John G Jr Posted November 21, 2008 ID:35904 Share Posted November 21, 2008 Hello,I'm attempting to recover from the effects of AntiVirusXP 2008 that infested my laptop about a week ago. Here's the link to my original thread here at malwarebytes so you have some background on what's been covered so far:http://www.malwarebytes.org/forums/index.p...amp;#entry35747Now here's the latest update to what is documented there:I was finally able to run the SpyBot update. Then I ran a scan. It found seven infections. It then removed all but one... WildTangent... 2 Pups... directories Windows\WT and Windows\WT\UpdatesWhen I try to remove those, I get a message that says that it can't fix them because they're in use in memory, and tells me that it could be fixed after a restart. I've been through the restart cycle three times, and the boot-up scan three times, and it keeps telling me the same thing, so I guess it can't remove this at this point?Should I battle this one some more? Or should I let it go and proceed with another MBAM quick scan, per the "Pre- HJT Post Instructions"?John Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 21, 2008 Root Admin ID:35934 Share Posted November 21, 2008 Hi John,Wild Tangent could be a game installer as well. If you look in your Control Panel, Add/Remove you may find it listed there. If so then it may be the one placed there by PC MFG like HP/Compaq for games. You can click on remove and then check off all the games listed and say yes to uninstall. These are basically teaser games is what I'd call them. You can play them some but if you want the FULL game you have to pay. So it might not really be Malware but we'd need some logs to see.Please proceed with the rest. Start MBAM and go to the UPDATE tab and update the program, do a Quick Scan and fix anything found and restart your computer.After the restart run HJT Scan save log. Post back the MBAM log and then the HJT log please.Thanks Link to post Share on other sites More sharing options...
John G Jr Posted November 21, 2008 Author ID:35938 Share Posted November 21, 2008 No Wild Tangent in the "Add/Remove Programs". But I'll proceed with the MBAM scan now. Thanks. Link to post Share on other sites More sharing options...
John G Jr Posted November 21, 2008 Author ID:35941 Share Posted November 21, 2008 While scanning, I occasionally get this error message that Windows is unable to write to C:\$Mft and it may be the result of a hardware or network failure. Is this normal?John Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 21, 2008 Root Admin ID:35965 Share Posted November 21, 2008 No that is NOT normal and is an indication of a hard drive problem. Could be just corrupted data or could be something else.You may have corrupted files on your disk. If this is Windows XP please try running the following.First close ALL Applications as this routine will automatically restart your computer.Click on START - RUN and copy / paste the following entry into the box and click OKCMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30Then see if you're still getting this error. Link to post Share on other sites More sharing options...
John G Jr Posted November 22, 2008 Author ID:35989 Share Posted November 22, 2008 I ran the command, but I'm still getting the Write error. Link to post Share on other sites More sharing options...
John G Jr Posted November 22, 2008 Author ID:36018 Share Posted November 22, 2008 Well, instead of just rebooting, I physically turned the laptop off, and turned it back on again. I was able to run MBAM and did not get any write errors. So I have my fingers crossed that this problem is gone. Here's the MBAM log. I'll do a Panda scan next.----------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.30Database version: 1412Windows 5.1.2600 Service Pack 311/22/2008 12:06:37 AMmbam-log-2008-11-22 (00-06-37).txtScan type: Quick ScanObjects scanned: 102373Time elapsed: 41 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\drivers\fzkkwy.sys (Trojan.Downloader) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
John G Jr Posted November 23, 2008 Author ID:36136 Share Posted November 23, 2008 The frustration continues, but I keep working at it. I started a Panda scan at 10am yesterday. When I went to bed at 2am this morning, it was still running. When I got up this morning, it had completed, and I saved the log. However, my internet connection got hosed up somehow, and was unable to perform the registration to run the free cleanup. Ugh. So I just got my connection re-established and started the scan again.Anyway... here's the log from that scan:;***********************************************************************************************************************************************************************************ANALYSIS: 2008-11-23 09:46:03PROTECTIONS: 2MALWARE: 67SUSPECTS: 0;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================McAfee Internet Security Suite 2007 8.1 No YesMcAfee VirusScan Plus 12.1 No No;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent37.zip00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@trafficmp[4].txt00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@trafficmp[2].txt00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@trafficmp[3].txt00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@trafficmp[6].txt00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@trafficmp[1].txt00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@casalemedia[5].txt00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@casalemedia[4].txt00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@casalemedia[3].txt00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@casalemedia[2].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@doubleclick[3].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@doubleclick[1].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@doubleclick[2].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@doubleclick[4].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atdmt[4].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atdmt[6].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atdmt[1].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atdmt[3].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atdmt[2].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atdmt[5].txt00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@247realmedia[3].txt00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@247realmedia[2].txt00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@247realmedia[4].txt00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@fastclick[3].txt00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@fastclick[1].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@tribalfusion[4].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@tribalfusion[2].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@tribalfusion[1].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@tribalfusion[5].txt00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@mediaplex[1].txt00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@mediaplex[3].txt00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@mediaplex[4].txt00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@spylog[1].txt00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\John David\Cookies\john david@entrepreneur[1].txt00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@entrepreneur[2].txt00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@7search[3].txt00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@7search[2].txt00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@clickbank[2].txt00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@clickbank[3].txt00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@clickbank[1].txt00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@tucows[1].txt00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ccbill[2].txt00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ccbill[3].txt00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ccbill[1].txt00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ccbill[5].txt00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@revenue[3].txt00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@revenue[2].txt00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@www.myaffiliateprogram[2].txt00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@com[4].txt00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@com[2].txt00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@com[5].txt00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@com[1].txt00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@yadro[3].txt00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@yadro[1].txt00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@xiti[1].txt00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@hotlog[1].txt00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@gostats[1].txt00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@azjmp[3].txt00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@azjmp[2].txt00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@azjmp[4].txt00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@azjmp[5].txt00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@toplist[2].txt00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@toplist[1].txt00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@statcounter[6].txt00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@statcounter[4].txt00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@statcounter[3].txt00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@statcounter[2].txt00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@statcounter[1].txt00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@statcounter[5].txt00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@counter.hitslink[1].txt00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@perf.overture[2].txt00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@perf.overture[1].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[4].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[5].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[3].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[2].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[1].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@apmebf[1].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@apmebf[5].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@apmebf[2].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@apmebf[3].txt00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@burstnet[2].txt00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@burstnet[1].txt00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@burstnet[3].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@serving-sys[3].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@serving-sys[1].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@serving-sys[4].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@serving-sys[5].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@serving-sys[2].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bs.serving-sys[4].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bs.serving-sys[6].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bs.serving-sys[5].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bs.serving-sys[2].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bs.serving-sys[1].txt00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@www.burstbeacon[1].txt00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@www.burstbeacon[4].txt00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@www.burstbeacon[3].txt00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@adtech[2].txt00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@server.iad.liveperson[2].txt00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@server.iad.liveperson[1].txt00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@stat.onestat[4].txt00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@stat.onestat[3].txt00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@stat.onestat[2].txt00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@stat.onestat[1].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@advertising[3].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@advertising[1].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@advertising[2].txt00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@media.adrevolver[8].txt00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@media.adrevolver[3].txt00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@statse.webtrendslive[1].txt00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@statse.webtrendslive[2].txt00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@statse.webtrendslive[3].txt00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@statse.webtrendslive[5].txt00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ads.pointroll[1].txt00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@overture[3].txt00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@overture[2].txt00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@overture[1].txt00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@realmedia[1].txt00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@realmedia[2].txt00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@www5.addfreestats[1].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@questionmarket[2].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@questionmarket[1].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@questionmarket[3].txt00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@zedo[2].txt00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@zedo[1].txt00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bluestreak[3].txt00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bluestreak[4].txt00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bluestreak[5].txt00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bluestreak[1].txt00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Updates\Installs\Download_Files\vso\mcappcfg.exe00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@adrevolver[3].txt00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@adrevolver[5].txt00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@adrevolver[4].txt00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@adrevolver[2].txt00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bravenet[1].txt00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bravenet[2].txt00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@go[1].txt00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@go[2].txt00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@go[2].txt00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@go[4].txt00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@searchportal.information[1].txt00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@searchportal.information[2].txt00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@searchportal.information[3].txt00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@target[1].txt00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@target[2].txt00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@did-it[2].txt00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@i.screensavers[2].txt00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atwola[3].txt00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atwola[2].txt00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atwola[5].txt00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atwola[6].txt00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atwola[1].txt00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@smartadserver[1].txt00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@smartadserver[2].txt00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@cgi-bin[3].txt00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@cgi-bin[4].txt00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ehg-dig.hitbox[3].txt00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ehg-dig.hitbox[2].txt00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ads.addynamix[1].txt00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ads.addynamix[2].txt00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ads.addynamix[5].txt00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ads.addynamix[4].txt00431587 Application/AntivirusPro2009 HackTools No 0 Yes No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\ZGLZ0Z46\BinariesGUI[1].cab00452946 Application/AntivirusPro2009 HackTools No 0 Yes No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\G4HYI44M\BinariesAdd[1].cab01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@enhance[1].txt01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@enhance[3].txt01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@adserver.easyad[1].txt02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe03477235 Application/SmithFraudFix.A HackTools No 0 Yes No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\8OI5PSYT\SmitfraudFix[1].exe03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP595\A0153446.sys03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP595\A0153452.sys04163314 Adware/UltimateDefender Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\XZI7SHJR\movie1[1].exe;===================================================================================================================================================================================SUSPECTSSent Location E;===================================================================================================================================================================================;===================================================================================================================================================================================VULNERABILITIESId Severity Description E;===================================================================================================================================================================================;=================================================================================================================================================================================== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 24, 2008 Root Admin ID:36310 Share Posted November 24, 2008 Okay the logs mainly only show cookies which are not a real threat and a tool that you downloaded for Malware cleanup, and some entries in your old System Restore (not a threat unless you were to restore them back).Download and install CCleanerCCleaner Double-click on the downloaded file "ccsetup213.exe" and install the application.Keep the default installation folder "C:\Program Files\CCleaner" Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"Click finish when done and close ALL PROGRAMSStart the CCleaner program.Click on Registry and Uncheck Registry Integrity so that it does not runClick on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"Click back to Cleaner and click on the Run Cleaner button on the bottom right side of the program.Click OK to any promptsRESTART the computerThen start MBAM and go to the UPDATE tab and update the program. Then do a Quick Scan and fix anything found.Then restart the computer again and run another HJT scan and save log.Post back the most recent MBAM and HJT logs please. Link to post Share on other sites More sharing options...
John G Jr Posted November 26, 2008 Author ID:36493 Share Posted November 26, 2008 Before running the CCleaner, I rebooted my laptop. CHKDSK automatically ran. I'm not encouraged by what came up on my screen. Do you think my hard drive is failing??? I jotted this stuff down as best as I could as it did its thing...CHKDSK (Stage 1 of 3)Deleted corrupt attribute list entry with type code 128 in file 96247Deleted corrupt attribute list entry with type code 128 in file 96247Deleted corrupt attribute list entry with type code 128 in file 96247Deleting corrupt attribute record (128, Link to post Share on other sites More sharing options...
Raid Posted November 26, 2008 ID:36498 Share Posted November 26, 2008 Hi There.How old is this laptop? And did you do a clean shutdown, or a ... forced reboot?Your CHKDSK log doesn't look too bad, if it was a bad shutdown. Has this happened recently before? Link to post Share on other sites More sharing options...
John G Jr Posted November 26, 2008 Author ID:36501 Share Posted November 26, 2008 Laptop is only 2 or 3 years old. This is the first time I've seen errors reported like this. I had just done a clean shut down with a power off. Then pressed the power button to bring it back up. Link to post Share on other sites More sharing options...
Raid Posted November 26, 2008 ID:36502 Share Posted November 26, 2008 How long have you been getting those failed to write errors?And is this XP pro or XP home? Link to post Share on other sites More sharing options...
John G Jr Posted November 26, 2008 Author ID:36529 Share Posted November 26, 2008 Failed write errors - just that one timeWindows XP Media Center EditionHere are the latest logs from MBAM and HJT after running CCleaner, Panda and MBAM. Things are looking MUCH better.Malwarebytes' Anti-Malware 1.30Database version: 1423Windows 5.1.2600 Service Pack 311/26/2008 8:21:38 AMmbam-log-2008-11-26 (08-21-38).txtScan type: Quick ScanObjects scanned: 82971Time elapsed: 1 hour(s), 37 minute(s), 19 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:35:37 AM, on 11/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Boingo\GoBoingo\GoBoingo.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\TomTom HOME 2\HOMERunner.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\FinePixViewer\QuickDCF.exeC:\Program Files\Autobahn\mlb-nexdef-autobahn.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AIM6\aolsoftware.exec:\PROGRA~1\mcafee\msc\mcuimgr.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\mcafee\msc\mcupdui.exeC:\Program Files\Microsoft Office\Office\WINWORD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.comO15 - Trusted Zone: *.stumbleupon.comO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...&expId=5064O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165540012750O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} (Net6Launcher Class) - https://cag.commsoft.net/net6helper.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cabO16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.2.cabO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = commsoft.net,acegroup.ccO17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = commsoft.net,acegroup.ccO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = commsoft.net,acegroup.ccO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO20 - AppInit_DLLs: karna.datO20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dllO23 - Service: McAfee Application Installer Cleanup (0138501227688199) (0138501227688199mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\013850~1.EXEO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: WLANKEEPER - Intel Link to post Share on other sites More sharing options...
Raid Posted November 27, 2008 ID:36579 Share Posted November 27, 2008 Your logs look much better now..This file still lingers: C:\WINDOWS\SYSTEM32\ASWLNDLL.dllcan you upload a copy here please? Link to post Share on other sites More sharing options...
John G Jr Posted December 1, 2008 Author ID:37209 Share Posted December 1, 2008 Sure,But I get an error message when I try to upload it as an attachment here...Upload failed. You are not permitted to upload this type of file Link to post Share on other sites More sharing options...
Raid Posted December 2, 2008 ID:37323 Share Posted December 2, 2008 Sure,But I get an error message when I try to upload it as an attachment here...Upload failed. You are not permitted to upload this type of fileOops. My bad...uploads.malwarebytes.orgthis is where suspect files should always be sent, unless otherwise specified. How is your computer doing? Link to post Share on other sites More sharing options...
John G Jr Posted December 2, 2008 Author ID:37335 Share Posted December 2, 2008 It's doing MUCH better thanks. You guys rock. I'll try to upload that file in a moment.But first, what do you guys recommend for me to be more thorough in my protection? I use McAfee for virus protection and firewall. I run an Ad-Aware scan once every few weeks for spyware. Yet my PC still managed to get infected. Should I be doing more? Link to post Share on other sites More sharing options...
John G Jr Posted December 2, 2008 Author ID:37337 Share Posted December 2, 2008 OK - I uploaded ASWLNDLL.dll succesfully. Link to post Share on other sites More sharing options...
Raid Posted December 2, 2008 ID:37338 Share Posted December 2, 2008 It's doing MUCH better thanks. You guys rock. I'll try to upload that file in a moment.But first, what do you guys recommend for me to be more thorough in my protection? I use McAfee for virus protection and firewall. I run an Ad-Aware scan once every few weeks for spyware. Yet my PC still managed to get infected. Should I be doing more?Don't use IE to surf, just for windows updates. Take advantage of firefox with noscript and adblock plus. On certain websites, you'll have to configure them so everything comes up properly. But, alas, you should only do that for sites you trust.Keep java uptodate, keep mcafee updated at all times, if you wish to use it. There are better scanners, imho. Avast, Avira, AVG... Any of those is better than Mcafee. Link to post Share on other sites More sharing options...
Recommended Posts