Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm almost certain there is a virus (or several) on my computer.


  • This topic is locked This topic is locked
15 replies to this topic

#1 vitalbeach

vitalbeach

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:05:33 AM

Posted 06 February 2011 - 10:21 PM

This desktop computer has been around for a while with many people in my household using it (and misusing it). It was recently moved from my brother's room to my room and I have decided it's time to clean it up. It had no anti-virus software on it until i downloaded avg just a couple weeks ago, and since then I have been getting alerts that say my computer is infected with things such as "Adware Generic 2" amongst many other things.
I have noticed error messages popping up as well, and strangely, I sometimes get logged out of sites such as facebook and runescape while in the middle of doing something.
I also know for a fact that my brother used this computer to access several inappropriate websites, and my father, who has a very low level of technological literacy, has probably done so as well.


Anyways, The DDS log is below:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Krissy and Nathan at 15:58:19.45 on Sun 02/06/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1726.1101 [GMT -8:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Krissy and Nathan.YOUR-27E1513D96\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

=============== Created Last 30 ================

2011-02-04 20:17:37 1409 ----a-w- c:\windows\QTFont.for
2011-02-01 20:42:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-01 20:42:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-01 20:37:17 -------- d-----w- c:\windows\system32\en
2011-02-01 20:37:17 -------- d-----w- c:\windows\system32\bits
2011-02-01 19:56:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint
2011-02-01 19:56:38 -------- d-----w- c:\program files\Viewpoint
2011-02-01 19:55:46 -------- d-----w- c:\program files\common files\aolshare
2011-02-01 19:55:46 -------- d-----w- c:\program files\AOL 9.0
2011-02-01 19:23:45 -------- d-----w- c:\program files\common files\AOL
2011-02-01 15:47:02 -------- d-----w- c:\docume~1\krissy~1.you\applic~1\HPQ
2011-01-31 19:23:39 -------- d-----w- C:\.jagex_cache_32
2011-01-29 17:13:45 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2011-01-29 17:10:36 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2011-01-29 17:10:26 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-01-29 17:09:32 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-29 17:09:32 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-29 17:09:30 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-29 17:09:29 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-29 17:07:43 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-29 17:07:24 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-01-29 17:05:44 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-29 17:05:43 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-01-29 17:04:38 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2011-01-29 17:03:40 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-01-29 17:00:42 249856 ------w- c:\windows\system32\dllcache\odbc32.dll
2011-01-29 17:00:41 200704 ------w- c:\windows\system32\dllcache\msadox.dll
2011-01-29 17:00:41 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2011-01-29 17:00:41 102400 ------w- c:\windows\system32\dllcache\msjro.dll
2011-01-29 17:00:40 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2011-01-29 17:00:40 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2011-01-29 01:29:43 -------- d-----w- c:\windows\system32\scripting
2011-01-29 00:41:02 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-29 00:41:02 468480 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-29 00:41:02 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-01-29 00:41:02 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2011-01-29 00:41:01 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2011-01-29 00:41:01 6075904 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-01-29 00:41:01 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2011-01-29 00:41:01 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2011-01-19 23:12:47 28672 ------w- c:\windows\system32\drivers\atinsnxx.sys
2011-01-19 23:12:01 276992 ------w- c:\windows\system32\wmphoto.dll
2011-01-19 23:10:59 46464 ------w- c:\windows\system32\drivers\gagp30kx.sys
2011-01-18 22:38:21 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-01-18 22:38:20 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-01-18 22:34:06 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-18 22:24:57 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-01-18 22:24:34 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2011-01-18 06:16:16 -------- d-----w- c:\windows\system32\PreInstall
2011-01-18 04:57:43 -------- d--h--w- C:\$AVG
2011-01-18 04:28:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-18 04:28:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-18 04:21:53 -------- d-----w- c:\docume~1\krissy~1.you\locals~1\applic~1\Mozilla
2011-01-18 04:19:28 -------- d-----w- c:\docume~1\krissy~1.you\applic~1\AVG10
2011-01-18 04:16:34 -------- d-sh--r- C:\cmdcons
2011-01-18 04:16:17 -------- d-----w- c:\windows\setupupd
2011-01-18 04:03:17 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-01-18 04:01:57 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-18 04:01:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-01-18 04:01:26 -------- d-----w- c:\program files\AVG
2011-01-18 03:57:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-18 03:52:21 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-01-18 02:45:33 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-01-18 02:43:38 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-01-18 02:43:30 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-01-17 17:52:54 6144 ----a-w- c:\windows\~DF29F6.tmp
2011-01-12 18:39:18 -------- d-----w- c:\windows\wt

==================== Find3M ====================

2011-01-29 01:32:14 61440 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2011-01-29 01:32:14 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2011-01-29 01:32:14 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2011-01-29 01:32:14 40960 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2011-01-29 01:32:14 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2011-01-29 01:32:14 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2011-01-29 01:32:14 287310 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2011-01-29 01:32:14 163840 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

============= FINISH: 15:59:27.53 ===============


GMER didn't work, it made my computer bluescreen.

MOD EDIT: I merged your topics and then removed the first posts so that you keep your original place in the "queue". ~BP

Attached Files


Edited by Budapest, 08 February 2011 - 07:32 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:33 PM

Posted 10 February 2011 - 08:19 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:05:33 AM

Posted 10 February 2011 - 08:28 PM

Hi m0le, thanks for the reply. :)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:33 PM

Posted 11 February 2011 - 04:47 PM

There's nothing standing out there, the Gmer failure could indicate something so let's start with a rootkit scan

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:05:33 AM

Posted 11 February 2011 - 05:37 PM

Hi m0le, here is the TDSSKiller report:

2011/02/11 14:35:49.0265 3048 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/11 14:35:49.0671 3048 ================================================================================
2011/02/11 14:35:49.0671 3048 SystemInfo:
2011/02/11 14:35:49.0671 3048
2011/02/11 14:35:49.0671 3048 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/11 14:35:49.0671 3048 Product type: Workstation
2011/02/11 14:35:49.0671 3048 ComputerName: YOUR-27E1513D96
2011/02/11 14:35:49.0671 3048 UserName: Krissy and Nathan
2011/02/11 14:35:49.0671 3048 Windows directory: C:\WINDOWS
2011/02/11 14:35:49.0671 3048 System windows directory: C:\WINDOWS
2011/02/11 14:35:49.0671 3048 Processor architecture: Intel x86
2011/02/11 14:35:49.0671 3048 Number of processors: 1
2011/02/11 14:35:49.0671 3048 Page size: 0x1000
2011/02/11 14:35:49.0671 3048 Boot type: Normal boot
2011/02/11 14:35:49.0671 3048 ================================================================================
2011/02/11 14:35:49.0953 3048 Initialize success
2011/02/11 14:35:55.0765 2252 ================================================================================
2011/02/11 14:35:55.0765 2252 Scan started
2011/02/11 14:35:55.0765 2252 Mode: Manual;
2011/02/11 14:35:55.0765 2252 ================================================================================
2011/02/11 14:35:56.0640 2252 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/11 14:35:56.0859 2252 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/11 14:35:57.0218 2252 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/11 14:35:57.0406 2252 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/11 14:35:57.0640 2252 AgereSoftModem (34f27c7d71f1c49c7d3857f28b42f544) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/02/11 14:35:58.0421 2252 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/02/11 14:35:58.0843 2252 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/02/11 14:35:59.0250 2252 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/11 14:35:59.0906 2252 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/11 14:36:00.0109 2252 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/11 14:36:00.0484 2252 ati2mtag (b33a281dcdf455b069816790275050a7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/11 14:36:00.0765 2252 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/11 14:36:00.0953 2252 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/11 14:36:01.0171 2252 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/02/11 14:36:01.0390 2252 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/02/11 14:36:01.0593 2252 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/02/11 14:36:01.0796 2252 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/02/11 14:36:02.0015 2252 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/02/11 14:36:02.0281 2252 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/02/11 14:36:02.0468 2252 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/02/11 14:36:02.0718 2252 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/02/11 14:36:02.0984 2252 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
2011/02/11 14:36:03.0203 2252 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/11 14:36:03.0406 2252 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/11 14:36:03.0718 2252 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/11 14:36:03.0906 2252 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/11 14:36:04.0109 2252 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/11 14:36:05.0187 2252 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/11 14:36:05.0437 2252 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/11 14:36:05.0656 2252 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/11 14:36:05.0859 2252 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/11 14:36:06.0078 2252 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/11 14:36:06.0453 2252 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/11 14:36:06.0671 2252 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/11 14:36:06.0906 2252 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/11 14:36:07.0078 2252 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/11 14:36:07.0296 2252 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/11 14:36:07.0515 2252 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/11 14:36:07.0734 2252 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/11 14:36:07.0921 2252 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/11 14:36:08.0156 2252 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
2011/02/11 14:36:08.0343 2252 GEARAspiWDM (6f55305289a0765bd8ae8e8d32f17117) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/11 14:36:08.0531 2252 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/11 14:36:08.0765 2252 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/11 14:36:09.0187 2252 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/11 14:36:09.0703 2252 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/11 14:36:09.0984 2252 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/02/11 14:36:10.0234 2252 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/11 14:36:10.0640 2252 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/11 14:36:10.0843 2252 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/11 14:36:11.0000 2252 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/11 14:36:11.0156 2252 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/11 14:36:11.0328 2252 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/11 14:36:11.0500 2252 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/11 14:36:11.0734 2252 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/11 14:36:11.0953 2252 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/11 14:36:12.0140 2252 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/11 14:36:12.0328 2252 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/11 14:36:12.0546 2252 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/11 14:36:12.0750 2252 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/11 14:36:13.0156 2252 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/11 14:36:13.0375 2252 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/11 14:36:13.0562 2252 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/11 14:36:13.0750 2252 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/11 14:36:14.0000 2252 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/11 14:36:14.0375 2252 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/11 14:36:14.0578 2252 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/11 14:36:14.0843 2252 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/11 14:36:15.0046 2252 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/11 14:36:15.0250 2252 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/11 14:36:15.0453 2252 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/11 14:36:15.0609 2252 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/11 14:36:15.0843 2252 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/11 14:36:16.0046 2252 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/11 14:36:16.0234 2252 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/11 14:36:16.0437 2252 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/11 14:36:16.0656 2252 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/11 14:36:16.0843 2252 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/11 14:36:17.0078 2252 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/11 14:36:17.0281 2252 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/11 14:36:17.0546 2252 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/11 14:36:17.0734 2252 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/11 14:36:17.0984 2252 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/11 14:36:18.0218 2252 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/11 14:36:18.0421 2252 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/11 14:36:18.0625 2252 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/11 14:36:18.0796 2252 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/11 14:36:18.0984 2252 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/11 14:36:19.0203 2252 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/11 14:36:19.0406 2252 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/11 14:36:19.0625 2252 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/11 14:36:19.0968 2252 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/11 14:36:20.0140 2252 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/11 14:36:21.0343 2252 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/11 14:36:21.0578 2252 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/11 14:36:21.0812 2252 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/11 14:36:22.0015 2252 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/11 14:36:22.0218 2252 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/11 14:36:23.0234 2252 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/11 14:36:23.0437 2252 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/11 14:36:23.0640 2252 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/11 14:36:23.0828 2252 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/11 14:36:24.0046 2252 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/11 14:36:24.0250 2252 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/11 14:36:24.0500 2252 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/11 14:36:24.0718 2252 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/11 14:36:24.0921 2252 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/02/11 14:36:25.0109 2252 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/02/11 14:36:25.0296 2252 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/11 14:36:25.0546 2252 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/11 14:36:25.0765 2252 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/11 14:36:26.0265 2252 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/11 14:36:26.0500 2252 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/11 14:36:26.0734 2252 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/11 14:36:27.0000 2252 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/11 14:36:27.0234 2252 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/11 14:36:28.0062 2252 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/11 14:36:28.0312 2252 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/11 14:36:28.0500 2252 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/11 14:36:28.0640 2252 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/11 14:36:28.0875 2252 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/11 14:36:29.0234 2252 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/11 14:36:29.0671 2252 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/11 14:36:29.0890 2252 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/11 14:36:30.0093 2252 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/11 14:36:30.0328 2252 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/11 14:36:30.0500 2252 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/11 14:36:30.0671 2252 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/11 14:36:30.0859 2252 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/11 14:36:31.0046 2252 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/11 14:36:31.0203 2252 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/11 14:36:31.0453 2252 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/11 14:36:31.0671 2252 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/11 14:36:32.0078 2252 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/11 14:36:32.0359 2252 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/02/11 14:36:32.0500 2252 ================================================================================
2011/02/11 14:36:32.0500 2252 Scan finished
2011/02/11 14:36:32.0500 2252 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:33 PM

Posted 11 February 2011 - 05:40 PM

That's looking good.

Please run MBAM and SAS, this flushes out most problems

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#7 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:05:33 AM

Posted 12 February 2011 - 03:48 PM

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5743

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/12/2011 4:28:18 AM
mbam-log-2011-02-12 (04-28-18).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 312205
Time elapsed: 3 hour(s), 46 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here's the super anti spyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/12/2011 at 12:31 PM

Application Version : 4.48.1000

Core Rules Database Version : 6387
Trace Rules Database Version: 4199

Scan type : Complete Scan
Total Scan Time : 01:23:29

Memory items scanned : 450
Memory threats detected : 0
Registry items scanned : 5928
Registry threats detected : 0
File items scanned : 73291
File threats detected : 245

Adware.Tracking Cookie
macromedia.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\6A9D4K3B ]
.nhl.112.2o7.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\51vafjww.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\51vafjww.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\51vafjww.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\51vafjww.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\51vafjww.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\51vafjww.default\cookies.sqlite ]
C:\Documents and Settings\Guest\Cookies\guest@adbrite[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adserver.adtechus[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adultfriendfinder[1].txt
C:\Documents and Settings\Guest\Cookies\guest@asianporn69[2].txt
C:\Documents and Settings\Guest\Cookies\guest@at.atwola[1].txt
C:\Documents and Settings\Guest\Cookies\guest@flashingpublicporn[1].txt
C:\Documents and Settings\Guest\Cookies\guest@galleries.adult-empire[1].txt
C:\Documents and Settings\Guest\Cookies\guest@naked[1].txt
C:\Documents and Settings\Guest\Cookies\guest@statcounter[1].txt
media1.break.com [ C:\Documents and Settings\jfox\Application Data\Macromedia\Flash Player\#SharedObjects\3AN85HZE ]
secure-us.imrworldwide.com [ C:\Documents and Settings\jfox\Application Data\Macromedia\Flash Player\#SharedObjects\3AN85HZE ]
vitamine.networldmedia.net [ C:\Documents and Settings\jfox\Application Data\Macromedia\Flash Player\#SharedObjects\3AN85HZE ]
www.naiadsystems.com [ C:\Documents and Settings\jfox\Application Data\Macromedia\Flash Player\#SharedObjects\3AN85HZE ]
.ad.yieldmanager.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.adcentriconline.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.bellcan.adbureau.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.microsoftwindows.112.2o7.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.nhl.112.2o7.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.sympatico.112.2o7.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.paypal.112.2o7.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.hearstugo.112.2o7.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.eaeacom.112.2o7.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.ad-g.doubleclick.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
user.lucidmedia.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.lfstmedia.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.lfstmedia.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.azjmp.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.www.burstnet.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
d.coedmediagroup.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.myroitracking.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.clickbank.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\jfox\Application Data\Mozilla\Firefox\Profiles\wm630unl.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\jfox.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\m4yiphsw.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\jfox.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\m4yiphsw.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\jfox.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\m4yiphsw.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\jfox.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\m4yiphsw.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\jfox.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\m4yiphsw.default\cookies.sqlite ]
.nhl.112.2o7.net [ C:\Documents and Settings\jfox.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\m4yiphsw.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\jfox.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\m4yiphsw.default\cookies.sqlite ]
in.getclicky.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.gaiainteractive.112.2o7.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.bellcan.adbureau.net [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
rbc.bridgetrack.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.adcentriconline.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.www.burstnet.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Krissy and Nathan\Application Data\Mozilla\Firefox\Profiles\uqc9lu28.default\cookies.sqlite ]

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:33 PM

Posted 12 February 2011 - 05:40 PM

Still looks good. An ESET scan may find leftovers, usually harmless but they're still there as a trace for us to identify the malware

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#9 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:05:33 AM

Posted 13 February 2011 - 02:09 PM

Hi m0le,
The ESET scan found no threats.

Edited by vitalbeach, 13 February 2011 - 02:51 PM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:33 PM

Posted 13 February 2011 - 04:01 PM

Well, it's looking clean. Any symptoms during the fix that I need to know about?
Posted Image
m0le is a proud member of UNITE

#11 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:05:33 AM

Posted 13 February 2011 - 04:38 PM

Actually, I noticed that my computer had a lot of temp files (they have probably never been cleared, or at least, not for a long, long time), so I tried to run TFC to clear them, but just as I started the program, my computer rebooted itself, and then once it was done, I got an error message saying that Windows had encountered a 'serious error'. This happened 2 days ago, I believe.
I don't know what this means, or if it is significant?

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:33 PM

Posted 13 February 2011 - 06:06 PM

Probably not significant but let's try ATF and see if that fails

Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

NB: If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

This could also be Clear Recent History or similar

Then close Firefox and then reopen it.

Posted Image
m0le is a proud member of UNITE

#13 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:05:33 AM

Posted 13 February 2011 - 10:49 PM

Hi m0le, thanks, ATF Cleaner worked fine. :)

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:33 PM

Posted 14 February 2011 - 05:02 PM

ATF FTW :)

We're there, please note the important Java update...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

Uninstall ComboFix

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it vitalbeach, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#15 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:05:33 AM

Posted 14 February 2011 - 09:19 PM

Thank you so much for all your help m0le, I will try my best to donate to this website, and I'll definitely refer my family and friends to this forum for their virus removal needs. :)
I very much appreciate all your help!
-vitalbeach




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users