Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unauthorized System Startup Entries Added/Deleted


  • Please log in to reply
16 replies to this topic

#1 fastsigns

fastsigns

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 15 June 2011 - 11:03 AM

I notice a virus on my system yesterday am, and immediately shutdown my system. Went into safe mode, ran rkill then malware bytes, see logs. I seemed to get rid of those (maybe), but after I looked at my spybot log, attached, and noticed some strange startup entry modifications. Even though they look like they should remove some menu items, the items are still there. I also noticed some exe's that were tampered with.

Additional info: I set tea time this am to deny the above, as you can see in the log.
XP was not up to date, but was updated this am.

Any ideas?

Thanks in advance! You all have helped me before and I'm so glad that you are available.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Attached Files



BC AdBot (Login to Remove)

 


#2 invision

invision

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 15 June 2011 - 11:41 AM

Are you experiencing any issue on the PC/Internet

Some times these tools will remove the executable but it would leave the shortcuts. The best way to make sure is to right click on the shortcut and copy the path to the files. Then do a search for those files. Can you post a screenshot of the shortcuts?

Thanks

#3 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 15 June 2011 - 12:09 PM

Are you experiencing any issue on the PC/Internet

Some times these tools will remove the executable but it would leave the shortcuts. The best way to make sure is to right click on the shortcut and copy the path to the files. Then do a search for those files. Can you post a screenshot of the shortcuts?

Thanks


Thanks for your prompt response. Actually, I could care less about the above being there or not. I have a network neighborhood on the desktop and it works fine, but I will look into that. I'm more concerned about the executables, altering the firewall settings, indicated in the spybot log.

Any other ideas?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,918 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 PM

Posted 15 June 2011 - 01:28 PM

mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products). Further, most people don't understand how to use Spybot's TeaTimer and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. If you don't have understanding how a particular security tool works, then you probably should not be using it. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and in some cases it will even prevent disinfection of malware by those tools.

More effective alternatives are Malwarebytes Anti-Malware and SUPERAntiSpyware Free.

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. Why? Malwarebytes is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, Malwarebytes loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of Malwarebytes. Doing a safe mode scan should only be done when a regular mode scan fails or you cannot boot up normally.

Rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Please download SUPERAntiSpyware Free and follow these instructions for performing a scan.

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Be sure to update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download them from here.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Click Close to exit the program.
  • Please copy and paste the Scan Log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 15 June 2011 - 01:59 PM

Thanks, QuietDude!

I'll perform your suggestions later today. I did not know that about MB. I did of course reboot into normal windows mode after my scans, so it could do its thing. With the tea timer, I would always look up what registry entry it is referring to before proceeding.

More later, and much appreciated!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,918 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 PM

Posted 15 June 2011 - 02:07 PM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 15 June 2011 - 08:26 PM

Just ran malwarebytes in std windows:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6864

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/15/2011 6:26:12 PM
mbam-log-2011-06-15 (18-26-12).txt

Scan type: Quick scan
Objects scanned: 172579
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Then I ran SUPERduperAntiSpyware (oh my God):

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/15/2011 at 07:01 PM

Application Version : 4.54.1000

Core Rules Database Version : 7273
Trace Rules Database Version: 5085

Scan type : Complete Scan
Total Scan Time : 00:24:28

Memory items scanned : 310
Memory threats detected : 0
Registry items scanned : 6107
Registry threats detected : 0
File items scanned : 15626
File threats detected : 211

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@at.atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.undertone[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@segment-pixel.invitemedia[1].txt
cdn.insights.gravity.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
espn360.channelfinder.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
interclick.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
media.lintvnews.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
media.mtvnservices.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
media.scanscout.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
media.vmixcore.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
media.wfaa.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
media01.kyte.tv [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
media1.break.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
media5.wgt.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
objects.tremormedia.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
secure-uk.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
sftrack.searchforce.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
static.cdn.360.sorensonmedia.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\NLX4D85S ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.usatoday1.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
in.getclicky.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.mediafire.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.mediafire.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.mediafire.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.mediafire.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.msnbc.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
www.accountonline.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.accountonline.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.foxinteractivemedia.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.fim.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.microsoftgamestudio.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.vpmc.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.dpmediacenter.disqus.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.driveraccess.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.sonyelectronicssupportus.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
stats.denverpost.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.stats.denverpost.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.eaeacom.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.speedtv.racecentre.stats.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.speedtv.racecentre.stats.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.andomedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.chicagosuntimes.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
static.freewebs.getclicky.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.intermundomedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.clickaider.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.viva-media.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
uk.sitestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
uk.sitestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
pluckit.demandmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.premiumtv.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.yellowpages.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
stats.crackerjackmack.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
nl.sitestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
nl.sitestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.yadro.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
wstat.wibiya.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
www.trackpedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
www.trackpedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.trackpedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.trackpedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.s.clickability.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.s.clickability.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.livenation.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.roadandtrack.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.roadandtrack.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.roadandtrack.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.roadandtrack.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.roadandtrack.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
magnet.traffic.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.hertz.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.rambler.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.nascarmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.nascarmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
s03.flagcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
traffic.prod.cobaltgroup.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
user.lucidmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
traffic.outbrain.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.top4serials.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.top4serials.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.stats.denverpost.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.synacorqwest.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.haymarketbusinesspublications.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.martiniadnetwork.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.martiniadnetwork.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.martiniadnetwork.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.martiniadnetwork.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.synacor.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.bizrate.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.gametracker.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
C:\Documents and Settings\Administrator\Cookies\administrator@adserving[2].txt

Rogue.AntiMalwareDoctor
C:\Documents and Settings\Administrator\Application Data\F6E168935E641715348CB06A4716B9DC

Trojan.Agent/Gen-FakeDrop
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\DOWNLOADS\GAMES\RFACTOR\TRACKS\GPLE79TRACKPAK\UNINSTALL79TRACKPACKV20.EXE

Trojan.Agent/Gen-Alient
C:\PROGRAM FILES\SATSUKI DECODER PACK\CPL\SDPCPL.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\START MENU\PROGRAMS\SATSUKI DECODER PACK\CONFIGURATION.LNK

What do you think? Painful, eh?

As always, thanks for all your help!

#8 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 15 June 2011 - 09:23 PM

Well just ran Super again...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/15/2011 at 08:07 PM

Application Version : 4.54.1000

Core Rules Database Version : 7273
Trace Rules Database Version: 5085

Scan type : Complete Scan
Total Scan Time : 00:23:23

Memory items scanned : 295
Memory threats detected : 0
Registry items scanned : 6110
Registry threats detected : 0
File items scanned : 15670
File threats detected : 4

Adware.Tracking Cookie
.synacorqwest.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pvysjy3u.default\cookies.sqlite ]

Trojan.Agent/Gen-Alient
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37AC527-D73F-4DCA-A40E-C60B18818C28}\RP344\A0068899.EXE

_________________________________________________

Now it looks like I got something adding restore points. Will this software be able to delete only the bad one?

WoW

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,918 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 PM

Posted 16 June 2011 - 06:06 AM

The detected _restore{GUID}\RP***\A00*****.xxx file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. The *** after 'RP' represents a sequential number automatically assigned by the operating system. The ***** after 'A00' also represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:System Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before changes are made. These restore points can be used to "roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. See What's Restored when using System Restore and What's Not.

System Restore is enabled by default and will back up the good as well as malevolent files, so when malware is present on the system it gets included in restore points as an A00***** file. If you only get a detection on a file in the SVI folder, that means the original file was on your system in another location at some point and probably has been removed. However, when you scan your system with anti-virus or anti-malware tools, you may receive an alert that a malicious file was detected in the SVI folder (in System Restore points) and moved into quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat. Thereafter, you can delete it at any time.

If your anti-virus or anti-malware tool cannot move the files to quarantine, they sometimes can reinfect your system if you accidentally use an old restore point. If your anti-virus or anti-malware tool was able to move (quarantine) the file(s) it is no longer a threat. When an anti-virus or security program quarantines a file and moves it into a virus vault (chest) or a dedicated Quarantine folder, that file is safely held there and no longer a threat. The file is essentially disabled and prevented from causing any harm to your system through security routines which may copy, rename, encrypt and password protect the file the file before moving. Quarantine is just an added safety measure which allows you to view and investigate the files while keeping them from harming your computer. When the quarantined file is known to be malicious, you can delete it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete.

In order to ensure all such files are removed, the easiest thing to do after disinfection is Create a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but the most recent restore point. Vista and Windows 7 users can refer to these links:However, before doing try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 16 June 2011 - 09:41 AM

Well, threats were found...

C:\Documents and Settings\Administrator\Local Settings\Temp\rnaoxswmce.tmp a variant of Win32/Cimag.HJ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\wxaonrmsce.tmp Win32/Adware.LoudMo.D application deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Utilities\freeripmp3.exe multiple threats deleted - quarantined
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\OldCdrive\motec\make\mi_1-31-0001en\DISK4\MoTeC_Convert.ex_ probably a variant of Win32/Agent.GZVVBPU trojan cleaned by deleting - quarantined
C:\Program Files\MoTeC\Interpreter\MoTeC_Convert.exe probably a variant of Win32/Agent.LBQPDIZ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37AC527-D73F-4DCA-A40E-C60B18818C28}\RP343\A0068390.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37AC527-D73F-4DCA-A40E-C60B18818C28}\RP344\A0068898.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37AC527-D73F-4DCA-A40E-C60B18818C28}\RP346\A0070168.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37AC527-D73F-4DCA-A40E-C60B18818C28}\RP346\A0070169.exe probably a variant of Win32/Agent.LBQPDIZ trojan cleaned by deleting - quarantined
C:\ToyBox\motec\make\mi_1-31-0001en\DISK4\MoTeC_Convert.ex_ probably a variant of Win32/Agent.GZVVBPU trojan cleaned by deleting - quarantined
C:\WINDOWS\kbdcia.dll a variant of Win32/Cimag.HJ trojan cleaned by deleting - quarantined

Why me?!? he he.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,918 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 PM

Posted 16 June 2011 - 09:46 AM

How is your computer running now? Are there any more signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 16 June 2011 - 11:16 AM

'Puter's been running fine.

Ran eset again after reboot and got this:

C:\System Volume Information\_restore{B37AC527-D73F-4DCA-A40E-C60B18818C28}\RP346\A0070171.dll a variant of Win32/Cimag.HJ trojan cleaned by deleting - quarantined

So it seems I'm still getting restore points created. Shall I remove all old restore points after creating a new one?

I will be out of town until Sunday, so I will perform any additional steps then.

Thanks as always!

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,918 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 PM

Posted 16 June 2011 - 11:56 AM

Shall I remove all old restore points after creating a new one?

Yes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 22 June 2011 - 08:24 AM

Well, I am back and ran super spy and eset again, and all is clean! Also, made a new restore point and deleted the rest.
However, things are not quite the same. I finally got to relax, and actually use the computer, to do some online racing with my buds. BUT, now, I am unable to host/ fun a server; in other words my port forwarding does not work! I looked at all the settings on the router (has a password), and all are perfect. I ran port forwarding tests woth PFportchecker, and they are not working. Firewall is off. It all worked fine a week ago before all this happened.

BTW, I have removed eset and super spyware.

Any ideas?

Thanks, as always!

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,918 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 PM

Posted 22 June 2011 - 10:38 AM

No that's not my area so I would only be guessing.

You may want to start a new topic in the Hardware or Networking sub-forum for suggestions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users