Rootkit/Redirect virus .. Help. :(!

dordorkins · March 6, 2013

It's running a little bit better, anything else I can do to lower CPU usage?? ??

And how am I for sure I don't have viruses?

Because honestly, my CPU usage is spiking from 40% to like 90-100%..

I'm only running skype, firefox, task manager, files/folders, and adwcleaner.

What do I do? Can I close Adwcleaner or do I hit delete?

# AdwCleaner v2.114 - Logfile created 03/05/2013 at 20:51:39

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : DorothyN - DOROTHYN-PC

# Boot Mode : Normal

# Running from : C:\Users\DorothyN\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\Users\DorothyN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

Folder Found : C:\Users\DorothyN\Documents\Speedbit

***** [Registry] *****

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\SpeedBit

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\SpeedBit

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\DorothyN\AppData\Roaming\Mozilla\Firefox\Profiles\zk5tri7a.default\prefs.js

[OK] File is clean.

File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bncvsdw8.default\prefs.js

[OK] File is clean.

File : C:\Users\lolz\AppData\Roaming\Mozilla\Firefox\Profiles\4kyizjfl.default\prefs.js

[OK] File is clean.

File : C:\Users\swagger\AppData\Roaming\Mozilla\Firefox\Profiles\hxud39iz.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\DorothyN\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.25] : keyword = "searchab.com",

Found [l.28] : search_url = "hxxp://searchab.com/?aff=7&uid=1a6552db-4b0a-11e2-8c0d-002564dd67c8&q={searchTerms}",

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [unable to get version]

File : C:\Users\DorothyN\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [38231 octets] - [20/02/2013 16:30:37]

AdwCleaner[R2].txt - [2295 octets] - [05/03/2013 20:51:39]

AdwCleaner[s1].txt - [38230 octets] - [20/02/2013 16:41:15]

########## EOF - C:\AdwCleaner[R2].txt - [2416 octets] ##########

MrCharlie · March 6, 2013

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

Please re-run AdwCleaner
Click on Delete button.
Confirm each time with OK if asked.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

----------------------------------------

Then,,,,,,,,,,,,,

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

dordorkins · March 6, 2013

# AdwCleaner v2.114 - Logfile created 03/05/2013 at 21:16:37

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : DorothyN - DOROTHYN-PC

# Boot Mode : Normal

# Running from : C:\Users\DorothyN\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\DorothyN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

Folder Deleted : C:\Users\DorothyN\Documents\Speedbit

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\SpeedBit

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\SpeedBit

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\DorothyN\AppData\Roaming\Mozilla\Firefox\Profiles\zk5tri7a.default\prefs.js

[OK] File is clean.

File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bncvsdw8.default\prefs.js

[OK] File is clean.

File : C:\Users\lolz\AppData\Roaming\Mozilla\Firefox\Profiles\4kyizjfl.default\prefs.js

[OK] File is clean.

File : C:\Users\swagger\AppData\Roaming\Mozilla\Firefox\Profiles\hxud39iz.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\DorothyN\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.25] : keyword = "searchab.com",

Deleted [l.28] : search_url = "hxxp://searchab.com/?aff=7&uid=1a6552db-4b0a-11e2-8c0d-002564dd67c8&q={searchTe[...]

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [unable to get version]

File : C:\Users\DorothyN\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [38231 octets] - [20/02/2013 16:30:37]

AdwCleaner[R2].txt - [2485 octets] - [05/03/2013 20:51:39]

AdwCleaner[s1].txt - [38230 octets] - [20/02/2013 16:41:15]

AdwCleaner[s2].txt - [2443 octets] - [05/03/2013 21:16:37]

########## EOF - C:\AdwCleaner[s2].txt - [2503 octets] ##########

_______________________

malware bytes keeps freezing and not responding...

what do i do!

MrCharlie · March 6, 2013

Please delete your copy of RogueKiller and download and run a fresh one...post the log.

MrC

dordorkins · March 6, 2013

RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : DorothyN [Admin rights]

Mode : Scan -- Date : 03/06/2013 15:52:42

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++

--- User ---

[MBR] b6a50cad35c21f5d88752030e4c2267a

[bSP] 2f8722f9a86f009208ae8241a82a3fe9 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[7]_S_03062013_02d1552.txt >>

RKreport[1]_S_03022013_02d0956.txt ; RKreport[2]_D_03022013_02d1012.txt ; RKreport[3]_S_03032013_02d0745.txt ; RKreport[4]_S_03032013_02d0748.txt ; RKreport[5]_S_03032013_02d1402.txt ;

RKreport[6]_S_03042013_02d0524.txt ; RKreport[7]_S_03062013_02d1552.txt

MrCharlie · March 6, 2013

Please delete your copy of TDSSKiller, download a fresh one, reboot into safe mode and run it:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
If in doubt about an entry....please ask or choose Skip
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

MrC

dordorkins · March 7, 2013

There are 3 logs...?

TDSSKiller.2.8.16.0_06.03.2013_17.58.03_log.txt

TDSSKiller.2.8.16.0_06.03.2013_18.00.59_log.txt

TDSSKiller.2.8.16.0_06.03.2013_18.04.08_log.txt

MrCharlie · March 7, 2013

That's better than last time!

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

18:07:37.0772 1396 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:07:37.0772 1396 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

--------------------------------

Then delete your copy of ComboFix and download and run a fresh one as before.

MrC

dordorkins · March 7, 2013

Ok.

Here's combo fix log incase you need it

Also I keep getting an ABBYSCREENSHOTREADER error?

http://puu.sh/2dkXC

http://puu.sh/2dkXY

http://puu.sh/2dkYm

It's like a different one each time.

combofixlawgy.txt

MrCharlie · March 7, 2013

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

-----------------------------------------

If Malwarebytes doesn't run.........

Download, Update and Run SUPERAntiSpyware Portable Scanner:

http://www.superanti...ag=SAS_HOMEPAGE

Post any log created.

Please let me know how computer is running now, MrC

dordorkins · March 7, 2013

never going to share my computer again !!

log below~

__________________________

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 03/06/2013 at 09:52 PM

Application Version : 5.6.1014

Core Rules Database Version : 10096

Trace Rules Database Version: 7908

Scan type : Quick Scan

Total Scan Time : 01:47:06

Operating System Information

Windows 7 Home Premium 64-bit (Build 6.01.7600)

UAC On - Limited User

Memory items scanned : 566

Memory threats detected : 0

Registry items scanned : 60963

Registry threats detected : 0

File items scanned : 16433

File threats detected : 249

PUP.Whitesmoke

C:\Program Files (x86)\WHITESMOKE

Adware.Tracking Cookie

C:\Users\DorothyN\Cookies\2EV7NJI7.txt [ /specificclick.net ]

C:\Users\DorothyN\Cookies\6N91JGJ2.txt [ /media6degrees.com ]

C:\Users\DorothyN\Cookies\4UJWV57J.txt [ /revsci.net ]

C:\Users\DorothyN\Cookies\QU3Y00G9.txt [ /zedo.com ]

C:\Users\DorothyN\Cookies\PQFH5AH7.txt [ /fastclick.net ]

C:\Users\DorothyN\Cookies\LH5WUVOA.txt [ /apmebf.com ]

C:\Users\DorothyN\Cookies\EKT5PVCO.txt [ /c.atdmt.com ]

C:\Users\DorothyN\Cookies\P6H1N7PM.txt [ /ru4.com ]

C:\Users\DorothyN\Cookies\BMSD4MC5.txt [ /network.realmedia.com ]

C:\Users\DorothyN\Cookies\F97R2KZW.txt [ /realmedia.com ]

C:\Users\DorothyN\Cookies\3ERJWTSY.txt [ /tribalfusion.com ]

C:\Users\DorothyN\Cookies\WRPGVMK8.txt [ /ad.yieldmanager.com ]

C:\Users\DorothyN\Cookies\dorothyn@a1.interclick[3].txt [ /a1.interclick.com ]

C:\Users\DorothyN\Cookies\6X8CPER3.txt [ /invitemedia.com ]

C:\Users\DorothyN\Cookies\49LBPIDN.txt [ /mediaplex.com ]

C:\Users\DorothyN\Cookies\6ODKL9LR.txt [ /adtechus.com ]

C:\Users\DorothyN\Cookies\38ZU3NCG.txt [ /www.burstnet.com ]

C:\Users\DorothyN\Cookies\S9V3HCRY.txt [ /imrworldwide.com ]

C:\Users\DorothyN\Cookies\6K7NZT09.txt [ /doubleclick.net ]

C:\Users\DorothyN\Cookies\O5U81S8A.txt [ /at.atwola.com ]

C:\Users\DorothyN\Cookies\VKD43DM4.txt [ /casalemedia.com ]

C:\Users\DorothyN\Cookies\DJ9AV9R4.txt [ /burstnet.com ]

C:\Users\DorothyN\Cookies\dorothyn@interclick[3].txt [ /interclick.com ]

C:\Users\DorothyN\Cookies\XIMU4NKZ.txt [ /atdmt.com ]

C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\admin@casalemedia[1].txt [ Cookie:admin@casalemedia.com/ ]

C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\admin@adbrite[2].txt [ Cookie:admin@adbrite.com/ ]

C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\admin@doubleclick[1].txt [ Cookie:admin@doubleclick.net/ ]

C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\admin@at.atwola[2].txt [ Cookie:admin@at.atwola.com/ ]

C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\admin@collective-media[2].txt [ Cookie:admin@collective-media.net/ ]

C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\admin@mediaplex[2].txt [ Cookie:admin@mediaplex.com/ ]

C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\admin@c.atdmt[2].txt [ Cookie:admin@c.atdmt.com/ ]

C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\admin@apmebf[1].txt [ Cookie:admin@apmebf.com/ ]

C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\admin@burstnet[1].txt [ Cookie:admin@burstnet.com/ ]

C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\admin@tacoda.at.atwola[2].txt [ Cookie:admin@tacoda.at.atwola.com/ ]

C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt [ Cookie:admin@doubleclick.net/ ]

C:\USERS\ADMIN\Cookies\admin@casalemedia[1].txt [ Cookie:admin@casalemedia.com/ ]

C:\USERS\ADMIN\Cookies\admin@adbrite[2].txt [ Cookie:admin@adbrite.com/ ]

C:\USERS\ADMIN\Cookies\admin@doubleclick[1].txt [ Cookie:admin@doubleclick.net/ ]

C:\USERS\ADMIN\Cookies\admin@at.atwola[2].txt [ Cookie:admin@at.atwola.com/ ]

C:\USERS\ADMIN\Cookies\admin@collective-media[2].txt [ Cookie:admin@collective-media.net/ ]

C:\USERS\ADMIN\Cookies\admin@mediaplex[2].txt [ Cookie:admin@mediaplex.com/ ]

C:\USERS\ADMIN\Cookies\admin@c.atdmt[2].txt [ Cookie:admin@c.atdmt.com/ ]

C:\USERS\ADMIN\Cookies\admin@apmebf[1].txt [ Cookie:admin@apmebf.com/ ]

C:\USERS\ADMIN\Cookies\admin@burstnet[1].txt [ Cookie:admin@burstnet.com/ ]

C:\USERS\ADMIN\Cookies\admin@tacoda.at.atwola[2].txt [ Cookie:admin@tacoda.at.atwola.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\2EV7NJI7.txt [ Cookie:dorothyn@specificclick.net/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\4UJWV57J.txt [ Cookie:dorothyn@revsci.net/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\PQFH5AH7.txt [ Cookie:dorothyn@fastclick.net/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\LH5WUVOA.txt [ Cookie:dorothyn@apmebf.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\EKT5PVCO.txt [ Cookie:dorothyn@c.atdmt.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\P6H1N7PM.txt [ Cookie:dorothyn@ru4.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\BMSD4MC5.txt [ Cookie:dorothyn@network.realmedia.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\F97R2KZW.txt [ Cookie:dorothyn@realmedia.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\3ERJWTSY.txt [ Cookie:dorothyn@tribalfusion.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\WRPGVMK8.txt [ Cookie:dorothyn@ad.yieldmanager.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\6X8CPER3.txt [ Cookie:dorothyn@invitemedia.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\49LBPIDN.txt [ Cookie:dorothyn@mediaplex.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\6ODKL9LR.txt [ Cookie:dorothyn@adtechus.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\O5U81S8A.txt [ Cookie:dorothyn@at.atwola.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\VKD43DM4.txt [ Cookie:dorothyn@casalemedia.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\DJ9AV9R4.txt [ Cookie:dorothyn@burstnet.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\dorothyn@interclick[3].txt [ Cookie:dorothyn@interclick.com/ ]

C:\USERS\DOROTHYN\AppData\Roaming\Microsoft\Windows\Cookies\XIMU4NKZ.txt [ Cookie:dorothyn@atdmt.com/ ]

.imrworldwide.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.mediaplex.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.histats.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.legolas-media.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.solvemedia.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.liveperson.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

insight.torbit.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.dmtracker.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.adtech.de [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.xiti.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.solvemedia.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.mediaplex.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

www.pornhub.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.mediaplex.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.estat.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

www.scarleteen.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.mediafire.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.s.clickability.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

media.graytvinc.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.mediaplex.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.usnews.122.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

in.getclicky.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.commonsensemedia.org [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

www.commonsensemedia.org [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.mediafetcher.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.prnewswire.122.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.liveperson.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.premiumtv.122.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

articles.timesofindia.indiatimes.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.articles.timesofindia.indiatimes.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

articles.timesofindia.indiatimes.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

wstat.wibiya.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.pornhub.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.e-2dj6aeliupczkdo.stats.esomniture.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.microsoftwlsearchcrm.112.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.accounts.google.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

edu-stats.org [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.mtvn.112.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.solvemedia.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

bridge.sf.admarketplace.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.admarketplace.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.legolas-media.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

www.scarleteen.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.scarleteen.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

stats-newyork1.bloxcms.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.cmp.112.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.cbsdigitalmedia.112.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.findplex.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.limaconsulting.112.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

media.gunaxin.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.media.gunaxin.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.mediafire.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.doubleclick.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

uk.sitestat.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.mswmwpapolloprod.122.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.soundclick.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.atlanticmedia.122.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.s.clickability.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.bizrate.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.liveperson.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

statse.webtrendslive.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.c1.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

accounts.youtube.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

accounts.google.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.h.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.h.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.steelhousemedia.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.kaspersky.122.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.collective-media.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.media6degrees.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.microsoftsto.112.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.levelwing.112.2o7.net [ C:\USERS\DOROTHYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZK5TRI7A.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.media6degrees.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.doubleclick.net [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.casalemedia.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

insight.torbit.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.burstnet.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ru4.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.www.burstnet.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.technoratimedia.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.media6degrees.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

www.burstnet.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.h.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.h.atdmt.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.soundclick.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.advertising.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.casalemedia.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\DOROTHYN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-Kazy

C:\USERS\DOROTHYN\DESKTOP\YYYYYYY\LUIG_S RF INJECTOR.EXE

MrCharlie · March 7, 2013

Most of those are cookies......

How's the computer running???

Malwarebytes still freezing??

MrC

dordorkins · March 7, 2013

Yes Malwarebytes still freezes.

Do I remove those or no???

MrCharlie · March 7, 2013

Yes remove everything SAS found.

MrC

MrCharlie · March 7, 2013

Next you can try and reinstall Malwarebytes and see if that helps:

If you have the pro version of MB....make sure you have your license key

Go to your control panels add/remove programs and uninstall MalwareBytes Anti-Malware > reboot

Download and run this cleaner:

mbam-clean.exe

Reboot <---very important

Now download and see if you can install the latest version of MB from here: (disable any malware/anti-virus programs running first)

http://fileforum.bet...re/1186760019/1

Let me know, MrC (be back in the AM)

dordorkins · March 7, 2013

Alright. I'll do it later aswell. Thank you!

dordorkins · March 7, 2013

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.07.14

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

DorothyN :: DOROTHYN-PC [administrator]

3/7/2013 3:30:00 PM

MBAM-log-2013-03-07 (15-44-27).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 458368

Time elapsed: 13 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\DorothyN\Downloads\Setup(5).exe (PUP.IBryte) -> No action taken.

(end)

________________________________

thats the quickscan

MrCharlie · March 7, 2013

C:\Users\DorothyN\Downloads\Setup(5).exe (PUP.IBryte) -> No action taken.

For that item to be deleted you have to do this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Now do another quick scan.

MrC

dordorkins · March 8, 2013

Done.

What now?

MrCharlie · March 8, 2013

How is it??? MrC

dordorkins · March 8, 2013

Alot better!

I have another question..

I right click on Malware Bytes Anti Malware, I click properties..

then I click the SECURITY tab..

All I see are

" Account Unknown "

Then my main account and some other ones..? Should I worry about that?

http://puu.sh/2dWG8

http://puu.sh/2dWGi

http://puu.sh/2dWGt

there's more but I don't want to screenshot.

And I have 66 processes running and my CPU usage is 33%

Is that fine?

MrCharlie · March 8, 2013

I have another question..
I right click on Malware Bytes Anti Malware, I click properties..
then I click the SECURITY tab..

I run XP so I can't check what mine says.

-----------------------------------

Please do this:

Download HiJackThis to a folder:

http://www.trendmicr.../HijackThis.exe

Run HJT.exe

Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Save the log to a convenient location.

Copy and paste it into your post.

MrC

dordorkins · March 8, 2013

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:10:15 PM, on 3/8/2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16464)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe

C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe

C:\Program Files (x86)\puush\puush.exe

C:\Program Files (x86)\Clownfish\Clownfish.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Users\DorothyN\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\DorothyN\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files (x86)\Lexmark Printable Web\bho.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [lxduamon] "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduamon.exe"

O4 - HKLM\..\Run: [Lexmark 5600-6600 Series] "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\fm3032.exe" /s

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FBDownloader - {B5FC24D2-2DB1-4603-88BD-6E2E551138F7} - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

O16 - DPF: {BD68328E-1222-4A62-BA16-E6F42CA49A64} (WMInstallMgr Control) - http://gf.wemade.com/comsso/active/WMInstallMgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe

O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12283 bytes

MrCharlie · March 9, 2013

Run HJT again and.......

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

Click on Fix Checked when finished and exit HijackThis.

----------------------------

You would benefit if download and install StartUpLite:

http://www.malwareby...ts/startuplite/

Disable any items listed if you don't need them running all the time.

I also see you have SUPERAntiSpyware running:

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Unless this is the paid version of SAS you don't need it running all the time.

If you open up SAS and look over the settings, you'll find a box to uncheck so it won't start with Windows.

Let me know.....MrC

dordorkins · March 9, 2013

I have no unnecessary start ups according to StartUpLite.

http://puu.sh/2eNTq

Is my computer ok?

Rootkit/Redirect virus .. Help. :(!

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information