Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

had a bad one, but is it gone?


  • Please log in to reply
10 replies to this topic

#1 daveso

daveso

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 07 March 2011 - 07:20 AM

caught something that had my system going in knots. could not boot...a box popped up statingwindows boot failutre., then a box asking to scan the system. I made it into safe mode once ...but then I could no longer do that.
I followed some instructions here ...
i got in by running safe mode as a command line, then running explorer.exe.
Things still were not going too well yet...then i did a RESTORE POINT TO 1 MARCH .... this allowed me to get in with a normal boot....
Ran TDSSkiller and whatever that online virus scanner is ..e something or nother...this found 2 worms
I was then able to run AVG ntivirus as a boot scan ..this found 10 incidents of malware and trojan JS:ScriptIP-Inf
amd malware-gen
Ran search & destroy ..noting found.

Now, I guess the question is: Do you think the original problem is still there or did I get it ? and what happened when i did the restore point? Did that emiinate the malware or is it still hiding in there someplace.

I wish I could remember the name of the big box that popped up when I first noted the problem...it was doing all kinds of scan and recommendations...that box would not close...then when I did get in via safemode, warnings were popping up in the task bar stating memory was bad, hard drive not recognized, etc etc.

BC AdBot (Login to Remove)

 


#2 daveso

daveso
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 07 March 2011 - 09:10 AM

just scanned with malwarebytes ...

here is the log form 1st scan:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5980

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/7/2011 8:00:19 AM
mbam-log-2011-03-07 (08-00-19).txt

Scan type: Quick scan
Objects scanned: 170511
Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Value: wxfw.dll -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


2nd log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5980

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/7/2011 8:05:26 AM
mbam-log-2011-03-07 (08-05-26).txt

Scan type: Quick scan
Objects scanned: 170032
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:46 PM

Posted 07 March 2011 - 11:24 AM

Hello, you did well to get there. Let's do an online scan and see if there was anything else.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 daveso

daveso
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 08 March 2011 - 06:40 AM

well, it found more

C:\Documents and Settings\dave\Application Data\Sun\Java\Deployment\cache\6.0\2\2cf9fe02-6dd9148d multiple threats deleted - quarantined
C:\Documents and Settings\dave\Application Data\Sun\Java\Deployment\cache\6.0\20\5c9dfd94-7d847518 probably a variant of Java/TrojanDownloader.OpenStream.AE trojan deleted - quarantined


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=083c45a23b95034db347ff2322a2c603
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-07 08:44:47
# local_time=2011-03-07 02:44:47 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 33019622 33019622 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=597204
# found=3
# cleaned=3
# scan_time=17535
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GameVance12.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GameVance5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\from d 11-26-09\DOWNLOADED APPS\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=083c45a23b95034db347ff2322a2c603
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-08 08:55:46
# local_time=2011-03-08 02:55:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 33093949 33093949 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=603439
# found=2
# cleaned=2
# scan_time=33866
C:\Documents and Settings\dave\Application Data\Sun\Java\Deployment\cache\6.0\2\2cf9fe02-6dd9148d multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dave\Application Data\Sun\Java\Deployment\cache\6.0\20\5c9dfd94-7d847518 probably a variant of Java/TrojanDownloader.OpenStream.AE trojan (deleted - quarantined) 00000000000000000000000000000000 C

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:46 PM

Posted 08 March 2011 - 10:31 AM

These Java eploits may indicata a Java issue.
What version of JAVA,if any, is running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).


TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 daveso

daveso
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 09 March 2011 - 06:14 PM

java 6 update 17
java 6 update 5

I'm doing TFC now ....

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:46 PM

Posted 09 March 2011 - 07:25 PM

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 daveso

daveso
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 12 March 2011 - 07:59 AM

OK ...got the java removed and updated.
anything else I should do?

And also...what do you recommend for spyware, worm, virus protection on a system.

I currently have AVG and Spyware S&D running

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:46 PM

Posted 12 March 2011 - 07:18 PM

I would recommend SAS
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 daveso

daveso
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 20 March 2011 - 09:21 AM

ok ..took me a bit, finally scanned..here's the log ...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/20/2011 at 09:13 AM

Application Version : 4.50.1002

Core Rules Database Version : 6635
Trace Rules Database Version: 4447

Scan type : Quick Scan
Total Scan Time : 00:13:31

Memory items scanned : 529
Memory threats detected : 0
Registry items scanned : 1802
Registry threats detected : 2
File items scanned : 6719
File threats detected : 93

Adware.ShopAtHomeSelect
HKU\S-1-5-21-1757981266-492894223-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Adware.Tracking Cookie
C:\Documents and Settings\dave\Cookies\dave@mediabrandsww[2].txt
C:\Documents and Settings\dave\Cookies\dave@ads.monster[1].txt
C:\Documents and Settings\dave\Cookies\dave@adknowledge[1].txt
C:\Documents and Settings\dave\Cookies\dave@insightexpressai[2].txt
C:\Documents and Settings\dave\Cookies\dave@dc.tremormedia[1].txt
C:\Documents and Settings\dave\Cookies\dave@adv.dmv[1].txt
C:\Documents and Settings\dave\Cookies\dave@in.getclicky[2].txt
C:\Documents and Settings\dave\Cookies\dave@media6degrees[1].txt
C:\Documents and Settings\dave\Cookies\dave@overture[2].txt
C:\Documents and Settings\dave\Cookies\dave@cn.clickable[1].txt
C:\Documents and Settings\dave\Cookies\dave@rotator.adjuggler[1].txt
C:\Documents and Settings\dave\Cookies\dave@stat.onestat[1].txt
C:\Documents and Settings\dave\Cookies\dave@revsci[1].txt
C:\Documents and Settings\dave\Cookies\dave@serving-sys[2].txt
C:\Documents and Settings\dave\Cookies\dave@adserver.adtechus[3].txt
C:\Documents and Settings\dave\Cookies\dave@walmart.112.2o7[1].txt
C:\Documents and Settings\dave\Cookies\dave@affiliate.rltracker[1].txt
C:\Documents and Settings\dave\Cookies\dave@tacoda.at.atwola[1].txt
C:\Documents and Settings\dave\Cookies\dave@yieldmanager[1].txt
C:\Documents and Settings\dave\Cookies\dave@adserver.amazon[1].txt
C:\Documents and Settings\dave\Cookies\dave@walmartstores.112.2o7[1].txt
C:\Documents and Settings\dave\Cookies\dave@ads.pubmatic[3].txt
C:\Documents and Settings\dave\Cookies\dave@specificmedia[3].txt
C:\Documents and Settings\dave\Cookies\dave@ads.cnn[1].txt
C:\Documents and Settings\dave\Cookies\dave@www.googleadservices[2].txt
C:\Documents and Settings\dave\Cookies\dave@ads.pointroll[3].txt
C:\Documents and Settings\dave\Cookies\dave@specificclick[3].txt
C:\Documents and Settings\dave\Cookies\dave@cdn1.trafficmp[1].txt
C:\Documents and Settings\dave\Cookies\dave@coppercountry[1].txt
C:\Documents and Settings\dave\Cookies\dave@a1.interclick[2].txt
C:\Documents and Settings\dave\Cookies\dave@user.lucidmedia[2].txt
C:\Documents and Settings\dave\Cookies\dave@s.clickability[2].txt
C:\Documents and Settings\dave\Cookies\dave@adecn[3].txt
C:\Documents and Settings\dave\Cookies\dave@collective-media[2].txt
C:\Documents and Settings\dave\Cookies\dave@trafficmp[3].txt
C:\Documents and Settings\dave\Cookies\dave@lucidmedia[1].txt
C:\Documents and Settings\dave\Cookies\dave@gsicace.112.2o7[1].txt
C:\Documents and Settings\dave\Cookies\dave@lfstmedia[1].txt
C:\Documents and Settings\dave\Cookies\dave@questionmarket[2].txt
C:\Documents and Settings\dave\Cookies\dave@tribalfusion[1].txt
C:\Documents and Settings\dave\Cookies\dave@pointroll[3].txt
C:\Documents and Settings\dave\Cookies\dave@2o7[2].txt
C:\Documents and Settings\dave\Cookies\dave@dmtracker[2].txt
C:\Documents and Settings\dave\Cookies\dave@ru4[3].txt
C:\Documents and Settings\dave\Cookies\dave@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\dave\Cookies\dave@realmedia[3].txt
C:\Documents and Settings\dave\Cookies\dave@liveperson[3].txt
C:\Documents and Settings\dave\Cookies\dave@interclick[2].txt
C:\Documents and Settings\dave\Cookies\dave@microsoftxbox.112.2o7[1].txt
C:\Documents and Settings\dave\Cookies\dave@content.yieldmanager[3].txt
C:\Documents and Settings\dave\Cookies\dave@msnportal.112.2o7[2].txt
C:\Documents and Settings\dave\Cookies\dave@counters.gigya[1].txt
C:\Documents and Settings\dave\Cookies\dave@smartadserver[2].txt
C:\Documents and Settings\dave\Cookies\dave@at.atwola[1].txt
C:\Documents and Settings\dave\Cookies\dave@kontera[2].txt
C:\Documents and Settings\dave\Cookies\dave@dealtime[2].txt
C:\Documents and Settings\dave\Cookies\dave@lucasarts.122.2o7[1].txt
C:\Documents and Settings\dave\Cookies\dave@liveperson[1].txt
C:\Documents and Settings\dave\Cookies\dave@server.iad.liveperson[1].txt
C:\Documents and Settings\dave\Cookies\dave@invitemedia[3].txt
C:\Documents and Settings\dave\Cookies\dave@bs.serving-sys[1].txt
C:\Documents and Settings\dave\Cookies\dave@ad.wsod[3].txt
C:\Documents and Settings\dave\Cookies\dave@ads.bleepingcomputer[1].txt
C:\Documents and Settings\dave\Cookies\dave@www.googleadservices[3].txt
C:\Documents and Settings\dave\Cookies\dave@pro-market[2].txt
C:\Documents and Settings\dave\Cookies\dave@adlegend[2].txt
C:\Documents and Settings\dave\Cookies\dave@stat.dealtime[2].txt
C:\Documents and Settings\dave\Cookies\dave@ar.atwola[1].txt
C:\Documents and Settings\dave\Cookies\dave@ads.ncaa[1].txt
C:\Documents and Settings\dave\Cookies\dave@content2.kitnmedia[1].txt
C:\Documents and Settings\dave\Cookies\dave@247realmedia[1].txt
C:\Documents and Settings\dave\Cookies\dave@texasinstrument.122.2o7[1].txt
C:\Documents and Settings\dave\Cookies\dave@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\dave\Cookies\dave@www.googleadservices[4].txt
C:\Documents and Settings\dave\Cookies\dave@lego.112.2o7[1].txt
C:\Documents and Settings\dave\Cookies\dave@chicagosuntimes.122.2o7[1].txt
C:\Documents and Settings\dave\Cookies\dave@tracking.waterfrontmedia[3].txt
C:\Documents and Settings\dave\Cookies\dave@stats.townnews[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.cnn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
a.ads2.msads.net [ C:\Documents and Settings\dave\Application Data\Macromedia\Flash Player\#SharedObjects\N53HVVX3 ]
s0.2mdn.net [ C:\Documents and Settings\dave\Application Data\Macromedia\Flash Player\#SharedObjects\N53HVVX3 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\dave\Application Data\Macromedia\Flash Player\#SharedObjects\N53HVVX3 ]
ad.yieldmanager.com [ C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:46 PM

Posted 20 March 2011 - 01:08 PM

Looks good ,update and do one more quick scan and I think you'll be clean/

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users