Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: Total Security  (Read 6220 times)

0 Members and 1 Guest are viewing this topic.

That Girl

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Windows Vista
    Re: Total Security
    « Reply #15 on: August 31, 2009, 02:57:47 AM »
    Here's the mbam log:


    Malwarebytes' Anti-Malware 1.40
    Database version: 2713
    Windows 6.0.6002 Service Pack 2

    8/31/2009 4:50:50 AM
    mbam-log-2009-08-31 (04-50-50).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 256011
    Time elapsed: 2 hour(s), 40 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 18
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 11

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\ProgramData\Microsoft\Windows\Start Menu\TSC (Rogue.Total.Security) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\TSC\tsc.exe (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
    C:\Windows\System32\1251214205.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Computer Scan.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Help.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Registration.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Security Center.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Settings.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Total Security.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\TSC\Update.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
    C:\Users\Pinard\Desktop\Total Security.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
    C:\Users\Pinard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TSC.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
    Logged

    That Girl

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Windows Vista
      Re: Total Security
      « Reply #16 on: August 31, 2009, 03:03:26 AM »
      And here is the hjt log. I did this after the mbam log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 5:01:55 AM, on 8/31/2009
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v8.00 (8.00.6001.18813)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\AVG\AVG8\avgtray.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      O1 - Hosts: ::1 localhost
      O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [0207671222653068mcinstcleanup] C:\Users\Pinard\AppData\Local\Temp\020767~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - Global Startup: Bluetooth.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O13 - Gopher Prefix:
      O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
      O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
      O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - AppInit_DLLs: avgrsstx.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
      O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

      --
      End of file - 8103 bytes
      Logged

      Karnac



        Specialist

        Thanked: 211
        Re: Total Security
        « Reply #17 on: August 31, 2009, 06:22:45 AM »
        How is your computer running?
        Logged


        Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

        That Girl

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Windows Vista
          Re: Total Security
          « Reply #18 on: August 31, 2009, 09:02:30 AM »
          Karnac,

          Seems to be runnibg good.
          I have the SAS log. It found a bunch of cookiess. The mbam seems to have gotten rid of that trojan.TDSS as well as Total Security.
          Should I run mbam again to make sure? AVG didn't catch that. That worries me. Here's the log:
          SUPERAntiSpyware Scan Log
          http://www.superantispyware.com

          Generated 08/31/2009 at 10:46 AM

          Application Version : 4.27.1002

          Core Rules Database Version : 4077
          Trace Rules Database Version: 2017

          Scan type       : Custom Scan
          Total Scan Time : 05:39:14

          Memory items scanned      : 695
          Memory threats detected   : 0
          Registry items scanned    : 6447
          Registry threats detected : 0
          File items scanned        : 634584
          File threats detected     : 177

          Adware.Tracking Cookie
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@advertising[1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@advertising[3].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@apmebf[1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@atwola[1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@atwola[2].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@chitika[2].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@doubleclick[1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@insightexpressai[1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@tacoda[1].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@tacoda[2].txt
             C:\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@xiti[1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@advertising[1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@advertising[3].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@apmebf[1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@atwola[1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@atwola[2].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@chitika[2].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@doubleclick[1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@insightexpressai[1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@tacoda[1].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@tacoda[2].txt
             C:\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@xiti[1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\pinard@advertising[1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\pinard@advertising[3].txt
             C:\Documents and Settings\Pinard\Cookies\Low\pinard@apmebf[1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt
             C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\pinard@atwola[1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\pinard@atwola[2].txt
             C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\pinard@chitika[2].txt
             C:\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\pinard@doubleclick[1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt
             C:\Documents and Settings\Pinard\Cookies\Low\pinard@insightexpressai[1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\pinard@tacoda[1].txt
             C:\Documents and Settings\Pinard\Cookies\Low\pinard@tacoda[2].txt
             C:\Documents and Settings\Pinard\Cookies\Low\pinard@xiti[1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@advertising[1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@advertising[3].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@apmebf[1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@atwola[1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@atwola[2].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@chitika[2].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@doubleclick[1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@insightexpressai[1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@tacoda[1].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@tacoda[2].txt
             C:\Users\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@xiti[1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@advertising[1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@advertising[3].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@apmebf[1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@atwola[1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@atwola[2].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@chitika[2].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@doubleclick[1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@insightexpressai[1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@tacoda[1].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@tacoda[2].txt
             C:\Users\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@xiti[1].txt
             C:\Users\Pinard\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Cookies\Low\pinard@advertising[1].txt
             C:\Users\Pinard\Cookies\Low\pinard@advertising[3].txt
             C:\Users\Pinard\Cookies\Low\pinard@apmebf[1].txt
             C:\Users\Pinard\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Cookies\Low\[email protected][2].txt
             C:\Users\Pinard\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Cookies\Low\pinard@atwola[1].txt
             C:\Users\Pinard\Cookies\Low\pinard@atwola[2].txt
             C:\Users\Pinard\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Cookies\Low\pinard@chitika[2].txt
             C:\Users\Pinard\Cookies\Low\[email protected][1].txt
             C:\Users\Pinard\Cookies\Low\pinard@doubleclick[1].txt
             C:\Users\Pinard\Cookies\Low\[email protected][2].txt
             C:\Users\Pinard\Cookies\Low\pinard@insightexpressai[1].txt
             C:\Users\Pinard\Cookies\Low\pinard@tacoda[1].txt
             C:\Users\Pinard\Cookies\Low\pinard@tacoda[2].txt
             C:\Users\Pinard\Cookies\Low\pinard@xiti[1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@advertising[1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@advertising[2].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@apmebf[1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@atwola[1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@atwola[3].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@chitika[2].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@collective-media[1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@doubleclick[1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@insightexpressai[1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@tacoda[1].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@tacoda[3].txt
             C:\Windows.old\Documents and Settings\Pinard\AppData\Roaming\Microsoft\Windows\Cookies\Low\pinard@xiti[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@advertising[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@advertising[2].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@apmebf[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@atwola[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@atwola[3].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@chitika[2].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@collective-media[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@doubleclick[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@insightexpressai[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@tacoda[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@tacoda[3].txt
             C:\Windows.old\Documents and Settings\Pinard\Application Data\Microsoft\Windows\Cookies\Low\pinard@xiti[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@advertising[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@advertising[2].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@apmebf[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@atwola[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@atwola[3].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@chitika[2].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@collective-media[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@doubleclick[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\[email protected][2].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@insightexpressai[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@tacoda[1].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@tacoda[3].txt
             C:\Windows.old\Documents and Settings\Pinard\Cookies\Low\pinard@xiti[1].txt
          Logged

          Karnac



            Specialist

            Thanked: 211
            Re: Total Security
            « Reply #19 on: August 31, 2009, 10:34:37 AM »
            Run Mbam again, just to be sure.

            I would consider using Avira AntiVir, it's free, AVG isn't what it used to be.

            Install WOT (Web of Trust).....this will protect you when browsing, so you don't go to websites like Spyzooka.
            I hope you removed that program in Add/Remove programs as well.
            Logged


            Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

            That Girl

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Windows Vista
              Re: Total Security
              « Reply #20 on: August 31, 2009, 11:31:36 AM »
              Yes, I did remove spyzooka. Thanx so very much for your help. I'll let you know what  a new mbam scan says.


              Logged

              That Girl

                Topic Starter


                Rookie

                • Experience: Beginner
                • OS: Windows Vista
                Re: Total Security
                « Reply #21 on: August 31, 2009, 12:20:24 PM »
                Check it out!

                Malwarebytes' Anti-Malware 1.40
                Database version: 2722
                Windows 6.0.6002 Service Pack 2

                8/31/2009 2:16:36 PM
                mbam-log-2009-08-31 (14-16-36).txt

                Scan type: Quick Scan
                Objects scanned: 81640
                Time elapsed: 6 minute(s), 11 second(s)

                Memory Processes Infected: 0
                Memory Modules Infected: 0
                Registry Keys Infected: 0
                Registry Values Infected: 0
                Registry Data Items Infected: 0
                Folders Infected: 0
                Files Infected: 0

                Memory Processes Infected:
                (No malicious items detected)

                Memory Modules Infected:
                (No malicious items detected)

                Registry Keys Infected:
                (No malicious items detected)

                Registry Values Infected:
                (No malicious items detected)

                Registry Data Items Infected:
                (No malicious items detected)

                Folders Infected:
                (No malicious items detected)

                Files Infected:
                (No malicious items detected)

                I'll follow your advice and get Avira.
                Logged

                Karnac



                  Specialist

                  Thanked: 211
                  Re: Total Security
                  « Reply #22 on: August 31, 2009, 12:21:28 PM »
                  Good stuff...
                  Logged


                  Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                    • Genius
                    • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: Total Security
                  « Reply #23 on: August 31, 2009, 05:23:25 PM »
                  It appears that you're not running any Firewall. If that is true, you need to activate the Windows Firewall ASAP. Did you ever have McAfee on that computer? There is still some evidence of it in the log.
                  Logged
                  Windows 8 and Windows 10 dual boot with two SSD's
                  Pages: 1 [2]  All   Go Up
                  « previous next »