczglq.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wgkyqnajcdp.stats.esomniture[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wjk4uoajigp.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wjkysmdzaho.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wjkyupczikq.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wjlocld5agp.stats.esomniture[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wjlokmajmhp.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wjmycgc5aao.stats.esomniture[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wmk4ghcpifo.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@e-2dj6wnmyaldpscp.stats.esomniture[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@eaeacom.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@eas.apm.emediate[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ehg-spookmedia.hitbox[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ehg-tfl.hitbox[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ext-us.bestofmedia[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@eyewonder[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@fastclick[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@findaproperty[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@googleads.g.doubleclick[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@hitbox[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@imrworldwide[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@in.getclicky[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@indieclick[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@insightexpressai[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@interclick[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@invitemedia[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@kantarmedia[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@kontera[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@legolas-media[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@livenation.122.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@liveperson[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@liveperson[3].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@liveperson[4].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@liveperson[5].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@m1.webstats.motigo[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@media6degrees[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@mediaplex[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@microsoftgamestudio.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@microsoftinternetexplorer.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@microsoftsto.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@microsoftwindows.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@msnportal.112.2o7[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@msnservices.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@newsquestdigitalmedia.122.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@nextag.co[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@optimize.indieclick[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@paypal.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@pro-market[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@questionmarket[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@r1-ads.ace.advertising[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@revenue[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@revsci[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@rts.pgmediaserve[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@ru4[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@sales.liveperson[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@search.tacklediscounts.co[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@semdirector.112.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@server.cpmstar[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@server.lon.liveperson[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@server.lon.liveperson[3].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@server.lon.liveperson[4].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@serving-sys[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@smartadserver[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@specificclick[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@stat.dealtime[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@statcounter[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@stats.paypal[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@statse.webtrendslive[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@stopzilla[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@tacklediscounts.co[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@tacoda.at.atwola[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@tacoda[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@timeoutcommunications.122.2o7[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@track.adform[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@tradedoubler[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@tribalfusion[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@uk.at.atwola[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@user.lucidmedia[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@vdwp.solution.weborama[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@videoegg.adbureau[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@w00tpublishers.wootmedia[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@weborama[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@www.burstbeacon[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@www.burstnet[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@www.findaproperty[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@www.googleadservices[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@www.googleadservices[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@www.googleadservices[4].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@xiti[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@yadro[2].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@yieldmanager[1].txt
C:\Users\richie-9\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie-9@zedo[1].txt
C:\Users\richie2\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie2@2o7[2].txt
C:\Users\richie2\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie2@atdmt[1].txt
C:\Users\richie2\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie2@doubleclick[2].txt
C:\Users\richie2\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie2@msnportal.112.2o7[1].txt
C:\Users\richie2\AppData\Roaming\Microsoft\Windows\Cookies\Low\richie2@msnservices.112.2o7[1].txt
C:\Users\richie2Trojan.Agent/Gen-IEFake
C:\USERS\RICHIE-9\APPDATA\LOCAL\TEMP\RARSFX0\H\IEXPLORE.EXE
C:\USERS\RICHIE-9\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE
C:\USERS\RICHIE-9\APPDATA\LOCAL\TEMP\RARSFX1\H\IEXPLORE.EXE
C:\USERS\RICHIE-9\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\IEXPLORE.EXE

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\RICHIE-9\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\USERS\RICHIE-9\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-Frauder
E:\PROGRAM FILES\AOL BROADBAND\BROADBAND MODEM SETUP\CHECK_ACS_DONE.EXE
E:\PROGRAM FILES\AOL BROADBAND\BROADBAND MODEM SETUP\UNINSTALLER\STARTUNINSTALL.EXE
E:\PROGRAM FILES\AOL BROADBAND\BROADBAND MODEM SETUP\UNINSTALLER\UNINSTALL.EXE

Hi again run the scan results above , done a re boot at the moment i still have the problem . hope this helps Richie allen xx

Edited by richie7, 28 January 2011 - 08:15 AM.


#4 richie7

richie7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 28 January 2011 - 12:40 PM

25/01/2011 19:50:35
mbam-log-2011-01-25 (19-50-35).txt

Scan type: Quick scan
Objects scanned: 167019
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TJHTHX1O7X (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:36 PM

Posted 28 January 2011 - 01:28 PM

Can you now perform a full scan with an updated version of Malwarebytes Anti-Malware?

#6 richie7

richie7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 28 January 2011 - 07:31 PM

1oMalwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5631

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28/01/2011 23:42:24
mbam-log-2011-01-28 (23-42-24).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 788861
Time elapsed: 4 hour(s), 48 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 richie7

richie7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 29 January 2011 - 03:46 AM

Hello again have done another scan first updating malwarebytes with the above result seems to be all clear now.But still not able to turn on security service
Sorry forgot to put in, I had problems running gmer it hangs at random points in the scan and i'm not able to do anything with the pc won't even ctrl alt del
and blue screens me every time in safe mode? Hope this all helps and thank you for helping me out all the best richie allen xx

Edited by richie7, 29 January 2011 - 02:19 PM.


#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:36 PM

Posted 30 January 2011 - 02:26 PM

Can you run Gmer?

#9 richie7

richie7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 30 January 2011 - 03:41 PM

Hi ya Gmer blue screens me every time i run it ,safemode or normal . Think i have found a fix for it now. I ran a Vundo trojan removal tool then unlocked the admin account at the command prompt then in that account I ran combofix this seems to have done the job I don't know if it has actualy fixed it or just coverd it up ? but seems to have done it
if I go to services than pull up security center now is is set to automatic and running, I think ? the only thing I am not fully sure about is that the little actoin center flag still comes up in the lower right but now without the cross but of you click on it it says 'No current issues detected' I'm pritty sure this didnt happen before ? so that's why I thing it may well be a cover up not a fix but I dont know ? Ho and the gadget clock going to a black square is caused by an Adobe update you have to take out a small figure out of the reg with regedit ? Thank you so much for your time I'll put the link in to where i found this info :http://social.answers.microsoft.com/Forums/en-US/w7security/thread/d8250e7a-ee3c-4302-8ca6-9e2a10262feb.

Thanks again for you time and help It makes me feel good that there are people out there willing to help out when it seem alot of peolpe with skill are using it for destructive ends. All the Best richie allen xx

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:36 PM

Posted 31 January 2011 - 05:01 PM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users